From 60b179bda2f104cf592d52885a1937dcced53765 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 12 Oct 2023 10:12:19 +0200 Subject: [PATCH 001/223] Shared: add DeduplicatePathGraph Note that there is a separate PR open with this library --- shared/dataflow/codeql/dataflow/DataFlow.qll | 230 +++++++++++++++++++ 1 file changed, 230 insertions(+) diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index f7a2429ee8ac..d64f9cc4da97 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -697,4 +697,234 @@ module DataFlowMake { } } } + + /** + * Generates a `PathGraph` in which equivalent path nodes are merged, in order to avoid duplicate paths. + */ + module DeduplicatePathGraph Graph> { + // NOTE: there is a known limitation in that this module cannot see which nodes are sources or sinks. + // This only matters in the rare case where a sink PathNode has a non-empty set of succesors, and there is a + // non-sink PathNode with the same `(node, toString)` value and the same successors, but is transitively + // reachable from a different set of PathNodes. (And conversely for sources). + // + pragma[nomagic] + private InputPathNode getAPathNode(Node node, string toString) { + result.getNode() = node and + Graph::nodes(result, _, toString) + } + + private signature predicate collapseCandidateSig(Node node, string toString); + + private signature predicate stepSig(InputPathNode node1, InputPathNode node2); + + private signature predicate subpathStepSig( + InputPathNode arg, InputPathNode param, InputPathNode ret, InputPathNode out + ); + + /** + * Performs a forward or backward pass computing which `(node, toString)` pairs can subsume their corresponding + * path nodes. + * + * This is similar to automaton minimization, but for an NFA. Since minimizing an NFA is NP-hard (and does not have + * a unique minimal NFA), we operate with the simpler model: for a given `(node, toString)` pair, either all + * corresponding path nodes are merged, or none are merged. + * + * Comments are written as if this checks for outgoing edges and propagates backward, though the module is also + * used to perform the opposite direction. + */ + private module MakeDiscriminatorPass< + collapseCandidateSig/2 collapseCandidate, stepSig/2 step, subpathStepSig/4 subpathStep> + { + /** + * Gets the number of `(node, toString)` pairs reachable in one step from `pathNode`. + */ + private int getOutDegreeFromPathNode(InputPathNode pathNode) { + result = count(Node node, string toString | step(pathNode, getAPathNode(node, toString))) + } + + /** + * Gets the number of `(node2, toString2)` pairs reachable in one step from path nodes corresponding to `(node, toString)`. + */ + private int getOutDegreeFromNode(Node node, string toString) { + result = + strictcount(Node node2, string toString2 | + step(getAPathNode(node, toString), getAPathNode(node2, toString2)) + ) + } + + /** + * Like `getOutDegreeFromPathNode` except counts `subpath` tuples. + */ + private int getSubpathOutDegreeFromPathNode(InputPathNode pathNode) { + result = + count(Node n1, string s1, Node n2, string s2, Node n3, string s3 | + subpathStep(pathNode, getAPathNode(n1, s1), getAPathNode(n2, s2), getAPathNode(n3, s3)) + ) + } + + /** + * Like `getOutDegreeFromNode` except counts `subpath` tuples. + */ + private int getSubpathOutDegreeFromNode(Node node, string toString) { + result = + strictcount(Node n1, string s1, Node n2, string s2, Node n3, string s3 | + subpathStep(getAPathNode(node, toString), getAPathNode(n1, s1), getAPathNode(n2, s2), + getAPathNode(n3, s3)) + ) + } + + /** Gets a successor of `node` including subpath flow-through. */ + InputPathNode stepEx(InputPathNode node) { + step(node, result) + or + subpathStep(node, _, _, result) // assuming the input is pruned properly, all subpaths have flow-through + } + + InputPathNode enterSubpathStep(InputPathNode node) { subpathStep(node, result, _, _) } + + InputPathNode exitSubpathStep(InputPathNode node) { subpathStep(_, _, node, result) } + + /** Holds if `(node, toString)` cannot be collapsed (but was a candidate for being collapsed). */ + predicate discriminatedPair(Node node, string toString, boolean hasEnter) { + collapseCandidate(node, toString) and + hasEnter = false and + ( + // Check if all corresponding PathNodes have the same successor sets when projected to `(node, toString)`. + // To do this, we check that each successor set has the same size as the union of the succesor sets. + // - If the successor sets are equal, then they are also equal to their union, and so have the correct size. + // - Conversely, if two successor sets are not equal, one of them must be missing an element that is present + // in the union, but must still be a subset of the union, and thus be strictly smaller than the union. + getOutDegreeFromPathNode(getAPathNode(node, toString)) < + getOutDegreeFromNode(node, toString) + or + // Same as above but counting associated subpath triples instead + getSubpathOutDegreeFromPathNode(getAPathNode(node, toString)) < + getSubpathOutDegreeFromNode(node, toString) + ) + or + collapseCandidate(node, toString) and + ( + // Retain flow state if one of the successors requires it to be retained + discriminatedPathNode(stepEx(getAPathNode(node, toString)), hasEnter) + or + // Enter a subpath + discriminatedPathNode(enterSubpathStep(getAPathNode(node, toString)), _) and + hasEnter = true + or + // Exit a subpath + discriminatedPathNode(exitSubpathStep(getAPathNode(node, toString)), false) and + hasEnter = false + ) + } + + /** Holds if `pathNode` cannot be collapsed. */ + private predicate discriminatedPathNode(InputPathNode pathNode, boolean hasEnter) { + exists(Node node, string toString | + discriminatedPair(node, toString, hasEnter) and + getAPathNode(node, toString) = pathNode + ) + } + + /** Holds if `(node, toString)` cannot be collapsed (but was a candidate for being collapsed). */ + predicate discriminatedPair(Node node, string toString) { + discriminatedPair(node, toString, _) + } + + /** Holds if `pathNode` cannot be collapsed. */ + predicate discriminatedPathNode(InputPathNode pathNode) { discriminatedPathNode(pathNode, _) } + } + + private predicate initialCandidate(Node node, string toString) { + exists(getAPathNode(node, toString)) + } + + private module Pass1 = + MakeDiscriminatorPass; + + private predicate edgesRev(InputPathNode node1, InputPathNode node2) { + Graph::edges(node2, node1) + } + + private predicate subpathsRev( + InputPathNode n1, InputPathNode n2, InputPathNode n3, InputPathNode n4 + ) { + Graph::subpaths(n4, n3, n2, n1) + } + + private module Pass2 = + MakeDiscriminatorPass; + + private newtype TPathNode = + TPreservedPathNode(InputPathNode node) { Pass2::discriminatedPathNode(node) } or + TCollapsedPathNode(Node node, string toString) { + initialCandidate(node, toString) and + not Pass2::discriminatedPair(node, toString) + } + + /** A node in the path graph after equivalent nodes have been collapsed. */ + class PathNode extends TPathNode { + private Node asCollapsedNode() { this = TCollapsedPathNode(result, _) } + + private InputPathNode asPreservedNode() { this = TPreservedPathNode(result) } + + /** Gets a correspondng node in the original graph. */ + InputPathNode getAnOriginalPathNode() { + exists(Node node, string toString | + this = TCollapsedPathNode(node, toString) and + result = getAPathNode(node, toString) + ) + or + result = this.asPreservedNode() + } + + /** Gets a string representation of this node. */ + string toString() { + result = this.asPreservedNode().toString() or this = TCollapsedPathNode(_, result) + } + + /** + * Holds if this element is at the specified location. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `filepath`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ + predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + this.getAnOriginalPathNode() + .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } + + /** Gets the corresponding data-flow node. */ + Node getNode() { + result = this.asCollapsedNode() + or + result = this.asPreservedNode().getNode() + } + } + + /** + * Provides the query predicates needed to include a graph in a path-problem query. + */ + module PathGraph implements PathGraphSig { + query predicate nodes(PathNode node, string key, string val) { + Graph::nodes(node.getAnOriginalPathNode(), key, val) + } + + query predicate edges(PathNode node1, PathNode node2) { + Graph::edges(node1.getAnOriginalPathNode(), node2.getAnOriginalPathNode()) + } + + query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) { + // Note: this may look suspiciously simple, but it's not an oversight. Even if the caller needs to retain state, + // it is entirely possible to step through a subpath in which state has been projected away. + Graph::subpaths(arg.getAnOriginalPathNode(), par.getAnOriginalPathNode(), + ret.getAnOriginalPathNode(), out.getAnOriginalPathNode()) + } + } + + // Re-export the PathGraph so the user can import a single module and get both PathNode and the query predicates + import PathGraph + } } From 51ef0e58365df4cbfcbe0f27956a3dbdef408385 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 09:43:45 +0200 Subject: [PATCH 002/223] JS: Move TNode into a cached module --- .../dataflow/internal/DataFlowNode.qll | 56 +++++++++++-------- 1 file changed, 32 insertions(+), 24 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index 8a688bb573f8..db78cae8f0d5 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -5,31 +5,39 @@ */ private import javascript +cached +private module Cached { + /** + * The raw data type underlying `DataFlow::Node`. + */ + cached + newtype TNode = + TValueNode(AST::ValueNode nd) or + TSsaDefNode(SsaDefinition d) or + TCapturedVariableNode(LocalVariable v) { v.isCaptured() } or + TPropNode(@property p) or + TRestPatternNode(DestructuringPattern dp, Expr rest) { rest = dp.getRest() } or + TElementPatternNode(ArrayPattern ap, Expr p) { p = ap.getElement(_) } or + TElementNode(ArrayExpr arr, Expr e) { e = arr.getAnElement() } or + TReflectiveCallNode(MethodCallExpr ce, string kind) { + ce.getMethodName() = kind and + (kind = "call" or kind = "apply") + } or + TThisNode(StmtContainer f) { f.(Function).getThisBinder() = f or f instanceof TopLevel } or + TDestructuredModuleImportNode(ImportDeclaration decl) { + exists(decl.getASpecifier().getImportedName()) + } or + THtmlAttributeNode(HTML::Attribute attr) or + TFunctionReturnNode(Function f) or + TExceptionalFunctionReturnNode(Function f) or + TExceptionalInvocationReturnNode(InvokeExpr e) or + TGlobalAccessPathRoot() or + TTemplatePlaceholderTag(Templating::TemplatePlaceholderTag tag) or + TReflectiveParametersNode(Function f) or +} + +import Cached /** * The raw data type underlying `DataFlow::Node`. */ -cached -newtype TNode = - TValueNode(AST::ValueNode nd) or - TSsaDefNode(SsaDefinition d) or - TCapturedVariableNode(LocalVariable v) { v.isCaptured() } or - TPropNode(@property p) or - TRestPatternNode(DestructuringPattern dp, Expr rest) { rest = dp.getRest() } or - TElementPatternNode(ArrayPattern ap, Expr p) { p = ap.getElement(_) } or - TElementNode(ArrayExpr arr, Expr e) { e = arr.getAnElement() } or - TReflectiveCallNode(MethodCallExpr ce, string kind) { - ce.getMethodName() = kind and - (kind = "call" or kind = "apply") - } or - TThisNode(StmtContainer f) { f.(Function).getThisBinder() = f or f instanceof TopLevel } or - TDestructuredModuleImportNode(ImportDeclaration decl) { - exists(decl.getASpecifier().getImportedName()) - } or - THtmlAttributeNode(HTML::Attribute attr) or - TFunctionReturnNode(Function f) or - TExceptionalFunctionReturnNode(Function f) or - TExceptionalInvocationReturnNode(InvokeExpr e) or - TGlobalAccessPathRoot() or - TTemplatePlaceholderTag(Templating::TemplatePlaceholderTag tag) or - TReflectiveParametersNode(Function f) From 79e7aae9f6ccbc698e07a12506e64980cd3428c4 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 09:48:09 +0200 Subject: [PATCH 003/223] JS: Add TEarlyStageNode --- javascript/ql/lib/semmle/javascript/AMD.qll | 19 ++- .../ql/lib/semmle/javascript/NodeJS.qll | 60 +++++--- javascript/ql/lib/semmle/javascript/Paths.qll | 23 +-- .../semmle/javascript/dataflow/DataFlow.qll | 142 ++++++++++-------- .../dataflow/internal/DataFlowNode.qll | 29 +++- .../data/internal/ApiGraphModelsSpecific.qll | 8 +- .../javascript/internal/CachedStages.qll | 26 +++- 7 files changed, 202 insertions(+), 105 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/AMD.qll b/javascript/ql/lib/semmle/javascript/AMD.qll index 20b1c26275a7..7bad8eda9e21 100644 --- a/javascript/ql/lib/semmle/javascript/AMD.qll +++ b/javascript/ql/lib/semmle/javascript/AMD.qll @@ -6,6 +6,7 @@ import javascript private import semmle.javascript.internal.CachedStages private import Expressions.ExprHasNoEffect +private import semmle.javascript.dataflow.internal.DataFlowNode /** * Companion module to the `AmdModuleDefinition` class. @@ -78,10 +79,15 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range result instanceof DataFlow::ValueNode } - private DataFlow::Node getFactoryNodeInternal() { - // To avoid recursion, this should not depend on `SourceNode`. - result = DataFlow::valueNode(this.getLastArgument()) or - result = this.getFactoryNodeInternal().getAPredecessor() + /** + * Gets the factory function of this module definition. + */ + Function getFactoryFunction() { TValueNode(result) = this.getFactoryNodeInternal() } + + private EarlyStageNode getFactoryNodeInternal() { + result = TValueNode(this.getLastArgument()) + or + DataFlow::localFlowStep(result, this.getFactoryNodeInternal()) } /** Gets the expression defining this module. */ @@ -132,7 +138,10 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range * Gets the `i`th parameter of the factory function of this module. */ private Parameter getFactoryParameter(int i) { - this.getFactoryNodeInternal().asExpr().(Function).getParameter(i) = result + exists(Function fun | + this.getFactoryNodeInternal() = TValueNode(fun) and + result = fun.getParameter(i) + ) } /** diff --git a/javascript/ql/lib/semmle/javascript/NodeJS.qll b/javascript/ql/lib/semmle/javascript/NodeJS.qll index 221cee084b67..5e12c66bb097 100644 --- a/javascript/ql/lib/semmle/javascript/NodeJS.qll +++ b/javascript/ql/lib/semmle/javascript/NodeJS.qll @@ -4,6 +4,7 @@ import javascript private import NodeModuleResolutionImpl private import semmle.javascript.DynamicPropertyAccess as DynamicPropertyAccess private import semmle.javascript.internal.CachedStages +private import semmle.javascript.dataflow.internal.DataFlowNode /** * A Node.js module. @@ -240,60 +241,69 @@ private class RequireVariable extends Variable { */ private predicate moduleInFile(Module m, File f) { m.getFile() = f } -private predicate isModuleModule(DataFlow::Node nd) { - exists(ImportDeclaration imp | - imp.getImportedPath().getValue() = "module" and - nd = - [ - DataFlow::destructuredModuleImportNode(imp), - DataFlow::valueNode(imp.getASpecifier().(ImportNamespaceSpecifier)) - ] +private predicate isModuleModule(EarlyStageNode nd) { + exists(ImportDeclaration imp | imp.getImportedPath().getValue() = "module" | + nd = TDestructuredModuleImportNode(imp) + or + nd = TValueNode(imp.getASpecifier().(ImportNamespaceSpecifier)) ) or - isModuleModule(nd.getAPredecessor()) + exists(EarlyStageNode other | + isModuleModule(other) and + DataFlow::localFlowStep(other, nd) + ) } -private predicate isCreateRequire(DataFlow::Node nd) { +private predicate isCreateRequire(EarlyStageNode nd) { exists(PropAccess prop | - isModuleModule(prop.getBase().flow()) and + isModuleModule(TValueNode(prop.getBase())) and prop.getPropertyName() = "createRequire" and - nd = prop.flow() + nd = TValueNode(prop) ) or exists(PropertyPattern prop | - isModuleModule(prop.getObjectPattern().flow()) and + isModuleModule(TValueNode(prop.getObjectPattern())) and prop.getName() = "createRequire" and - nd = prop.getValuePattern().flow() + nd = TValueNode(prop.getValuePattern()) ) or exists(ImportDeclaration decl, NamedImportSpecifier spec | decl.getImportedPath().getValue() = "module" and spec = decl.getASpecifier() and spec.getImportedName() = "createRequire" and - nd = spec.flow() + nd = TValueNode(spec) ) or - isCreateRequire(nd.getAPredecessor()) + exists(EarlyStageNode other | + isCreateRequire(other) and + DataFlow::localFlowStep(other, nd) + ) } /** * Holds if `nd` may refer to `require`, either directly or modulo local data flow. */ cached -private predicate isRequire(DataFlow::Node nd) { - nd.asExpr() = any(RequireVariable req).getAnAccess() and - // `mjs` files explicitly disallow `require` - not nd.getFile().getExtension() = "mjs" +private predicate isRequire(EarlyStageNode nd) { + exists(VarAccess access | + access = any(RequireVariable v).getAnAccess() and + nd = TValueNode(access) and + // `mjs` files explicitly disallow `require` + not access.getFile().getExtension() = "mjs" + ) or - isRequire(nd.getAPredecessor()) + exists(EarlyStageNode other | + isRequire(other) and + DataFlow::localFlowStep(other, nd) + ) or // `import { createRequire } from 'module';`. // specialized to ES2015 modules to avoid recursion in the `DataFlow::moduleImport()` predicate and to avoid // negative recursion between `Import.getImportedModuleNode()` and `Import.getImportedModule()`, and // to avoid depending on `SourceNode` as this would make `SourceNode::Range` recursive. exists(CallExpr call | - isCreateRequire(call.getCallee().flow()) and - nd = call.flow() + isCreateRequire(TValueNode(call.getCallee())) and + nd = TValueNode(call) ) } @@ -307,7 +317,7 @@ private predicate isRequire(DataFlow::Node nd) { * ``` */ class Require extends CallExpr, Import { - Require() { isRequire(this.getCallee().flow()) } + Require() { isRequire(TValueNode(this.getCallee())) } override PathExpr getImportedPath() { result = this.getArgument(0) } @@ -401,7 +411,7 @@ private class RequirePath extends PathExprCandidate { this = any(Require req).getArgument(0) or exists(MethodCallExpr reqres | - isRequire(reqres.getReceiver().flow()) and + isRequire(TValueNode(reqres.getReceiver())) and reqres.getMethodName() = "resolve" and this = reqres.getArgument(0) ) diff --git a/javascript/ql/lib/semmle/javascript/Paths.qll b/javascript/ql/lib/semmle/javascript/Paths.qll index 5f8452f5251d..66a840e9f26b 100644 --- a/javascript/ql/lib/semmle/javascript/Paths.qll +++ b/javascript/ql/lib/semmle/javascript/Paths.qll @@ -4,6 +4,7 @@ */ import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode /** * Internal representation of paths as lists of components. @@ -381,16 +382,16 @@ private class PathExprString extends PathString { } pragma[nomagic] -private DataFlow::Node getAPathExprAlias(PathExpr expr) { - result.getImmediatePredecessor().asExpr() = expr +private EarlyStageNode getAPathExprAlias(PathExpr expr) { + DataFlow::Impl::earlyStageImmediateFlowStep(TValueNode(expr), result) or - result.getImmediatePredecessor() = getAPathExprAlias(expr) + DataFlow::Impl::earlyStageImmediateFlowStep(getAPathExprAlias(expr), result) } private class PathExprFromAlias extends PathExpr { private PathExpr other; - PathExprFromAlias() { this = getAPathExprAlias(other).asExpr() } + PathExprFromAlias() { TValueNode(this) = getAPathExprAlias(other) } override string getValue() { result = other.getValue() } @@ -435,13 +436,15 @@ abstract class PathExprCandidate extends Expr { pragma[nomagic] private Expr getAPart1() { result = this or result = this.getAPart().getAChildExpr() } + private EarlyStageNode getAnAliasedPart1() { + result = TValueNode(this.getAPart1()) + or + DataFlow::Impl::earlyStageImmediateFlowStep(result, this.getAnAliasedPart1()) + } + /** - * Gets an expression that is nested inside this expression. - * - * Equivalent to `getAChildExpr*()`, but useful to enforce a better join order (in spite of - * what the optimizer thinks, there are generally far fewer `PathExprCandidate`s than - * `ConstantString`s). + * Gets an expression that is depended on by an expression nested inside this expression. */ pragma[nomagic] - Expr getAPart() { result = this.getAPart1().flow().getImmediatePredecessor*().asExpr() } + Expr getAPart() { TValueNode(result) = this.getAnAliasedPart1() } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index d7ddf7393622..8c2376ee8564 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -179,29 +179,8 @@ module DataFlow { */ cached DataFlow::Node getImmediatePredecessor() { - lvalueFlowStep(result, this) and - not lvalueDefaultFlowStep(_, this) - or immediateFlowStep(result, this) or - // Refinement of variable -> original definition of variable - exists(SsaRefinementNode refinement | - this = TSsaDefNode(refinement) and - result = TSsaDefNode(refinement.getAnInput()) - ) - or - exists(SsaPhiNode phi | - this = TSsaDefNode(phi) and - result = TSsaDefNode(phi.getRephinedVariable()) - ) - or - // IIFE call -> return value of IIFE - exists(Function fun | - localCall(this.asExpr(), fun) and - result = unique(Expr ret | ret = fun.getAReturnedExpr()).flow() and - not fun.getExit().isJoin() // can only reach exit by the return statement - ) - or FlowSteps::identityFunctionStep(result, this) } @@ -783,14 +762,7 @@ module DataFlow { override string getPropertyName() { result = prop.getName() } - override Node getRhs() { - exists(Parameter param, Node paramNode | - param = prop.getParameter() and - parameterNode(paramNode, param) - | - result = paramNode - ) - } + override Node getRhs() { result = TValueNode(prop.getParameter()) } override ControlFlowNode getWriteNode() { result = prop.getParameter() } } @@ -1107,6 +1079,14 @@ module DataFlow { * instead. */ module Impl { + /** + * INTERNAL. DO NOT USE. + * + * An alias for `Node.getImmediatePredecessor` that can be used at an earlier stage + * that does not depend on `DataFlow::Node`. + */ + predicate earlyStageImmediateFlowStep = immediateFlowStep/2; + /** * A data flow node representing a function invocation, either explicitly or reflectively, * and either with or without `new`. @@ -1420,12 +1400,12 @@ module DataFlow { /** * INTERNAL: Use `parameterNode(Parameter)` instead. */ - predicate parameterNode(DataFlow::Node nd, Parameter p) { nd = valueNode(p) } + predicate parameterNode(EarlyStageNode nd, Parameter p) { nd = TValueNode(p) } /** * INTERNAL: Use `thisNode(StmtContainer container)` instead. */ - predicate thisNode(DataFlow::Node node, StmtContainer container) { node = TThisNode(container) } + predicate thisNode(EarlyStageNode node, StmtContainer container) { node = TThisNode(container) } /** * Gets the node representing the receiver of the given function, or `this` in the given top-level. @@ -1487,7 +1467,15 @@ module DataFlow { * _before_ the l-value is assigned to, whereas `DataFlow::lvalueNode()` * represents the value _after_ the assignment. */ - Node lvalueNode(BindingPattern lvalue) { + Node lvalueNode(BindingPattern lvalue) { result = lvalueNodeInternal(lvalue) } + + /** + * INTERNAL: Do not use outside standard library. + * + * Same as `lvalueNode()` except the return type is `EarlyStageNode`, which allows it to be used + * before all data flow nodes have been materialised. + */ + EarlyStageNode lvalueNodeInternal(BindingPattern lvalue) { exists(SsaExplicitDefinition ssa | ssa.defines(lvalue.(LValue).getDefNode(), lvalue.(VarRef).getVariable()) and result = TSsaDefNode(ssa) @@ -1535,31 +1523,31 @@ module DataFlow { * Holds if there is a step from `pred -> succ` due to an assignment * to an expression in l-value position. */ - private predicate lvalueFlowStep(Node pred, Node succ) { + private predicate lvalueFlowStep(EarlyStageNode pred, EarlyStageNode succ) { exists(VarDef def | - pred = valueNode(defSourceNode(def)) and - succ = lvalueNode(def.getTarget()) + pred = TValueNode(defSourceNode(def)) and + succ = lvalueNodeInternal(def.getTarget()) ) or exists(SimpleParameter param | - pred = valueNode(param) and // The value node represents the incoming argument - succ = lvalueNode(param) // The SSA node represents the parameters's local variable + pred = TValueNode(param) and // The value node represents the incoming argument + succ = lvalueNodeInternal(param) // The SSA node represents the parameters's local variable ) or exists(Expr arg, Parameter param | localArgumentPassing(arg, param) and - pred = valueNode(arg) and - succ = valueNode(param) + pred = TValueNode(arg) and + succ = TValueNode(param) ) or exists(PropertyPattern pattern | pred = TPropNode(pattern) and - succ = lvalueNode(pattern.getValuePattern()) + succ = lvalueNodeInternal(pattern.getValuePattern()) ) or exists(Expr element | pred = TElementPatternNode(_, element) and - succ = lvalueNode(element) + succ = lvalueNodeInternal(element) ) } @@ -1567,37 +1555,37 @@ module DataFlow { * Holds if there is a step from `pred -> succ` from the default * value of a destructuring pattern or parameter. */ - private predicate lvalueDefaultFlowStep(Node pred, Node succ) { + private predicate lvalueDefaultFlowStep(EarlyStageNode pred, EarlyStageNode succ) { exists(PropertyPattern pattern | pred = TValueNode(pattern.getDefault()) and - succ = lvalueNode(pattern.getValuePattern()) + succ = lvalueNodeInternal(pattern.getValuePattern()) ) or exists(ArrayPattern array, int i | pred = TValueNode(array.getDefault(i)) and - succ = lvalueNode(array.getElement(i)) + succ = lvalueNodeInternal(array.getElement(i)) ) or exists(Parameter param | pred = TValueNode(param.getDefault()) and - parameterNode(succ, param) + succ = TValueNode(param) ) } /** - * Flow steps shared between `getImmediatePredecessor` and `localFlowStep`. + * Flow steps shared between `immediateFlowStep` and `localFlowStep`. * * Inlining is forced because the two relations are indexed differently. */ pragma[inline] - private predicate immediateFlowStep(Node pred, Node succ) { + private predicate immediateFlowStepShared(EarlyStageNode pred, EarlyStageNode succ) { exists(SsaVariable v | pred = TSsaDefNode(v.getDefinition()) and - succ = valueNode(v.getAUse()) + succ = TValueNode(v.getAUse()) ) or exists(Expr predExpr, Expr succExpr | - pred = valueNode(predExpr) and succ = valueNode(succExpr) + pred = TValueNode(predExpr) and succ = TValueNode(succExpr) | predExpr = succExpr.(ParExpr).getExpression() or @@ -1627,25 +1615,55 @@ module DataFlow { // flow from 'this' parameter into 'this' expressions exists(ThisExpr thiz | pred = TThisNode(thiz.getBindingContainer()) and - succ = valueNode(thiz) + succ = TValueNode(thiz) ) or // `f.call(...)` and `f.apply(...)` evaluate to the result of the reflective call they perform - pred = TReflectiveCallNode(succ.asExpr(), _) + exists(MethodCallExpr call | + pred = TReflectiveCallNode(call, _) and + succ = TValueNode(call) + ) + } + + pragma[nomagic] + private predicate immediateFlowStep(EarlyStageNode pred, EarlyStageNode succ) { + lvalueFlowStep(pred, succ) and + not lvalueDefaultFlowStep(_, succ) + or + immediateFlowStepShared(pred, succ) + or + // Refinement of variable -> original definition of variable + exists(SsaRefinementNode refinement | + succ = TSsaDefNode(refinement) and + pred = TSsaDefNode(refinement.getAnInput()) + ) + or + exists(SsaPhiNode phi | + succ = TSsaDefNode(phi) and + pred = TSsaDefNode(phi.getRephinedVariable()) + ) + or + // IIFE call -> return value of IIFE + exists(Function fun, Expr expr | + succ = TValueNode(expr) and + localCall(expr, fun) and + pred = TValueNode(unique(Expr ret | ret = fun.getAReturnedExpr())) and + not fun.getExit().isJoin() // can only reach exit by the return statement + ) } /** * Holds if data can flow from `pred` to `succ` in one local step. */ cached - predicate localFlowStep(Node pred, Node succ) { - Stages::DataFlowStage::ref() and + predicate localFlowStep(EarlyStageNode pred, EarlyStageNode succ) { + Stages::EarlyDataFlowStage::ref() and // flow from RHS into LHS lvalueFlowStep(pred, succ) or lvalueDefaultFlowStep(pred, succ) or - immediateFlowStep(pred, succ) + immediateFlowStepShared(pred, succ) or // From an assignment or implicit initialization of a captured variable to its flow-insensitive node. exists(SsaDefinition predDef | @@ -1669,7 +1687,7 @@ module DataFlow { ) or exists(Expr predExpr, Expr succExpr | - pred = valueNode(predExpr) and succ = valueNode(succExpr) + pred = TValueNode(predExpr) and succ = TValueNode(succExpr) | predExpr = succExpr.(LogicalBinaryExpr).getAnOperand() or @@ -1683,13 +1701,19 @@ module DataFlow { or // from returned expr to the FunctionReturnNode. exists(Function f | not f.isAsyncOrGenerator() | - DataFlow::functionReturnNode(succ, f) and pred = valueNode(f.getAReturnedExpr()) + succ = TFunctionReturnNode(f) and pred = TValueNode(f.getAReturnedExpr()) ) or // from a reflective params node to a reference to the arguments object. - exists(DataFlow::ReflectiveParametersNode params, Function f | f = params.getFunction() | - succ = f.getArgumentsVariable().getAnAccess().flow() and - pred = params + exists(Function f | + pred = TReflectiveParametersNode(f) and + succ = TValueNode(f.getArgumentsVariable().getAnAccess()) + ) + or + // Pass 'this' into super calls + exists(SuperCall call | + pred = TThisNode(call.getBinder()) and + succ = TConstructorThisArgumentNode(call) ) } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index db78cae8f0d5..fc7079590866 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -38,6 +38,33 @@ private module Cached { import Cached +private class TEarlyStageNode = + TValueNode or TSsaDefNode or TCapturedVariableNode or TPropNode or TRestPatternNode or + TElementPatternNode or TElementNode or TReflectiveCallNode or TThisNode or + TFunctionSelfReferenceNode or TDestructuredModuleImportNode or THtmlAttributeNode or + TFunctionReturnNode or TExceptionalFunctionReturnNode or TExceptionalInvocationReturnNode or + TGlobalAccessPathRoot or TTemplatePlaceholderTag or TReflectiveParametersNode or + TExprPostUpdateNode or TConstructorThisArgumentNode; + /** - * The raw data type underlying `DataFlow::Node`. + * A data-flow node that is not a flow summary node. + * + * This node exists to avoid an unwanted dependency on flow summaries in some parts of the codebase + * that should not depend on them. + * + * In particular, this dependency chain must not result in negative recursion: + * - Flow summaries can only be created after pruning irrelevant flow summaries + * - To prune irrelevant flow summaries, we must know which packages are imported + * - To know which packages are imported, module systems must be evaluated + * - The AMD and NodeJS module systems rely on data flow to find calls to `require` and similar. + * These module systems must therefore use `EarlyStageNode` instead of `DataFlow::Node`. */ +class EarlyStageNode extends TEarlyStageNode { + string toString() { result = this.(DataFlow::Node).toString() } + + predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + this.(DataFlow::Node).hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } +} diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll index 4c9c8e147eb9..177c63f9d06b 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll @@ -48,11 +48,13 @@ predicate parseTypeString(string rawType, string package, string qualifiedName) * Holds if models describing `package` may be relevant for the analysis of this database. */ predicate isPackageUsed(string package) { - exists(DataFlow::moduleImport(package)) - or package = "global" or - any(DataFlow::SourceNode sn).hasUnderlyingType(package, _) + package = any(JS::Import imp).getImportedPath().getValue() + or + any(JS::TypeName t).hasQualifiedName(package, _) + or + any(JS::TypeAnnotation t).hasQualifiedName(package, _) } bindingset[type] diff --git a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll index 459b83f2b996..ce888e775370 100644 --- a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll +++ b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll @@ -106,6 +106,30 @@ module Stages { } } + /** + * The part of data flow computed before flow summary nodes. + */ + cached + module EarlyDataFlowStage { + /** + * Always holds. + * Ensures that a predicate is evaluated as part of the early DataFlow stage. + */ + cached + predicate ref() { 1 = 1 } + + /** + * DONT USE! + * Contains references to each predicate that use the above `ref` predicate. + */ + cached + predicate backref() { + 1 = 1 + or + DataFlow::localFlowStep(_, _) + } + } + /** * The `dataflow` stage. */ @@ -128,8 +152,6 @@ module Stages { or exists(AmdModule a) or - DataFlow::localFlowStep(_, _) - or exists(any(DataFlow::SourceNode s).getAPropertyReference("foo")) or exists(any(Expr e).getExceptionTarget()) From b499c6075ae83a2c1ab122705137e7a0f15f56d6 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 09:48:51 +0200 Subject: [PATCH 004/223] JS: Add Contents.qll --- .../javascript/dataflow/Configuration.qll | 6 + .../javascript/dataflow/internal/Contents.qll | 481 ++++++++++++++++++ 2 files changed, 487 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index 179e1b4dfe50..7895a75de6e4 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -766,6 +766,12 @@ module PseudoProperties { bindingset[key] string mapValueKey(string key) { result = pseudoProperty("mapValue", key) } + /** + * Holds if `prop` equals `mapValueKey(key)` for some value of `key`. + */ + bindingset[prop] + predicate isMapValueKey(string prop) { prop.matches("$mapValue|%$") } + /** * Gets a pseudo-property for the location of a map value where the key is `key`. */ diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll new file mode 100644 index 000000000000..55de1efc2d62 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll @@ -0,0 +1,481 @@ +private import javascript +private import semmle.javascript.frameworks.data.internal.AccessPathSyntax as AccessPathSyntax + +module Private { + import Public + + /** + * Gets the largest array index should be propagated precisely through flow summaries. + * + * Note that all known array indices have a corresponding singleton content, but some will + * be collapsed in flow summaries that operate on array elements. + */ + int getMaxPreciseArrayIndex() { result = 9 } + + /** Gets the largest array index should be propagated precisely through flow summaries. */ + int getAPreciseArrayIndex() { result = [0 .. getMaxPreciseArrayIndex()] } + + /** + * Holds if values associated with `key` should be tracked as a individual contents of a `Map` object. + */ + private predicate isKnownMapKey(string key) { + exists(MethodCallExpr call | + call.getMethodName() = "get" and + call.getNumArgument() = 1 and + call.getArgument(0).getStringValue() = key + ) + or + exists(AccessPathSyntax::AccessPathToken token | + token.getName() = "MapValue" and + token.getAnArgument() = key + ) + } + + /** + * A known property name. + */ + class PropertyName extends string { + // Note: unlike the similarly-named class in StepSummary.qll, this class must not depend on DataFlow::Node + PropertyName() { + this = any(PropAccess access).getPropertyName() + or + this = any(Property p).getName() + or + this = any(PropertyPattern p).getName() + or + this = any(GlobalVariable v).getName() + or + this = getAPreciseArrayIndex().toString() + or + exists(AccessPathSyntax::AccessPathToken tok | + tok.getName() = "Member" and this = tok.getAnArgument() + ) + } + + /** Gets the array index corresponding to this property name. */ + pragma[nomagic] + int asArrayIndex() { result = this.toInt() and result >= 0 and this = result.toString() } + } + + cached + newtype TContent = + MkPropertyContent(PropertyName name) or + MkArrayElementUnknown() or // note: array elements with known index are just properties + MkMapKey() or + MkMapValueWithUnknownKey() or + MkMapValueWithKnownKey(string key) { isKnownMapKey(key) } or + MkSetElement() or + MkIteratorElement() or + MkIteratorError() or + MkPromiseValue() or + MkPromiseError() or + MkCapturedContent(LocalVariable v) { v.isCaptured() } + + cached + newtype TContentSet = + MkSingletonContent(Content content) or + MkArrayElementKnown(int index) { index = any(PropertyName name).asArrayIndex() } or + MkArrayElementLowerBound(int index) { index = [0 .. getMaxPreciseArrayIndex() + 1] } or + MkMapValueKnown(string key) { isKnownMapKey(key) } or + MkMapValueAll() or + MkPromiseFilter() or + MkIteratorFilter() or + MkAnyProperty() or + // The following content sets are used exclusively as an intermediate value in flow summaries. + // These are encoded as a ContentSummaryComponent, although the flow graphs we generate are different + // than an ordinary content component. These special content sets should never appear in a step. + MkAwaited() or + MkAnyPropertyDeep() or + MkArrayElementDeep() + + /** + * Holds if `cs` is used to encode a special operation as a content component, but should not + * be treated as an ordinary content component. + */ + predicate isSpecialContentSet(ContentSet cs) { + cs = MkAwaited() or cs = MkAnyPropertyDeep() or cs = MkArrayElementDeep() + } +} + +module Public { + private import Private + + /** + * A storage location on an object, such as a property name. + */ + class Content extends TContent { + /** Gets a string representation of this content. */ + cached + string toString() { + // Note that these strings are visible to the end-user, in the access path of a PathNode. + result = this.asPropertyName() + or + this.isUnknownArrayElement() and + result = "ArrayElement" + or + this = MkMapKey() and + result = "MapKey" + or + this = MkMapValueWithUnknownKey() and + result = "MapValue" + or + exists(string key | + this = MkMapValueWithKnownKey(key) and + result = "MapValue[" + key + "]" + ) + or + this = MkSetElement() and + result = "SetElement" + or + this = MkIteratorElement() and + result = "IteratorElement" + or + this = MkIteratorError() and + result = "IteratorError" + or + this = MkPromiseValue() and + result = "PromiseValue" + or + this = MkPromiseError() and + result = "PromiseError" + or + result = this.asCapturedVariable().getName() + } + + /** Gets the property name represented by this content, if any. */ + string asPropertyName() { this = MkPropertyContent(result) } + + /** Gets the array index represented by this content, if any. */ + pragma[nomagic] + int asArrayIndex() { result = this.asPropertyName().(PropertyName).asArrayIndex() } + + /** Gets the captured variable represented by this content, if any. */ + LocalVariable asCapturedVariable() { this = MkCapturedContent(result) } + + /** Holds if this represents values stored at an unknown array index. */ + predicate isUnknownArrayElement() { this = MkArrayElementUnknown() } + + /** Holds if this represents values stored in a `Map` at an unknown key. */ + predicate isMapValueWithUnknownKey() { this = MkMapValueWithUnknownKey() } + + /** Holds if this represents values stored in a `Map` as the given string key. */ + predicate isMapValueWithKnownKey(string key) { this = MkMapValueWithKnownKey(key) } + } + + /** + * An entity that represents the set of `Content`s being accessed at a read or store operation. + */ + class ContentSet extends TContentSet { + /** Gets a content that may be stored into when storing into this set. */ + pragma[inline] + Content getAStoreContent() { + result = this.asSingleton() + or + // For array element access with known lower bound, just store into the unknown array element + this = ContentSet::arrayElementLowerBound(_) and + result.isUnknownArrayElement() + or + exists(int n | + this = ContentSet::arrayElementKnown(n) and + result.asArrayIndex() = n + ) + or + exists(string key | + this = ContentSet::mapValueWithKnownKey(key) and + result.isMapValueWithKnownKey(key) + ) + or + this = ContentSet::mapValueAll() and + result.isMapValueWithUnknownKey() + } + + /** Gets a content that may be read from when reading from this set. */ + pragma[nomagic] + Content getAReadContent() { + result = this.asSingleton() + or + this = ContentSet::promiseFilter() and + ( + result = MkPromiseValue() + or + result = MkPromiseError() + ) + or + this = ContentSet::iteratorFilter() and + ( + result = MkIteratorElement() + or + result = MkIteratorError() + ) + or + exists(int bound | this = ContentSet::arrayElementLowerBound(bound) | + result.isUnknownArrayElement() + or + result.asArrayIndex() >= bound + ) + or + exists(int n | this = ContentSet::arrayElementKnown(n) | + result.isUnknownArrayElement() + or + result.asArrayIndex() = n + ) + or + exists(string key | this = ContentSet::mapValueWithKnownKey(key) | + result.isMapValueWithUnknownKey() + or + result.isMapValueWithKnownKey(key) + ) + or + this = ContentSet::mapValueAll() and + ( + result.isMapValueWithUnknownKey() + or + result.isMapValueWithKnownKey(_) + ) + or + this = ContentSet::anyProperty() and + ( + result instanceof MkPropertyContent + or + result instanceof MkArrayElementUnknown + ) + } + + /** Gets the singleton content to be accessed. */ + Content asSingleton() { this = MkSingletonContent(result) } + + /** Gets the property name to be accessed. */ + PropertyName asPropertyName() { result = this.asSingleton().asPropertyName() } + + /** Gets the array index to be accessed. */ + int asArrayIndex() { result = this.asSingleton().asArrayIndex() } + + /** + * Gets a string representation of this content set. + */ + string toString() { + result = this.asSingleton().toString() + or + this = ContentSet::promiseFilter() and result = "PromiseFilter" + or + this = ContentSet::iteratorFilter() and result = "IteratorFilter" + or + exists(int bound | + this = ContentSet::arrayElementLowerBound(bound) and + result = "ArrayElement[" + bound + "..]" + ) + or + exists(int n | this = ContentSet::arrayElementKnown(n) and result = "ArrayElement[" + n + "]") + or + this = ContentSet::mapValueAll() and + result = "MapValue" + or + this = ContentSet::anyProperty() and + result = "AnyMember" + or + this = MkAwaited() and result = "Awaited (with coercion)" + or + this = MkAnyPropertyDeep() and result = "AnyMemberDeep" + or + this = MkArrayElementDeep() and result = "ArrayElementDeep" + } + } + + /** + * Companion module to the `ContentSet` class, providing access to various content sets. + */ + module ContentSet { + /** + * A content set containing only the given content. + */ + pragma[inline] + ContentSet singleton(Content content) { result.asSingleton() = content } + + /** + * A content set corresponding to the given property name. + */ + pragma[inline] + ContentSet property(PropertyName name) { result.asSingleton().asPropertyName() = name } + + /** + * A content set that should only be used in `withContent` and `withoutContent` steps, which + * matches the two promise-related contents, `Awaited[value]` and `Awaited[error]`. + */ + ContentSet promiseFilter() { result = MkPromiseFilter() } + + /** + * A content set that should only be used in `withContent` and `withoutContent` steps, which + * matches the two iterator-related contents, `IteratorElement` and `IteratorError`. + */ + ContentSet iteratorFilter() { result = MkIteratorFilter() } + + /** + * A content set describing the result of a resolved promise. + */ + ContentSet promiseValue() { result = singleton(MkPromiseValue()) } + + /** + * A content set describing the error stored in a rejected promise. + */ + ContentSet promiseError() { result = singleton(MkPromiseError()) } + + /** + * A content set describing all array elements, regardless of their index in the array. + */ + ContentSet arrayElement() { result = MkArrayElementLowerBound(0) } + + /** + * A content set describing array elements at index `bound` or greater. + * + * For `bound=0` this gets the same content set as `ContentSet::arrayElement()`, that is, + * the content set describing all array elements. + * + * For large values of `bound` this has no result - see `ContentSet::arrayElementLowerBoundFromInt`. + */ + ContentSet arrayElementLowerBound(int bound) { result = MkArrayElementLowerBound(bound) } + + /** + * A content set describing an access to array index `n`. + * + * This content set reads from element `n` and the unknown element, and stores to index `n`. + * + * For large values of `n` this has no result - see `ContentSet::arrayElementFromInt`. + */ + ContentSet arrayElementKnown(int n) { result = MkArrayElementKnown(n) } + + /** + * The singleton content set describing array elements stored at an unknown index. + */ + ContentSet arrayElementUnknown() { result = singleton(MkArrayElementUnknown()) } + + /** + * Gets a content set describing array elements at index `bound` or greater. + * + * If `bound` is too large, it is truncated to the greatest lower bound we can represent. + */ + bindingset[bound] + ContentSet arrayElementLowerBoundFromInt(int bound) { + result = arrayElementLowerBound(bound.minimum(getMaxPreciseArrayIndex() + 1)) + } + + /** + * Gets the content set describing an access to array index `n`. + * + * If `n` is too large, it is truncated to the greatest lower bound we can represent. + */ + bindingset[n] + ContentSet arrayElementFromInt(int n) { + result = arrayElementKnown(n) + or + not exists(arrayElementKnown(n)) and + result = arrayElementLowerBoundFromInt(n) + } + + /** Gets the content set describing the keys of a `Map` object. */ + ContentSet mapKey() { result = singleton(MkMapKey()) } + + /** Gets the content set describing the values of a `Map` object stored with an unknown key. */ + ContentSet mapValueWithUnknownKey() { result = singleton(MkMapValueWithUnknownKey()) } + + /** + * Gets the content set describing the value of a `Map` object stored with the given known `key`. + * + * This has no result if `key` is not one of the keys we track precisely. See also `mapValueFromKey`. + */ + ContentSet mapValueWithKnownKeyStrict(string key) { result = MkMapValueKnown(key) } + + /** + * Gets the content set describing an access to a map value with the given `key`. + * + * This content set also reads from a value stored with an unknown key. Use `mapValueWithKnownKeyStrict` to strictly + * refer to known keys. + * + * This has no result if `key` is not one of the keys we track precisely. See also `mapValueFromKey`. + */ + ContentSet mapValueWithKnownKey(string key) { result = singleton(MkMapValueWithKnownKey(key)) } + + /** Gets the content set describing all values in a map (with known or unknown key). */ + ContentSet mapValueAll() { result = MkMapValueAll() } + + /** + * Gets the content set describing the value in a `Map` object stored at the given `key`. + * + * If `key` is not one of the keys we track precisely, this is mapped to the unknown key instead. + */ + bindingset[key] + ContentSet mapValueFromKey(string key) { + result = mapValueWithKnownKey(key) + or + not exists(mapValueWithKnownKey(key)) and + result = mapValueWithUnknownKey() + } + + /** Gets the content set describing the elements of a `Set` object. */ + ContentSet setElement() { result = singleton(MkSetElement()) } + + /** Gets the content set describing the elements of an iterator object. */ + ContentSet iteratorElement() { result = singleton(MkIteratorElement()) } + + /** Gets the content set describing the exception to be thrown when attempting to iterate over the given value. */ + ContentSet iteratorError() { result = singleton(MkIteratorError()) } + + /** + * Gets a content set that reads from all ordinary properties. + * + * This includes array elements, but not the contents of `Map`, `Set`, `Promise`, or iterator objects. + * + * This content set has no effect if used in a store step. + */ + ContentSet anyProperty() { result = MkAnyProperty() } + + /** + * Gets a content set corresponding to the pseudo-property `propertyName`. + */ + pragma[nomagic] + private ContentSet fromLegacyPseudoProperty(string propertyName) { + propertyName = Promises::valueProp() and + result = promiseValue() + or + propertyName = Promises::errorProp() and + result = promiseError() + or + propertyName = DataFlow::PseudoProperties::arrayElement() and + result = arrayElement() + or + propertyName = DataFlow::PseudoProperties::iteratorElement() and + result = iteratorElement() + or + propertyName = DataFlow::PseudoProperties::setElement() and + result = setElement() + or + propertyName = DataFlow::PseudoProperties::mapValueAll() and + result = mapValueAll() + or + propertyName = DataFlow::PseudoProperties::mapValueUnknownKey() and + result = mapValueWithUnknownKey() + or + exists(string key | + propertyName = DataFlow::PseudoProperties::mapValueKey(key) and + result = mapValueWithKnownKey(key) + ) + } + + /** + * Gets the content set corresponding to the given property name, where legacy pseudo-properties + * are mapped to their corresponding content sets (which are no longer seen as property names). + */ + bindingset[propertyName] + ContentSet fromLegacyProperty(string propertyName) { + result = fromLegacyPseudoProperty(propertyName) + or + not exists(fromLegacyPseudoProperty(propertyName)) and + ( + // In case a map-value key was contributed via a SharedFlowStep, but we don't have a ContentSet for it, + // convert it to the unknown key. + if DataFlow::PseudoProperties::isMapValueKey(propertyName) + then result = mapValueWithUnknownKey() + else result = property(propertyName) + ) + } + } +} From 21300eef4ca63925e62af8d0f2e3e78dcff37ace Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 09:51:13 +0200 Subject: [PATCH 005/223] JS:Add ConstructorThisArgumentNode --- .../semmle/javascript/dataflow/DataFlow.qll | 18 ++++++++++++++++++ .../dataflow/internal/DataFlowNode.qll | 1 + 2 files changed, 19 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index 8c2376ee8564..b86a424697de 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -1055,6 +1055,24 @@ module DataFlow { override string toString() { result = "global access path" } } + /** + * A node representing the value passed as `this` argument in a `new` call or a `super` call. + */ + class ConstructorThisArgumentNode extends TConstructorThisArgumentNode, DataFlow::Node { + private InvokeExpr expr; + + ConstructorThisArgumentNode() { this = TConstructorThisArgumentNode(expr) } + + override string toString() { result = "implicit 'this' argument of " + expr } + + override StmtContainer getContainer() { result = expr.getContainer() } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + expr.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } + } /** * INTERNAL. DO NOT USE. * diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index fc7079590866..7cc1088ba278 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -34,6 +34,7 @@ private module Cached { TGlobalAccessPathRoot() or TTemplatePlaceholderTag(Templating::TemplatePlaceholderTag tag) or TReflectiveParametersNode(Function f) or + TConstructorThisArgumentNode(InvokeExpr e) { e instanceof NewExpr or e instanceof SuperCall } or } import Cached From 01952f17bff7e3b21e968c11f611497f8dfa103d Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 09:52:09 +0200 Subject: [PATCH 006/223] JS: Add some missing getContainer() predicates --- .../lib/semmle/javascript/dataflow/DataFlow.qll | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index b86a424697de..b25937817875 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -765,6 +765,8 @@ module DataFlow { override Node getRhs() { result = TValueNode(prop.getParameter()) } override ControlFlowNode getWriteNode() { result = prop.getParameter() } + + override StmtContainer getContainer() { parameter_fields(prop, result, _) } } /** @@ -962,6 +964,12 @@ module DataFlow { override BasicBlock getBasicBlock() { result = function.getExit().getBasicBlock() } + override StmtContainer getContainer() { + // Override this to ensure a container exists even for unreachable returns, + // since an unreachable exit CFG node will not have a basic block + result = function + } + /** * Gets the function corresponding to this exceptional return node. */ @@ -988,6 +996,12 @@ module DataFlow { override BasicBlock getBasicBlock() { result = function.getExit().getBasicBlock() } + override StmtContainer getContainer() { + // Override this to ensure a container exists even for unreachable returns, + // since an unreachable exit CFG node will not have a basic block + result = function + } + /** * Gets the function corresponding to this return node. */ @@ -1386,6 +1400,8 @@ module DataFlow { } override string toString() { result = this.getTag().toString() } + + override StmtContainer getContainer() { result = this.getTag().getInnerTopLevel() } } /** From c839822eb9496955ab904ccffda59196ae3b8fa1 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 10:25:26 +0200 Subject: [PATCH 007/223] JS: Add PostUpdateNode --- .../semmle/javascript/dataflow/DataFlow.qll | 65 +++++++++++++++++++ .../dataflow/internal/DataFlowNode.qll | 12 ++++ .../dataflow/internal/DataFlowPrivate.qll | 29 +++++++++ 3 files changed, 106 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index b25937817875..11fdc25e6f63 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -25,6 +25,7 @@ private import internal.DataFlowNode private import internal.AnalyzedParameters private import internal.PreCallGraphStep private import semmle.javascript.internal.CachedStages +private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private module DataFlow { /** @@ -247,6 +248,11 @@ module DataFlow { or this.getFallbackTypeAnnotation().getAnUnderlyingType().hasQualifiedName(moduleName, typeName) } + + /** + * Gets the post-update node corresponding to this node, if any. + */ + final PostUpdateNode getPostUpdateNode() { result.getPreUpdateNode() = this } } /** @@ -1087,6 +1093,28 @@ module DataFlow { expr.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) } } + + /** + * A node representing the post-update node corresponding to implicit uses of `this` in a constructor. + */ + private class ConstructorThisPostUpdateNode extends TConstructorThisPostUpdate, DataFlow::Node { + private Function constructor; + + ConstructorThisPostUpdateNode() { this = TConstructorThisPostUpdate(constructor) } + + override string toString() { result = "[post-update] 'this' parameter of " + constructor } + + override StmtContainer getContainer() { result = constructor } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + constructor + .getLocation() + .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } + } + /** * INTERNAL. DO NOT USE. * @@ -1404,6 +1432,43 @@ module DataFlow { override StmtContainer getContainer() { result = this.getTag().getInnerTopLevel() } } + /** + * A post-update node whose pre-node corresponds to an expression. See `DataFlow::PostUpdateNode` for more details. + */ + class ExprPostUpdateNode extends DataFlow::Node, TExprPostUpdateNode, Private::PostUpdateNode { + private AST::ValueNode expr; + + ExprPostUpdateNode() { this = TExprPostUpdateNode(expr) } + + /** Gets the expression for which this is the post-update node. */ + AST::ValueNode getExpr() { result = expr } + + override StmtContainer getContainer() { result = expr.getContainer() } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + expr.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } + + override string toString() { result = "[post update] " + expr.toString() } + } + + /** + * A post-update node. + * + * This is a data-flow node that represents the new state of an object after its contents have been mutated. + * Most notably such nodes exist for arguments to a call and for the base of a property reference. + */ + class PostUpdateNode extends DataFlow::Node { + PostUpdateNode() { Private::postUpdatePair(_, this) } + + /** + * Gets the corresponding pre-update node, which is usually the argument to a call or the base of a property reference. + */ + final DataFlow::Node getPreUpdateNode() { Private::postUpdatePair(result, this) } + } + /** * INTERNAL. DO NOT USE. * diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index 7cc1088ba278..8f54d3a34961 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -34,7 +34,19 @@ private module Cached { TGlobalAccessPathRoot() or TTemplatePlaceholderTag(Templating::TemplatePlaceholderTag tag) or TReflectiveParametersNode(Function f) or + TExprPostUpdateNode(AST::ValueNode e) { + e = any(InvokeExpr invoke).getAnArgument() or + e = any(PropAccess access).getBase() or + e = any(DestructuringPattern pattern) or + e = any(InvokeExpr invoke).getCallee() or + // We have read steps out of the await operand, so it technically needs a post-update + e = any(AwaitExpr a).getOperand() or + e = any(Function f) or // functions are passed as their own self-reference argument + // RHS of a setter call is an argument, so it needs a post-update node + e = any(Assignment asn | asn.getTarget() instanceof PropAccess).getRhs() + } or TConstructorThisArgumentNode(InvokeExpr e) { e instanceof NewExpr or e instanceof SuperCall } or + TConstructorThisPostUpdate(Constructor ctor) or } import Cached diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll new file mode 100644 index 000000000000..f0f1883468ae --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -0,0 +1,29 @@ +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode + +class Node = DataFlow::Node; + +class PostUpdateNode = DataFlow::PostUpdateNode; + +cached +predicate postUpdatePair(Node pre, Node post) { + exists(AST::ValueNode expr | + pre = TValueNode(expr) and + post = TExprPostUpdateNode(expr) + ) + or + exists(NewExpr expr | + pre = TConstructorThisArgumentNode(expr) and + post = TValueNode(expr) + ) + or + exists(SuperCall expr | + pre = TConstructorThisArgumentNode(expr) and + post = TConstructorThisPostUpdate(expr.getBinder()) + ) + or + exists(Function constructor | + pre = TThisNode(constructor) and + post = TConstructorThisPostUpdate(constructor) + ) +} From 3455463e7133bb97db86fac9e976bfc043550bba Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 10:06:02 +0200 Subject: [PATCH 008/223] JS: Add instantiation boilerplate Note that this commit won't compile on its own, but putting the boilerplate in its own commit --- javascript/ql/lib/qlpack.yml | 1 + .../dataflow/internal/sharedlib/DataFlow.qll | 4 ++++ .../internal/sharedlib/DataFlowArg.qll | 19 +++++++++++++++++++ .../internal/sharedlib/DataFlowImpl.qll | 3 +++ .../internal/sharedlib/DataFlowImplCommon.qll | 3 +++ .../internal/sharedlib/TaintTracking.qll | 3 +++ 6 files changed, 33 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 2b5b69eccf94..6a98353c6cc0 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -11,6 +11,7 @@ dependencies: codeql/tutorial: ${workspace} codeql/util: ${workspace} codeql/yaml: ${workspace} + codeql/dataflow: ${workspace} dataExtensions: - semmle/javascript/frameworks/**/model.yml warnOnImplicitThis: true diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll new file mode 100644 index 000000000000..fda541f1d31f --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll @@ -0,0 +1,4 @@ +private import codeql.dataflow.DataFlow +private import DataFlowArg +import DataFlowMake +import DataFlowImplSpecific::Public diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll new file mode 100644 index 000000000000..6422dca52dd2 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll @@ -0,0 +1,19 @@ +private import DataFlowImplSpecific +private import codeql.dataflow.DataFlow as SharedDataFlow +private import codeql.dataflow.TaintTracking as SharedTaintTracking + +module JSDataFlow implements SharedDataFlow::InputSig { + import Private + import Public + + // Explicitly implement signature members that have a default + predicate typeStrongerThan = Private::typeStrongerThan/2; + + predicate neverSkipInPathGraph = Private::neverSkipInPathGraph/1; + + predicate accessPathLimit = Private::accessPathLimit/0; +} + +module JSTaintFlow implements SharedTaintTracking::InputSig { + import semmle.javascript.dataflow.internal.TaintTrackingPrivate +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll new file mode 100644 index 000000000000..1b888d53859d --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll @@ -0,0 +1,3 @@ +private import codeql.dataflow.internal.DataFlowImpl +private import DataFlowArg +import MakeImpl diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll new file mode 100644 index 000000000000..8db21ff168fc --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll @@ -0,0 +1,3 @@ +private import DataFlowArg +private import codeql.dataflow.internal.DataFlowImplCommon +import MakeImplCommon diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll new file mode 100644 index 000000000000..d5f3604202aa --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll @@ -0,0 +1,3 @@ +private import codeql.dataflow.TaintTracking +private import DataFlowArg +import TaintFlowMake From 760873c01c4eda6f2ff0ed3534f0a584e1247c76 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 9 Oct 2023 10:18:19 +0200 Subject: [PATCH 009/223] JS: Basic instantiation of shared library --- .../javascript/dataflow/Configuration.qll | 6 +- .../dataflow/internal/DataFlowPrivate.qll | 553 +++++++++++++++++- .../internal/TaintTrackingPrivate.qll | 25 + 3 files changed, 582 insertions(+), 2 deletions(-) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index 7895a75de6e4..414fc3be72ce 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -1861,7 +1861,11 @@ class MidPathNode extends PathNode, MkMidNode { * Holds if this node is hidden from paths in path explanation queries, except * in cases where it is the source or sink. */ - predicate isHidden() { + predicate isHidden() { PathNode::shouldNodeBeHidden(nd) } +} + +module PathNode { + predicate shouldNodeBeHidden(DataFlow::Node nd) { // Skip phi, refinement, and capture nodes nd.(DataFlow::SsaDefinitionNode).getSsaVariable().getDefinition() instanceof SsaImplicitDefinition diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index f0f1883468ae..25d4af88ffac 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -1,10 +1,70 @@ private import javascript +private import semmle.javascript.dataflow.internal.CallGraphs private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps +private import semmle.javascript.dataflow.internal.Contents::Private +private import semmle.javascript.dataflow.internal.VariableCapture +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon -class Node = DataFlow::Node; +private class Node = DataFlow::Node; class PostUpdateNode = DataFlow::PostUpdateNode; +cached +newtype TReturnKind = + MkNormalReturnKind() or + MkExceptionalReturnKind() + +class ReturnKind extends TReturnKind { + string toString() { + this = MkNormalReturnKind() and result = "return" + or + this = MkExceptionalReturnKind() and result = "exception" + } +} + +private predicate returnNodeImpl(DataFlow::Node node, ReturnKind kind) { + node instanceof TFunctionReturnNode and kind = MkNormalReturnKind() + or + exists(Function fun | + node = TExceptionalFunctionReturnNode(fun) and + kind = MkExceptionalReturnKind() and + // For async/generators, the exception is caught and wrapped in the returned promise/iterator object. + // See the models for AsyncAwait and Generator. + not fun.isAsyncOrGenerator() + ) +} + +private DataFlow::Node getAnOutNodeImpl(DataFlowCall call, ReturnKind kind) { + kind = MkNormalReturnKind() and result = call.asOrdinaryCall() + or + kind = MkExceptionalReturnKind() and result = call.asOrdinaryCall().getExceptionalReturn() + or + kind = MkNormalReturnKind() and result = call.asBoundCall(_) + or + kind = MkExceptionalReturnKind() and result = call.asBoundCall(_).getExceptionalReturn() + or + kind = MkNormalReturnKind() and result = call.asAccessorCall().(DataFlow::PropRead) +} + +class ReturnNode extends DataFlow::Node { + ReturnNode() { returnNodeImpl(this, _) } + + ReturnKind getKind() { returnNodeImpl(this, result) } +} + +/** A node that receives an output from a call. */ +class OutNode extends DataFlow::Node { + OutNode() { this = getAnOutNodeImpl(_, _) } +} + +OutNode getAnOutNode(DataFlowCall call, ReturnKind kind) { result = getAnOutNodeImpl(call, kind) } + +/** + * Base class for classes that should be empty. + */ +abstract private class EmptyType extends DataFlow::Node { } + cached predicate postUpdatePair(Node pre, Node post) { exists(AST::ValueNode expr | @@ -27,3 +87,494 @@ predicate postUpdatePair(Node pre, Node post) { post = TConstructorThisPostUpdate(constructor) ) } + +class CastNode extends DataFlow::Node instanceof EmptyType { } + +cached +newtype TDataFlowCallable = + MkSourceCallable(StmtContainer container) or + +/** + * A callable entity. This is a wrapper around either a `StmtContainer` or a `LibraryCallable`. + */ +class DataFlowCallable extends TDataFlowCallable { + /** Gets a string representation of this callable. */ + string toString() { + result = this.asSourceCallable().toString() + or + result = this.asLibraryCallable() + } + + /** Gets the location of this callable, if it is present in the source code. */ + Location getLocation() { result = this.asSourceCallable().getLocation() } + + /** Gets the corresponding `StmtContainer` if this is a source callable. */ + StmtContainer asSourceCallable() { this = MkSourceCallable(result) } + + /** Gets the corresponding `StmtContainer` if this is a source callable. */ + pragma[nomagic] + StmtContainer asSourceCallableNotExterns() { + this = MkSourceCallable(result) and + not result.inExternsFile() + } + + /** Gets the corresponding `LibraryCallable` if this is a library callable. */ + LibraryCallable asLibraryCallable() { this = MkLibraryCallable(result) } +} + +private predicate isParameterNodeImpl(Node p, DataFlowCallable c, ParameterPosition pos) { + p = c.asSourceCallable().(Function).getParameter(pos.asPositional()).flow() + or + pos.isThis() and p = TThisNode(c.asSourceCallable().(Function)) + or + pos.isFunctionSelfReference() and p = TFunctionSelfReferenceNode(c.asSourceCallable()) + or + pos.isArgumentsArray() and p = TReflectiveParametersNode(c.asSourceCallable()) +} + +predicate isParameterNode(ParameterNode p, DataFlowCallable c, ParameterPosition pos) { + isParameterNodeImpl(p, c, pos) +} + +private predicate isArgumentNodeImpl(Node n, DataFlowCall call, ArgumentPosition pos) { + n = call.asOrdinaryCall().getArgument(pos.asPositional()) + or + pos.isThis() and n = call.asOrdinaryCall().(DataFlow::CallNode).getReceiver() + or + exists(DataFlow::PartialInvokeNode invoke, DataFlow::Node callback | + call = MkPartialCall(invoke, callback) and + invoke.isPartialArgument(callback, n, pos.asPositional()) + ) + or + pos.isThis() and n = call.asPartialCall().getBoundReceiver() + or + exists(int boundArgs | + n = call.asBoundCall(boundArgs).getArgument(pos.asPositional() - boundArgs) + ) + or + pos.isThis() and n = TConstructorThisArgumentNode(call.asOrdinaryCall().asExpr()) + or + // For now, treat all spread argument as flowing into the 'arguments' array, regardless of preceding arguments + n = call.asOrdinaryCall().getASpreadArgument() and + pos.isArgumentsArray() + or + // receiver of accessor call + pos.isThis() and n = call.asAccessorCall().getBase() + or + // argument to setter (TODO: this has no post-update node) + pos.asPositional() = 0 and n = call.asAccessorCall().(DataFlow::PropWrite).getRhs() +} + +predicate isArgumentNode(ArgumentNode n, DataFlowCall call, ArgumentPosition pos) { + isArgumentNodeImpl(n, call, pos) +} + +DataFlowCallable nodeGetEnclosingCallable(Node node) { + result.asSourceCallable() = node.getContainer() +} + +private newtype TDataFlowType = + TTodoDataFlowType() or + TTodoDataFlowType2() // Add a dummy value to prevent bad functionality-induced joins arising from a type of size 1. + +class DataFlowType extends TDataFlowType { + string toString() { result = "" } +} + +predicate typeStrongerThan(DataFlowType t1, DataFlowType t2) { none() } + +DataFlowType getNodeType(Node node) { result = TTodoDataFlowType() and exists(node) } + +predicate nodeIsHidden(Node node) { + DataFlow::PathNode::shouldNodeBeHidden(node) +} + +predicate neverSkipInPathGraph(Node node) { + // Include the left-hand side of assignments + node = DataFlow::lvalueNode(_) + or + // Include the return-value expression + node.asExpr() = any(Function f).getAReturnedExpr() + or + // Include calls (which may have been modelled as steps) + node.asExpr() instanceof InvokeExpr + or + // Include references to a variable + node.asExpr() instanceof VarRef +} + +string ppReprType(DataFlowType t) { none() } + +pragma[inline] +predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { any() } + +predicate forceHighPrecision(Content c) { none() } + +class ContentApprox = Unit; + +pragma[inline] +ContentApprox getContentApprox(Content c) { exists(result) and exists(c) } + +cached +private newtype TDataFlowCall = + MkOrdinaryCall(DataFlow::InvokeNode node) or + MkPartialCall(DataFlow::PartialInvokeNode node, DataFlow::Node callback) { + callback = node.getACallbackNode() + } or + MkBoundCall(DataFlow::InvokeNode node, int boundArgs) { + FlowSteps::callsBound(node, _, boundArgs) + } or + MkAccessorCall(DataFlow::PropRef node) { + // Some PropRefs can't result in an accessor call, such as Object.defineProperty. + // Restrict to PropRefs that can result in an accessor call. + node = TValueNode(any(PropAccess p)) or + node = TPropNode(any(PropertyPattern p)) + } or + +class DataFlowCall extends TDataFlowCall { + DataFlowCallable getEnclosingCallable() { none() } // Overridden in subclass + + string toString() { none() } // Overridden in subclass + + DataFlow::InvokeNode asOrdinaryCall() { this = MkOrdinaryCall(result) } + + DataFlow::PropRef asAccessorCall() { this = MkAccessorCall(result) } + + DataFlow::PartialInvokeNode asPartialCall() { this = MkPartialCall(result, _) } + + DataFlow::InvokeNode asBoundCall(int boundArgs) { this = MkBoundCall(result, boundArgs) } + + predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + none() // Overridden in subclass + } +} + +private class OrdinaryCall extends DataFlowCall, MkOrdinaryCall { + private DataFlow::InvokeNode node; + + OrdinaryCall() { this = MkOrdinaryCall(node) } + + DataFlow::InvokeNode getNode() { result = node } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = node.getContainer() + } + + override string toString() { result = node.toString() } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + node.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } +} + +private class PartialCall extends DataFlowCall, MkPartialCall { + private DataFlow::PartialInvokeNode node; + private DataFlow::Node callback; + + PartialCall() { this = MkPartialCall(node, callback) } + + DataFlow::PartialInvokeNode getNode() { result = node } + + DataFlow::Node getCallback() { result = callback } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = node.getContainer() + } + + override string toString() { result = node.toString() + " (as partial invocation)" } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + node.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } +} + +private class BoundCall extends DataFlowCall, MkBoundCall { + private DataFlow::InvokeNode node; + private int boundArgs; + + BoundCall() { this = MkBoundCall(node, boundArgs) } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = node.getContainer() + } + + override string toString() { + result = node.toString() + " (as call with " + boundArgs + " bound arguments)" + } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + node.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } +} + +private class AccessorCall extends DataFlowCall, MkAccessorCall { + private DataFlow::PropRef ref; + + AccessorCall() { this = MkAccessorCall(ref) } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = ref.getContainer() + } + + override string toString() { result = ref.toString() + " (as accessor call)" } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + ref.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } +} + +private int getMaxArity() { + // TODO: account for flow summaries + result = + max(int n | + n = any(InvokeExpr e).getNumArgument() or + n = any(Function f).getNumParameter() or + n = 10 + ) +} + +cached +newtype TParameterPosition = + MkPositionalParameter(int n) { n = [0 .. getMaxArity()] } or + MkPositionalLowerBound(int n) { n = [0 .. getMaxArity()] } or + MkThisParameter() or + MkArgumentsArrayParameter() + +class ParameterPosition extends TParameterPosition { + predicate isPositionalExact() { this instanceof MkPositionalParameter } + + predicate isPositionalLowerBound() { this instanceof MkPositionalLowerBound } + + predicate isPositionalLike() { this.isPositionalExact() or this.isPositionalLowerBound() } + + int asPositional() { this = MkPositionalParameter(result) } + + int asPositionalLowerBound() { this = MkPositionalLowerBound(result) } + + predicate isThis() { this = MkThisParameter() } + + predicate isArgumentsArray() { this = MkArgumentsArrayParameter() } + + string toString() { + result = this.asPositional().toString() + or + result = this.asPositionalLowerBound().toString() + ".." + or + this.isThis() and result = "this" + or + this.isArgumentsArray() and result = "arguments-array" + } +} + +class ArgumentPosition extends ParameterPosition { } + +class DataFlowExpr = Expr; + +Node exprNode(DataFlowExpr expr) { result = DataFlow::exprNode(expr) } + +pragma[nomagic] +predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { + ppos = apos + or + apos.asPositional() >= ppos.asPositionalLowerBound() + or + ppos.asPositional() >= apos.asPositionalLowerBound() + // + // Note: for now, there is no need to match lower bounds agaist lower bounds since we + // are only using these in cases where either the call or callee is generated by a flow summary. +} + +pragma[inline] +DataFlowCallable viableCallable(DataFlowCall node) { + // Note: we never include call edges externs here, as it negatively affects the field-flow branch limit, + // particularly when the call can also target a flow summary. + result.asSourceCallableNotExterns() = node.asOrdinaryCall().getACallee() + or + result.asSourceCallableNotExterns() = + node.(PartialCall).getCallback().getAFunctionValue().getFunction() + or + exists(DataFlow::InvokeNode invoke, int boundArgs | + invoke = node.asBoundCall(boundArgs) and + FlowSteps::callsBound(invoke, result.asSourceCallableNotExterns(), boundArgs) + ) + or + result.asSourceCallableNotExterns() = node.asAccessorCall().getAnAccessorCallee().getFunction() +} + +/** + * Holds if the set of viable implementations that can be called by `call` + * might be improved by knowing the call context. + */ +predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c) { none() } + +/** + * Gets a viable dispatch target of `call` in the context `ctx`. This is + * restricted to those `call`s for which a context might make a difference. + */ +DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) { none() } + +bindingset[node1, node2] +pragma[inline_late] +private predicate sameContainer(Node node1, Node node2) { + node1.getContainer() = node2.getContainer() +} + +bindingset[node, fun] +pragma[inline_late] +private predicate sameContainerAsEnclosingContainer(Node node, Function fun) { + node.getContainer() = fun.getEnclosingContainer() +} + +/** + * Holds if there is a value-preserving steps `node1` -> `node2` that might + * be cross function boundaries. + */ +private predicate valuePreservingStep(Node node1, Node node2) { + node1.getASuccessor() = node2 and + or + FlowSteps::propertyFlowStep(node1, node2) + or + FlowSteps::globalFlowStep(node1, node2) + or + node2 = FlowSteps::getThrowTarget(node1) + or + // Step from post-update nodes to local sources of the pre-update node. This emulates how JS usually tracks side effects. + exists(PostUpdateNode postUpdate | + node1 = postUpdate and + node2 = postUpdate.getPreUpdateNode().getALocalSource() and + node1 != node2 and // exclude trivial edges + sameContainer(node1, node2) + ) +} + +predicate simpleLocalFlowStep(Node node1, Node node2) { + valuePreservingStep(node1, node2) and + nodeGetEnclosingCallable(pragma[only_bind_out](node1)) = + nodeGetEnclosingCallable(pragma[only_bind_out](node2)) +} + +predicate localMustFlowStep(Node node1, Node node2) { node1 = node2.getImmediatePredecessor() } + +/** + * Holds if data can flow from `node1` to `node2` through a non-local step + * that does not follow a call edge. For example, a step through a global + * variable. + */ +predicate jumpStep(Node node1, Node node2) { + valuePreservingStep(node1, node2) and + node1.getContainer() != node2.getContainer() +} + +/** + * Holds if data can flow from `node1` to `node2` via a read of `c`. Thus, + * `node1` references an object with a content `c.getAReadContent()` whose + * value ends up in `node2`. + */ +predicate readStep(Node node1, ContentSet c, Node node2) { + exists(DataFlow::PropRead read | + node1 = read.getBase() and + node2 = read + | + c.asPropertyName() = read.getPropertyName() + or + not exists(read.getPropertyName()) and + c = ContentSet::arrayElement() + ) +} + +/** Gets the post-update node for which `node` is the corresponding pre-update node. */ +private Node getPostUpdate(Node node) { result.(PostUpdateNode).getPreUpdateNode() = node } + +/** Gets the post-update node for which node is the pre-update node, if one exists, otherwise gets `node` itself. */ +pragma[inline] +private Node tryGetPostUpdate(Node node) { + result = getPostUpdate(node) + or + not exists(getPostUpdate(node)) and + result = node +} + +/** + * Holds if data can flow from `node1` to `node2` via a store into `c`. Thus, + * `node2` references an object with a content `c.getAStoreContent()` that + * contains the value of `node1`. + */ +predicate storeStep(Node node1, ContentSet c, Node node2) { + exists(DataFlow::PropWrite write | + node1 = write.getRhs() and + c.asPropertyName() = write.getPropertyName() and + // Target the post-update node if one exists (for object literals we do not generate post-update nodes) + node2 = tryGetPostUpdate(write.getBase()) + ) +} + +/** + * Holds if values stored inside content `c` are cleared at node `n`. For example, + * any value stored inside `f` is cleared at the pre-update node associated with `x` + * in `x.f = newValue`. + */ +predicate clearsContent(Node n, ContentSet c) { +} + +/** + * Holds if the value that is being tracked is expected to be stored inside content `c` + * at node `n`. + */ +predicate expectsContent(Node n, ContentSet c) { +} + +/** + * Holds if the node `n` is unreachable when the call context is `call`. + */ +predicate isUnreachableInCall(Node n, DataFlowCall call) { + none() // TODO: could be useful, but not currently implemented for JS +} + +int accessPathLimit() { result = 5 } + +/** + * Holds if flow is allowed to pass from parameter `p` and back to itself as a + * side-effect, resulting in a summary from `p` to itself. + * + * One example would be to allow flow like `p.foo = p.bar;`, which is disallowed + * by default as a heuristic. + */ +predicate allowParameterReturnInSelf(ParameterNode p) { +} + +class LambdaCallKind = Unit; + +/** Holds if `creation` is an expression that creates a lambda of kind `kind` for `c`. */ +predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c) { + creation.(DataFlow::FunctionNode).getFunction() = c.asSourceCallable() and exists(kind) +} + +/** Holds if `call` is a lambda call of kind `kind` where `receiver` is the lambda expression. */ +predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { + receiver = call.asOrdinaryCall().getCalleeNode() and exists(kind) +} + +/** Extra data-flow steps needed for lambda flow analysis. */ +predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { none() } + +class ArgumentNode extends DataFlow::Node { + ArgumentNode() { isArgumentNodeImpl(this, _, _) } + + predicate argumentOf(DataFlowCall call, ArgumentPosition pos) { + isArgumentNodeImpl(this, call, pos) + } +} + +class ParameterNode extends DataFlow::Node { + ParameterNode() { isParameterNodeImpl(this, _, _) } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll new file mode 100644 index 000000000000..42c06d318f08 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll @@ -0,0 +1,25 @@ +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowPrivate +private import semmle.javascript.dataflow.internal.Contents::Public + +cached +predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { +} + +/** + * Holds if `node` should be a sanitizer in all global taint flow configurations + * but not in local taint. + */ +cached +predicate defaultTaintSanitizer(DataFlow::Node node) { + node instanceof DataFlow::VarAccessBarrier or +} +/** + * Holds if default taint-tracking should allow implicit reads + * of `c` at sinks and inputs to additional taint steps. + */ +bindingset[node] +predicate defaultImplicitTaintRead(DataFlow::Node node, ContentSet c) { + exists(node) and + c = ContentSet::promiseValue() +} From f316da78d2dd86e3d99cd4facdd473bc0cf4533f Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 10:25:36 +0200 Subject: [PATCH 010/223] JS: Add FunctionSelfReferenceNode --- .../javascript/dataflow/Configuration.qll | 2 ++ .../semmle/javascript/dataflow/DataFlow.qll | 24 +++++++++++++++++++ .../dataflow/internal/DataFlowNode.qll | 1 + .../dataflow/internal/DataFlowPrivate.qll | 7 ++++++ 4 files changed, 34 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index 414fc3be72ce..d0087dcdca00 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -1888,6 +1888,8 @@ module PathNode { or // Skip captured variable nodes as the successor will be a use of that variable anyway. nd = DataFlow::capturedVariableNode(_) + or + nd instanceof DataFlow::FunctionSelfReferenceNode } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index 11fdc25e6f63..47fb26937cd3 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -1432,6 +1432,30 @@ module DataFlow { override StmtContainer getContainer() { result = this.getTag().getInnerTopLevel() } } + /** + * A node representing the hidden parameter of a function by which a function can refer to itself. + */ + class FunctionSelfReferenceNode extends DataFlow::Node, TFunctionSelfReferenceNode { + private Function function; + + FunctionSelfReferenceNode() { this = TFunctionSelfReferenceNode(function) } + + /** Gets the function. */ + Function getFunction() { result = function } + + override StmtContainer getContainer() { result = function } + + override BasicBlock getBasicBlock() { result = function.getEntryBB() } + + override string toString() { result = "[function self-reference] " + function.toString() } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + function.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } + } + /** * A post-update node whose pre-node corresponds to an expression. See `DataFlow::PostUpdateNode` for more details. */ diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index 8f54d3a34961..bee7b1259b44 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -24,6 +24,7 @@ private module Cached { (kind = "call" or kind = "apply") } or TThisNode(StmtContainer f) { f.(Function).getThisBinder() = f or f instanceof TopLevel } or + TFunctionSelfReferenceNode(Function f) or TDestructuredModuleImportNode(ImportDeclaration decl) { exists(decl.getASpecifier().getImportedName()) } or diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 25d4af88ffac..9a9559e28dbe 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -152,6 +152,8 @@ private predicate isArgumentNodeImpl(Node n, DataFlowCall call, ArgumentPosition n = call.asBoundCall(boundArgs).getArgument(pos.asPositional() - boundArgs) ) or + pos.isFunctionSelfReference() and n = call.asOrdinaryCall().getCalleeNode() + or pos.isThis() and n = TConstructorThisArgumentNode(call.asOrdinaryCall().asExpr()) or // For now, treat all spread argument as flowing into the 'arguments' array, regardless of preceding arguments @@ -348,6 +350,7 @@ newtype TParameterPosition = MkPositionalParameter(int n) { n = [0 .. getMaxArity()] } or MkPositionalLowerBound(int n) { n = [0 .. getMaxArity()] } or MkThisParameter() or + MkFunctionSelfReferenceParameter() or MkArgumentsArrayParameter() class ParameterPosition extends TParameterPosition { @@ -363,6 +366,8 @@ class ParameterPosition extends TParameterPosition { predicate isThis() { this = MkThisParameter() } + predicate isFunctionSelfReference() { this = MkFunctionSelfReferenceParameter() } + predicate isArgumentsArray() { this = MkArgumentsArrayParameter() } string toString() { @@ -372,6 +377,8 @@ class ParameterPosition extends TParameterPosition { or this.isThis() and result = "this" or + this.isFunctionSelfReference() and result = "function" + or this.isArgumentsArray() and result = "arguments-array" } } From 8dc0800526a88c5a03a3758e01d38d813cb39c2e Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 19:51:41 +0200 Subject: [PATCH 011/223] JS: Add the shared FlowSummaryImpl.qll file --- config/identical-files.json | 3 +- .../internal/sharedlib/FlowSummaryImpl.qll | 1491 +++++++++++++++++ 2 files changed, 1493 insertions(+), 1 deletion(-) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll diff --git a/config/identical-files.json b/config/identical-files.json index 144031d5a686..836b4c14f58f 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -53,8 +53,9 @@ "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll", "swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll" ], - "DataFlow Java/C#/Go/Ruby/Python/Swift Flow Summaries": [ + "DataFlow Java/JS/C#/Go/Ruby/Python/Swift Flow Summaries": [ "java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll", + "javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll", "csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll", "go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll", "ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll", diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll new file mode 100644 index 000000000000..0aa17c521b43 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll @@ -0,0 +1,1491 @@ +/** + * Provides classes and predicates for defining flow summaries. + * + * The definitions in this file are language-independent, and language-specific + * definitions are passed in via the `DataFlowImplSpecific` and + * `FlowSummaryImplSpecific` modules. + */ + +private import FlowSummaryImplSpecific +private import DataFlowImplSpecific::Private +private import DataFlowImplSpecific::Public +private import DataFlowImplCommon +private import codeql.util.Unit + +/** Provides classes and predicates for defining flow summaries. */ +module Public { + private import Private + + /** + * A component used in a flow summary. + * + * Either a parameter or an argument at a given position, a specific + * content type, or a return kind. + */ + class SummaryComponent extends TSummaryComponent { + /** Gets a textual representation of this component used for MaD models. */ + string getMadRepresentation() { + result = getMadRepresentationSpecific(this) + or + exists(ArgumentPosition pos | + this = TParameterSummaryComponent(pos) and + result = "Parameter[" + getArgumentPosition(pos) + "]" + ) + or + exists(ParameterPosition pos | + this = TArgumentSummaryComponent(pos) and + result = "Argument[" + getParameterPosition(pos) + "]" + ) + or + exists(string synthetic | + this = TSyntheticGlobalSummaryComponent(synthetic) and + result = "SyntheticGlobal[" + synthetic + "]" + ) + or + this = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" + } + + /** Gets a textual representation of this summary component. */ + string toString() { result = this.getMadRepresentation() } + } + + /** Provides predicates for constructing summary components. */ + module SummaryComponent { + /** Gets a summary component for content `c`. */ + SummaryComponent content(ContentSet c) { result = TContentSummaryComponent(c) } + + /** Gets a summary component where data is not allowed to be stored in `c`. */ + SummaryComponent withoutContent(ContentSet c) { result = TWithoutContentSummaryComponent(c) } + + /** Gets a summary component where data must be stored in `c`. */ + SummaryComponent withContent(ContentSet c) { result = TWithContentSummaryComponent(c) } + + /** Gets a summary component for a parameter at position `pos`. */ + SummaryComponent parameter(ArgumentPosition pos) { result = TParameterSummaryComponent(pos) } + + /** Gets a summary component for an argument at position `pos`. */ + SummaryComponent argument(ParameterPosition pos) { result = TArgumentSummaryComponent(pos) } + + /** Gets a summary component for a return of kind `rk`. */ + SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) } + + /** Gets a summary component for synthetic global `sg`. */ + SummaryComponent syntheticGlobal(SyntheticGlobal sg) { + result = TSyntheticGlobalSummaryComponent(sg) + } + + /** + * A synthetic global. This represents some form of global state, which + * summaries can read and write individually. + */ + abstract class SyntheticGlobal extends string { + bindingset[this] + SyntheticGlobal() { any() } + } + } + + /** + * A (non-empty) stack of summary components. + * + * A stack is used to represent where data is read from (input) or where it + * is written to (output). For example, an input stack `[Field f, Argument 0]` + * means that data is read from field `f` from the `0`th argument, while an + * output stack `[Field g, Return]` means that data is written to the field + * `g` of the returned object. + */ + class SummaryComponentStack extends TSummaryComponentStack { + /** Gets the head of this stack. */ + SummaryComponent head() { + this = TSingletonSummaryComponentStack(result) or + this = TConsSummaryComponentStack(result, _) + } + + /** Gets the tail of this stack, if any. */ + SummaryComponentStack tail() { this = TConsSummaryComponentStack(_, result) } + + /** Gets the length of this stack. */ + int length() { + this = TSingletonSummaryComponentStack(_) and result = 1 + or + result = 1 + this.tail().length() + } + + /** Gets the stack obtained by dropping the first `i` elements, if any. */ + SummaryComponentStack drop(int i) { + i = 0 and result = this + or + result = this.tail().drop(i - 1) + } + + /** Holds if this stack contains summary component `c`. */ + predicate contains(SummaryComponent c) { c = this.drop(_).head() } + + /** Gets the bottom element of this stack. */ + SummaryComponent bottom() { + this = TSingletonSummaryComponentStack(result) or result = this.tail().bottom() + } + + /** Gets a textual representation of this stack used for MaD models. */ + string getMadRepresentation() { + exists(SummaryComponent head, SummaryComponentStack tail | + head = this.head() and + tail = this.tail() and + result = tail.getMadRepresentation() + "." + head.getMadRepresentation() + ) + or + exists(SummaryComponent c | + this = TSingletonSummaryComponentStack(c) and + result = c.getMadRepresentation() + ) + } + + /** Gets a textual representation of this stack. */ + string toString() { result = this.getMadRepresentation() } + } + + /** Provides predicates for constructing stacks of summary components. */ + module SummaryComponentStack { + /** Gets a singleton stack containing `c`. */ + SummaryComponentStack singleton(SummaryComponent c) { + result = TSingletonSummaryComponentStack(c) + } + + /** + * Gets the stack obtained by pushing `head` onto `tail`. + * + * Make sure to override `RequiredSummaryComponentStack::required()` in order + * to ensure that the constructed stack exists. + */ + SummaryComponentStack push(SummaryComponent head, SummaryComponentStack tail) { + result = TConsSummaryComponentStack(head, tail) + } + + /** Gets a singleton stack for an argument at position `pos`. */ + SummaryComponentStack argument(ParameterPosition pos) { + result = singleton(SummaryComponent::argument(pos)) + } + + /** Gets a singleton stack representing a return of kind `rk`. */ + SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) } + } + + /** + * A class that exists for QL technical reasons only (the IPA type used + * to represent component stacks needs to be bounded). + */ + class RequiredSummaryComponentStack extends Unit { + /** + * Holds if the stack obtained by pushing `head` onto `tail` is required. + */ + abstract predicate required(SummaryComponent head, SummaryComponentStack tail); + } + + /** + * Gets the valid model origin values. + */ + private string getValidModelOrigin() { + result = + [ + "ai", // AI (machine learning) + "df", // Dataflow (model generator) + "tb", // Type based (model generator) + "hq", // Heuristic query + ] + } + + /** + * A class used to represent provenance values for MaD models. + * + * The provenance value is a string of the form `origin-verification` + * (or just `manual`), where `origin` is a value indicating the + * origin of the model, and `verification` is a value indicating, how + * the model was verified. + * + * Examples could be: + * - `df-generated`: A model produced by the model generator, but not verified by a human. + * - `ai-manual`: A model produced by AI, but verified by a human. + */ + class Provenance extends string { + private string verification; + + Provenance() { + exists(string origin | origin = getValidModelOrigin() | + this = origin + "-" + verification and + verification = ["manual", "generated"] + ) + or + this = verification and verification = "manual" + } + + /** + * Holds if this is a valid generated provenance value. + */ + predicate isGenerated() { verification = "generated" } + + /** + * Holds if this is a valid manual provenance value. + */ + predicate isManual() { verification = "manual" } + } + + /** A callable with a flow summary. */ + abstract class SummarizedCallable extends SummarizedCallableBase { + bindingset[this] + SummarizedCallable() { any() } + + /** + * Holds if data may flow from `input` to `output` through this callable. + * + * `preservesValue` indicates whether this is a value-preserving step + * or a taint-step. + * + * Input specifications are restricted to stacks that end with + * `SummaryComponent::argument(_)`, preceded by zero or more + * `SummaryComponent::return(_)` or `SummaryComponent::content(_)` components. + * + * Output specifications are restricted to stacks that end with + * `SummaryComponent::return(_)` or `SummaryComponent::argument(_)`. + * + * Output stacks ending with `SummaryComponent::return(_)` can be preceded by zero + * or more `SummaryComponent::content(_)` components. + * + * Output stacks ending with `SummaryComponent::argument(_)` can be preceded by an + * optional `SummaryComponent::parameter(_)` component, which in turn can be preceded + * by zero or more `SummaryComponent::content(_)` components. + */ + pragma[nomagic] + predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + none() + } + + /** + * Holds if there exists a generated summary that applies to this callable. + */ + final predicate hasGeneratedModel() { + exists(Provenance p | p.isGenerated() and this.hasProvenance(p)) + } + + /** + * Holds if all the summaries that apply to this callable are auto generated and not manually created. + * That is, only apply generated models, when there are no manual models. + */ + final predicate applyGeneratedModel() { + this.hasGeneratedModel() and + not this.hasManualModel() + } + + /** + * Holds if there exists a manual summary that applies to this callable. + */ + final predicate hasManualModel() { + exists(Provenance p | p.isManual() and this.hasProvenance(p)) + } + + /** + * Holds if there exists a manual summary that applies to this callable. + * Always apply manual models if they exist. + */ + final predicate applyManualModel() { this.hasManualModel() } + + /** + * Holds if there exists a summary that applies to this callable + * that has provenance `provenance`. + */ + predicate hasProvenance(Provenance provenance) { provenance = "manual" } + } + + /** + * A callable where there is no flow via the callable. + */ + class NeutralSummaryCallable extends NeutralCallable { + NeutralSummaryCallable() { this.getKind() = "summary" } + } + + /** + * A callable that has a neutral model. + */ + class NeutralCallable extends NeutralCallableBase { + private string kind; + private Provenance provenance; + + NeutralCallable() { neutralElement(this, kind, provenance) } + + /** + * Holds if the neutral is auto generated. + */ + final predicate hasGeneratedModel() { provenance.isGenerated() } + + /** + * Holds if there exists a manual neutral that applies to this callable. + */ + final predicate hasManualModel() { provenance.isManual() } + + /** + * Holds if the neutral has provenance `p`. + */ + predicate hasProvenance(Provenance p) { p = provenance } + + /** + * Gets the kind of the neutral. + */ + string getKind() { result = kind } + } +} + +/** + * Provides predicates for compiling flow summaries down to atomic local steps, + * read steps, and store steps. + */ +module Private { + private import Public + import AccessPathSyntax + + newtype TSummaryComponent = + TContentSummaryComponent(ContentSet c) or + TParameterSummaryComponent(ArgumentPosition pos) or + TArgumentSummaryComponent(ParameterPosition pos) or + TReturnSummaryComponent(ReturnKind rk) or + TSyntheticGlobalSummaryComponent(SummaryComponent::SyntheticGlobal sg) or + TWithoutContentSummaryComponent(ContentSet c) or + TWithContentSummaryComponent(ContentSet c) + + private TParameterSummaryComponent callbackSelfParam() { + result = TParameterSummaryComponent(callbackSelfParameterPosition()) + } + + newtype TSummaryComponentStack = + TSingletonSummaryComponentStack(SummaryComponent c) or + TConsSummaryComponentStack(SummaryComponent head, SummaryComponentStack tail) { + any(RequiredSummaryComponentStack x).required(head, tail) + or + any(RequiredSummaryComponentStack x).required(TParameterSummaryComponent(_), tail) and + head = callbackSelfParam() + or + derivedFluentFlowPush(_, _, _, head, tail, _) + } + + pragma[nomagic] + private predicate summary( + SummarizedCallable c, SummaryComponentStack input, SummaryComponentStack output, + boolean preservesValue + ) { + c.propagatesFlow(input, output, preservesValue) + or + // observe side effects of callbacks on input arguments + c.propagatesFlow(output, input, preservesValue) and + preservesValue = true and + isCallbackParameter(input) and + isContentOfArgument(output, _) + or + // flow from the receiver of a callback into the instance-parameter + exists(SummaryComponentStack s, SummaryComponentStack callbackRef | + c.propagatesFlow(s, _, _) or c.propagatesFlow(_, s, _) + | + callbackRef = s.drop(_) and + (isCallbackParameter(callbackRef) or callbackRef.head() = TReturnSummaryComponent(_)) and + input = callbackRef.tail() and + output = TConsSummaryComponentStack(callbackSelfParam(), input) and + preservesValue = true + ) + or + exists(SummaryComponentStack arg, SummaryComponentStack return | + derivedFluentFlow(c, input, arg, return, preservesValue) + | + arg.length() = 1 and + output = return + or + exists(SummaryComponent head, SummaryComponentStack tail | + derivedFluentFlowPush(c, input, arg, head, tail, 0) and + output = SummaryComponentStack::push(head, tail) + ) + ) + or + // Chain together summaries where values get passed into callbacks along the way + exists(SummaryComponentStack mid, boolean preservesValue1, boolean preservesValue2 | + c.propagatesFlow(input, mid, preservesValue1) and + c.propagatesFlow(mid, output, preservesValue2) and + mid.drop(mid.length() - 2) = + SummaryComponentStack::push(TParameterSummaryComponent(_), + SummaryComponentStack::singleton(TArgumentSummaryComponent(_))) and + preservesValue = preservesValue1.booleanAnd(preservesValue2) + ) + } + + /** + * Holds if `c` has a flow summary from `input` to `arg`, where `arg` + * writes to (contents of) arguments at position `pos`, and `c` has a + * value-preserving flow summary from the arguments at position `pos` + * to a return value (`return`). + * + * In such a case, we derive flow from `input` to (contents of) the return + * value. + * + * As an example, this simplifies modeling of fluent methods: + * for `StringBuilder.append(x)` with a specified value flow from qualifier to + * return value and taint flow from argument 0 to the qualifier, then this + * allows us to infer taint flow from argument 0 to the return value. + */ + pragma[nomagic] + private predicate derivedFluentFlow( + SummarizedCallable c, SummaryComponentStack input, SummaryComponentStack arg, + SummaryComponentStack return, boolean preservesValue + ) { + exists(ParameterPosition pos | + summary(c, input, arg, preservesValue) and + isContentOfArgument(arg, pos) and + summary(c, SummaryComponentStack::argument(pos), return, true) and + return.bottom() = TReturnSummaryComponent(_) + ) + } + + pragma[nomagic] + private predicate derivedFluentFlowPush( + SummarizedCallable c, SummaryComponentStack input, SummaryComponentStack arg, + SummaryComponent head, SummaryComponentStack tail, int i + ) { + derivedFluentFlow(c, input, arg, tail, _) and + head = arg.drop(i).head() and + i = arg.length() - 2 + or + exists(SummaryComponent head0, SummaryComponentStack tail0 | + derivedFluentFlowPush(c, input, arg, head0, tail0, i + 1) and + head = arg.drop(i).head() and + tail = SummaryComponentStack::push(head0, tail0) + ) + } + + private predicate isCallbackParameter(SummaryComponentStack s) { + s.head() = TParameterSummaryComponent(_) and exists(s.tail()) + } + + private predicate isContentOfArgument(SummaryComponentStack s, ParameterPosition pos) { + s.head() = TContentSummaryComponent(_) and isContentOfArgument(s.tail(), pos) + or + s = SummaryComponentStack::argument(pos) + } + + private predicate outputState(SummarizedCallable c, SummaryComponentStack s) { + summary(c, _, s, _) + or + exists(SummaryComponentStack out | + outputState(c, out) and + out.head() = TContentSummaryComponent(_) and + s = out.tail() + ) + or + // Add the argument node corresponding to the requested post-update node + inputState(c, s) and isCallbackParameter(s) + } + + private predicate inputState(SummarizedCallable c, SummaryComponentStack s) { + summary(c, s, _, _) + or + exists(SummaryComponentStack inp | inputState(c, inp) and s = inp.tail()) + or + exists(SummaryComponentStack out | + outputState(c, out) and + out.head() = TParameterSummaryComponent(_) and + s = out.tail() + ) + or + // Add the post-update node corresponding to the requested argument node + outputState(c, s) and isCallbackParameter(s) + or + // Add the parameter node for parameter side-effects + outputState(c, s) and s = SummaryComponentStack::argument(_) + } + + private newtype TSummaryNodeState = + TSummaryNodeInputState(SummaryComponentStack s) { inputState(_, s) } or + TSummaryNodeOutputState(SummaryComponentStack s) { outputState(_, s) } + + /** + * A state used to break up (complex) flow summaries into atomic flow steps. + * For a flow summary + * + * ```ql + * propagatesFlow( + * SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + * ) + * ``` + * + * the following states are used: + * + * - `TSummaryNodeInputState(SummaryComponentStack s)`: + * this state represents that the components in `s` _have been read_ from the + * input. + * - `TSummaryNodeOutputState(SummaryComponentStack s)`: + * this state represents that the components in `s` _remain to be written_ to + * the output. + */ + private class SummaryNodeState extends TSummaryNodeState { + /** Holds if this state is a valid input state for `c`. */ + pragma[nomagic] + predicate isInputState(SummarizedCallable c, SummaryComponentStack s) { + this = TSummaryNodeInputState(s) and + inputState(c, s) + } + + /** Holds if this state is a valid output state for `c`. */ + pragma[nomagic] + predicate isOutputState(SummarizedCallable c, SummaryComponentStack s) { + this = TSummaryNodeOutputState(s) and + outputState(c, s) + } + + /** Gets a textual representation of this state. */ + string toString() { + exists(SummaryComponentStack s | + this = TSummaryNodeInputState(s) and + result = "read: " + s + ) + or + exists(SummaryComponentStack s | + this = TSummaryNodeOutputState(s) and + result = "to write: " + s + ) + } + } + + private newtype TSummaryNode = + TSummaryInternalNode(SummarizedCallable c, SummaryNodeState state) { + summaryNodeRange(c, state) + } or + TSummaryParameterNode(SummarizedCallable c, ParameterPosition pos) { + summaryParameterNodeRange(c, pos) + } + + abstract class SummaryNode extends TSummaryNode { + abstract string toString(); + + abstract SummarizedCallable getSummarizedCallable(); + } + + private class SummaryInternalNode extends SummaryNode, TSummaryInternalNode { + private SummarizedCallable c; + private SummaryNodeState state; + + SummaryInternalNode() { this = TSummaryInternalNode(c, state) } + + override string toString() { result = "[summary] " + state + " in " + c } + + override SummarizedCallable getSummarizedCallable() { result = c } + } + + private class SummaryParamNode extends SummaryNode, TSummaryParameterNode { + private SummarizedCallable c; + private ParameterPosition pos; + + SummaryParamNode() { this = TSummaryParameterNode(c, pos) } + + override string toString() { result = "[summary param] " + pos + " in " + c } + + override SummarizedCallable getSummarizedCallable() { result = c } + } + + /** + * Holds if `state` represents having read from a parameter at position + * `pos` in `c`. In this case we are not synthesizing a data-flow node, + * but instead assume that a relevant parameter node already exists. + */ + private predicate parameterReadState( + SummarizedCallable c, SummaryNodeState state, ParameterPosition pos + ) { + state.isInputState(c, SummaryComponentStack::argument(pos)) + } + + /** + * Holds if a synthesized summary node is needed for the state `state` in summarized + * callable `c`. + */ + private predicate summaryNodeRange(SummarizedCallable c, SummaryNodeState state) { + state.isInputState(c, _) and + not parameterReadState(c, state, _) + or + state.isOutputState(c, _) + } + + pragma[noinline] + private SummaryNode summaryNodeInputState(SummarizedCallable c, SummaryComponentStack s) { + exists(SummaryNodeState state | state.isInputState(c, s) | + result = TSummaryInternalNode(c, state) + or + exists(ParameterPosition pos | + parameterReadState(c, state, pos) and + result = TSummaryParameterNode(c, pos) + ) + ) + } + + pragma[noinline] + private SummaryNode summaryNodeOutputState(SummarizedCallable c, SummaryComponentStack s) { + exists(SummaryNodeState state | + state.isOutputState(c, s) and + result = TSummaryInternalNode(c, state) + ) + } + + /** + * Holds if a write targets `post`, which is a post-update node for a + * parameter at position `pos` in `c`. + */ + private predicate isParameterPostUpdate( + SummaryNode post, SummarizedCallable c, ParameterPosition pos + ) { + post = summaryNodeOutputState(c, SummaryComponentStack::argument(pos)) + } + + /** Holds if a parameter node at position `pos` is required for `c`. */ + private predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) { + parameterReadState(c, _, pos) + or + // Same as `isParameterPostUpdate(_, c, pos)`, but can be used in a negative context + any(SummaryNodeState state).isOutputState(c, SummaryComponentStack::argument(pos)) + } + + private predicate callbackOutput( + SummarizedCallable c, SummaryComponentStack s, SummaryNode receiver, ReturnKind rk + ) { + any(SummaryNodeState state).isInputState(c, s) and + s.head() = TReturnSummaryComponent(rk) and + receiver = summaryNodeInputState(c, s.tail()) + } + + private predicate callbackInput( + SummarizedCallable c, SummaryComponentStack s, SummaryNode receiver, ArgumentPosition pos + ) { + any(SummaryNodeState state).isOutputState(c, s) and + s.head() = TParameterSummaryComponent(pos) and + receiver = summaryNodeInputState(c, s.tail()) + } + + /** Holds if a call targeting `receiver` should be synthesized inside `c`. */ + predicate summaryCallbackRange(SummarizedCallable c, SummaryNode receiver) { + callbackOutput(c, _, receiver, _) + or + callbackInput(c, _, receiver, _) + } + + /** + * Gets the type of synthesized summary node `n`. + * + * The type is computed based on the language-specific predicates + * `getContentType()`, `getReturnType()`, `getCallbackParameterType()`, and + * `getCallbackReturnType()`. + */ + DataFlowType summaryNodeType(SummaryNode n) { + exists(SummaryNode pre | + summaryPostUpdateNode(n, pre) and + result = summaryNodeType(pre) + ) + or + exists(SummarizedCallable c, SummaryComponentStack s, SummaryComponent head | head = s.head() | + n = summaryNodeInputState(c, s) and + ( + exists(ContentSet cont | result = getContentType(cont) | + head = TContentSummaryComponent(cont) or + head = TWithContentSummaryComponent(cont) + ) + or + head = TWithoutContentSummaryComponent(_) and + result = summaryNodeType(summaryNodeInputState(c, s.tail())) + or + exists(ReturnKind rk | + head = TReturnSummaryComponent(rk) and + result = + getCallbackReturnType(summaryNodeType(summaryNodeInputState(pragma[only_bind_out](c), + s.tail())), rk) + ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) + or + exists(ParameterPosition pos | + head = TArgumentSummaryComponent(pos) and + result = getParameterType(c, pos) + ) + ) + or + n = summaryNodeOutputState(c, s) and + ( + exists(ContentSet cont | + head = TContentSummaryComponent(cont) and result = getContentType(cont) + ) + or + s.length() = 1 and + exists(ReturnKind rk | + head = TReturnSummaryComponent(rk) and + result = getReturnType(c, rk) + ) + or + exists(ArgumentPosition pos | head = TParameterSummaryComponent(pos) | + result = + getCallbackParameterType(summaryNodeType(summaryNodeInputState(pragma[only_bind_out](c), + s.tail())), pos) + ) + or + exists(SummaryComponent::SyntheticGlobal sg | + head = TSyntheticGlobalSummaryComponent(sg) and + result = getSyntheticGlobalType(sg) + ) + ) + ) + } + + /** Holds if summary node `p` is a parameter with position `pos`. */ + predicate summaryParameterNode(SummaryNode p, ParameterPosition pos) { + p = TSummaryParameterNode(_, pos) + } + + /** Holds if summary node `out` contains output of kind `rk` from call `c`. */ + predicate summaryOutNode(DataFlowCall c, SummaryNode out, ReturnKind rk) { + exists(SummarizedCallable callable, SummaryComponentStack s, SummaryNode receiver | + callbackOutput(callable, s, receiver, rk) and + out = summaryNodeInputState(callable, s) and + c = summaryDataFlowCall(receiver) + ) + } + + /** Holds if summary node `arg` is at position `pos` in the call `c`. */ + predicate summaryArgumentNode(DataFlowCall c, SummaryNode arg, ArgumentPosition pos) { + exists(SummarizedCallable callable, SummaryComponentStack s, SummaryNode receiver | + callbackInput(callable, s, receiver, pos) and + arg = summaryNodeOutputState(callable, s) and + c = summaryDataFlowCall(receiver) + ) + } + + /** Holds if summary node `post` is a post-update node with pre-update node `pre`. */ + predicate summaryPostUpdateNode(SummaryNode post, SummaryNode pre) { + exists(SummarizedCallable c, ParameterPosition pos | + isParameterPostUpdate(post, c, pos) and + pre = TSummaryParameterNode(c, pos) + ) + or + exists(SummarizedCallable callable, SummaryComponentStack s | + callbackInput(callable, s, _, _) and + pre = summaryNodeOutputState(callable, s) and + post = summaryNodeInputState(callable, s) + ) + } + + /** Holds if summary node `ret` is a return node of kind `rk`. */ + predicate summaryReturnNode(SummaryNode ret, ReturnKind rk) { + exists(SummaryComponentStack s | + ret = summaryNodeOutputState(_, s) and + s = TSingletonSummaryComponentStack(TReturnSummaryComponent(rk)) + ) + } + + /** + * Holds if flow is allowed to pass from parameter `p`, to a return + * node, and back out to `p`. + */ + predicate summaryAllowParameterReturnInSelf(ParamNode p) { + exists(SummarizedCallable c, ParameterPosition ppos | + p.isParameterOf(inject(c), pragma[only_bind_into](ppos)) + | + exists(SummaryComponentStack inputContents, SummaryComponentStack outputContents | + summary(c, inputContents, outputContents, _) and + inputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos)) and + outputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos)) + ) + ) + } + + /** Provides a compilation of flow summaries to atomic data-flow steps. */ + module Steps { + /** + * Holds if there is a local step from `pred` to `succ`, which is synthesized + * from a flow summary. + */ + predicate summaryLocalStep(SummaryNode pred, SummaryNode succ, boolean preservesValue) { + exists( + SummarizedCallable c, SummaryComponentStack inputContents, + SummaryComponentStack outputContents + | + summary(c, inputContents, outputContents, preservesValue) and + pred = summaryNodeInputState(c, inputContents) and + succ = summaryNodeOutputState(c, outputContents) + | + preservesValue = true + or + preservesValue = false and not summary(c, inputContents, outputContents, true) + ) + or + exists(SummarizedCallable c, SummaryComponentStack s | + pred = summaryNodeInputState(c, s.tail()) and + succ = summaryNodeInputState(c, s) and + s.head() = [SummaryComponent::withContent(_), SummaryComponent::withoutContent(_)] and + preservesValue = true + ) + } + + /** + * Holds if there is a read step of content `c` from `pred` to `succ`, which + * is synthesized from a flow summary. + */ + predicate summaryReadStep(SummaryNode pred, ContentSet c, SummaryNode succ) { + exists(SummarizedCallable sc, SummaryComponentStack s | + pred = summaryNodeInputState(sc, s.tail()) and + succ = summaryNodeInputState(sc, s) and + SummaryComponent::content(c) = s.head() + ) + } + + /** + * Holds if there is a store step of content `c` from `pred` to `succ`, which + * is synthesized from a flow summary. + */ + predicate summaryStoreStep(SummaryNode pred, ContentSet c, SummaryNode succ) { + exists(SummarizedCallable sc, SummaryComponentStack s | + pred = summaryNodeOutputState(sc, s) and + succ = summaryNodeOutputState(sc, s.tail()) and + SummaryComponent::content(c) = s.head() + ) + } + + /** + * Holds if there is a jump step from `pred` to `succ`, which is synthesized + * from a flow summary. + */ + predicate summaryJumpStep(SummaryNode pred, SummaryNode succ) { + exists(SummaryComponentStack s | + s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and + pred = summaryNodeOutputState(_, s) and + succ = summaryNodeInputState(_, s) + ) + } + + /** + * Holds if values stored inside content `c` are cleared at `n`. `n` is a + * synthesized summary node, so in order for values to be cleared at calls + * to the relevant method, it is important that flow does not pass over + * the argument, either via use-use flow or def-use flow. + * + * Example: + * + * ``` + * a.b = taint; + * a.clearB(); // assume we have a flow summary for `clearB` that clears `b` on the qualifier + * sink(a.b); + * ``` + * + * In the above, flow should not pass from `a` on the first line (or the second + * line) to `a` on the third line. Instead, there will be synthesized flow from + * `a` on line 2 to the post-update node for `a` on that line (via an intermediate + * node where field `b` is cleared). + */ + predicate summaryClearsContent(SummaryNode n, ContentSet c) { + exists(SummarizedCallable sc, SummaryNodeState state, SummaryComponentStack stack | + n = TSummaryInternalNode(sc, state) and + state.isInputState(sc, stack) and + stack.head() = SummaryComponent::withoutContent(c) + ) + } + + /** + * Holds if the value that is being tracked is expected to be stored inside + * content `c` at `n`. + */ + predicate summaryExpectsContent(SummaryNode n, ContentSet c) { + exists(SummarizedCallable sc, SummaryNodeState state, SummaryComponentStack stack | + n = TSummaryInternalNode(sc, state) and + state.isInputState(sc, stack) and + stack.head() = SummaryComponent::withContent(c) + ) + } + + pragma[noinline] + private predicate viableParam( + DataFlowCall call, SummarizedCallable sc, ParameterPosition ppos, SummaryParamNode p + ) { + exists(DataFlowCallable c | + c = inject(sc) and + p = TSummaryParameterNode(sc, ppos) and + c = viableCallable(call) + ) + } + + pragma[nomagic] + private SummaryParamNode summaryArgParam(DataFlowCall call, ArgNode arg, SummarizedCallable sc) { + exists(ParameterPosition ppos | + argumentPositionMatch(call, arg, ppos) and + viableParam(call, sc, ppos, result) + ) + } + + /** + * Holds if `p` can reach `n` in a summarized callable, using only value-preserving + * local steps. `clearsOrExpects` records whether any node on the path from `p` to + * `n` either clears or expects contents. + */ + private predicate paramReachesLocal(SummaryParamNode p, SummaryNode n, boolean clearsOrExpects) { + viableParam(_, _, _, p) and + n = p and + clearsOrExpects = false + or + exists(SummaryNode mid, boolean clearsOrExpectsMid | + paramReachesLocal(p, mid, clearsOrExpectsMid) and + summaryLocalStep(mid, n, true) and + if + summaryClearsContent(n, _) or + summaryExpectsContent(n, _) + then clearsOrExpects = true + else clearsOrExpects = clearsOrExpectsMid + ) + } + + /** + * Holds if use-use flow starting from `arg` should be prohibited. + * + * This is the case when `arg` is the argument of a call that targets a + * flow summary where the corresponding parameter either clears contents + * or expects contents. + */ + pragma[nomagic] + predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) { + exists(SummaryParamNode p, ParameterPosition ppos, SummaryNode ret | + paramReachesLocal(p, ret, true) and + p = summaryArgParam(_, arg, sc) and + p = TSummaryParameterNode(_, pragma[only_bind_into](ppos)) and + isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos)) + ) + } + + pragma[nomagic] + private predicate summaryReturnNodeExt(SummaryNode ret, ReturnKindExt rk) { + summaryReturnNode(ret, rk.(ValueReturnKind).getKind()) + or + exists(SummaryParamNode p, SummaryNode pre, ParameterPosition pos | + paramReachesLocal(p, pre, _) and + summaryPostUpdateNode(ret, pre) and + p = TSummaryParameterNode(_, pos) and + rk.(ParamUpdateReturnKind).getPosition() = pos + ) + } + + bindingset[ret] + private SummaryParamNode summaryArgParamRetOut( + ArgNode arg, SummaryNode ret, OutNodeExt out, SummarizedCallable sc + ) { + exists(DataFlowCall call, ReturnKindExt rk | + result = summaryArgParam(call, arg, sc) and + summaryReturnNodeExt(ret, pragma[only_bind_into](rk)) and + out = pragma[only_bind_into](rk).getAnOutNode(call) + ) + } + + /** + * Holds if `arg` flows to `out` using a simple value-preserving flow + * summary, that is, a flow summary without reads and stores. + * + * NOTE: This step should not be used in global data-flow/taint-tracking, but may + * be useful to include in the exposed local data-flow/taint-tracking relations. + */ + predicate summaryThroughStepValue(ArgNode arg, Node out, SummarizedCallable sc) { + exists(ReturnKind rk, SummaryNode ret, DataFlowCall call | + summaryLocalStep(summaryArgParam(call, arg, sc), ret, true) and + summaryReturnNode(ret, pragma[only_bind_into](rk)) and + out = getAnOutNode(call, pragma[only_bind_into](rk)) + ) + } + + /** + * Holds if `arg` flows to `out` using a simple flow summary involving taint + * step, that is, a flow summary without reads and stores. + * + * NOTE: This step should not be used in global data-flow/taint-tracking, but may + * be useful to include in the exposed local data-flow/taint-tracking relations. + */ + predicate summaryThroughStepTaint(ArgNode arg, Node out, SummarizedCallable sc) { + exists(SummaryNode ret | + summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), ret, false) + ) + } + + /** + * Holds if there is a read(+taint) of `c` from `arg` to `out` using a + * flow summary. + * + * NOTE: This step should not be used in global data-flow/taint-tracking, but may + * be useful to include in the exposed local data-flow/taint-tracking relations. + */ + predicate summaryGetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) { + exists(SummaryNode mid, SummaryNode ret | + summaryReadStep(summaryArgParamRetOut(arg, ret, out, sc), c, mid) and + summaryLocalStep(mid, ret, _) + ) + } + + /** + * Holds if there is a (taint+)store of `arg` into content `c` of `out` using a + * flow summary. + * + * NOTE: This step should not be used in global data-flow/taint-tracking, but may + * be useful to include in the exposed local data-flow/taint-tracking relations. + */ + predicate summarySetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) { + exists(SummaryNode mid, SummaryNode ret | + summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), mid, _) and + summaryStoreStep(mid, c, ret) + ) + } + } + + /** + * Provides a means of translating externally (e.g., MaD) defined flow + * summaries into a `SummarizedCallable`s. + */ + module External { + /** Holds if `spec` is a relevant external specification. */ + private predicate relevantSpec(string spec) { + summaryElement(_, spec, _, _, _) or + summaryElement(_, _, spec, _, _) or + sourceElement(_, spec, _, _) or + sinkElement(_, spec, _, _) + } + + private class AccessPathRange extends AccessPath::Range { + AccessPathRange() { relevantSpec(this) } + } + + /** Holds if specification component `token` parses as parameter `pos`. */ + predicate parseParam(AccessPathToken token, ArgumentPosition pos) { + token.getName() = "Parameter" and + pos = parseParamBody(token.getAnArgument()) + } + + /** Holds if specification component `token` parses as argument `pos`. */ + predicate parseArg(AccessPathToken token, ParameterPosition pos) { + token.getName() = "Argument" and + pos = parseArgBody(token.getAnArgument()) + } + + /** Holds if specification component `token` parses as synthetic global `sg`. */ + predicate parseSynthGlobal(AccessPathToken token, string sg) { + token.getName() = "SyntheticGlobal" and + sg = token.getAnArgument() + } + + private class SyntheticGlobalFromAccessPath extends SummaryComponent::SyntheticGlobal { + SyntheticGlobalFromAccessPath() { parseSynthGlobal(_, this) } + } + + private SummaryComponent interpretComponent(AccessPathToken token) { + exists(ParameterPosition pos | + parseArg(token, pos) and result = SummaryComponent::argument(pos) + ) + or + exists(ArgumentPosition pos | + parseParam(token, pos) and result = SummaryComponent::parameter(pos) + ) + or + token = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind()) + or + exists(string sg | + parseSynthGlobal(token, sg) and result = SummaryComponent::syntheticGlobal(sg) + ) + or + result = interpretComponentSpecific(token) + } + + /** + * Holds if `spec` specifies summary component stack `stack`. + */ + predicate interpretSpec(AccessPath spec, SummaryComponentStack stack) { + interpretSpec(spec, spec.getNumToken(), stack) + } + + /** Holds if the first `n` tokens of `spec` resolves to `stack`. */ + private predicate interpretSpec(AccessPath spec, int n, SummaryComponentStack stack) { + n = 1 and + stack = SummaryComponentStack::singleton(interpretComponent(spec.getToken(0))) + or + exists(SummaryComponent head, SummaryComponentStack tail | + interpretSpec(spec, n, head, tail) and + stack = SummaryComponentStack::push(head, tail) + ) + } + + /** Holds if the first `n` tokens of `spec` resolves to `head` followed by `tail` */ + private predicate interpretSpec( + AccessPath spec, int n, SummaryComponent head, SummaryComponentStack tail + ) { + interpretSpec(spec, n - 1, tail) and + head = interpretComponent(spec.getToken(n - 1)) + } + + private class MkStack extends RequiredSummaryComponentStack { + override predicate required(SummaryComponent head, SummaryComponentStack tail) { + interpretSpec(_, _, head, tail) + } + } + + private class SummarizedCallableExternal extends SummarizedCallable { + SummarizedCallableExternal() { summaryElement(this, _, _, _, _) } + + private predicate relevantSummaryElementGenerated( + AccessPath inSpec, AccessPath outSpec, string kind + ) { + exists(Provenance provenance | + provenance.isGenerated() and + summaryElement(this, inSpec, outSpec, kind, provenance) + ) and + not this.applyManualModel() + } + + private predicate relevantSummaryElement(AccessPath inSpec, AccessPath outSpec, string kind) { + exists(Provenance provenance | + provenance.isManual() and + summaryElement(this, inSpec, outSpec, kind, provenance) + ) + or + this.relevantSummaryElementGenerated(inSpec, outSpec, kind) + } + + override predicate propagatesFlow( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + exists(AccessPath inSpec, AccessPath outSpec, string kind | + this.relevantSummaryElement(inSpec, outSpec, kind) and + interpretSpec(inSpec, input) and + interpretSpec(outSpec, output) + | + kind = "value" and preservesValue = true + or + kind = "taint" and preservesValue = false + ) + } + + override predicate hasProvenance(Provenance provenance) { + summaryElement(this, _, _, _, provenance) + } + } + + /** Holds if component `c` of specification `spec` cannot be parsed. */ + predicate invalidSpecComponent(AccessPath spec, string c) { + c = spec.getToken(_) and + not exists(interpretComponent(c)) + } + + /** Holds if `provenance` is not a valid provenance value. */ + bindingset[provenance] + predicate invalidProvenance(string provenance) { not provenance instanceof Provenance } + + /** + * Holds if token `part` of specification `spec` has an invalid index. + * E.g., `Argument[-1]`. + */ + predicate invalidIndexComponent(AccessPath spec, AccessPathToken part) { + part = spec.getToken(_) and + part.getName() = ["Parameter", "Argument"] and + AccessPath::parseInt(part.getArgumentList()) < 0 + } + + private predicate inputNeedsReference(AccessPathToken c) { + c.getName() = "Argument" or + inputNeedsReferenceSpecific(c) + } + + private predicate outputNeedsReference(AccessPathToken c) { + c.getName() = ["Argument", "ReturnValue"] or + outputNeedsReferenceSpecific(c) + } + + private predicate sourceElementRef(InterpretNode ref, AccessPath output, string kind) { + exists(SourceOrSinkElement e | + sourceElement(e, output, kind, _) and + if outputNeedsReference(output.getToken(0)) + then e = ref.getCallTarget() + else e = ref.asElement() + ) + } + + private predicate sinkElementRef(InterpretNode ref, AccessPath input, string kind) { + exists(SourceOrSinkElement e | + sinkElement(e, input, kind, _) and + if inputNeedsReference(input.getToken(0)) + then e = ref.getCallTarget() + else e = ref.asElement() + ) + } + + /** Holds if the first `n` tokens of `output` resolve to the given interpretation. */ + private predicate interpretOutput( + AccessPath output, int n, InterpretNode ref, InterpretNode node + ) { + sourceElementRef(ref, output, _) and + n = 0 and + ( + if output = "" + then + // Allow language-specific interpretation of the empty access path + interpretOutputSpecific("", ref, node) + else node = ref + ) + or + exists(InterpretNode mid, AccessPathToken c | + interpretOutput(output, n - 1, ref, mid) and + c = output.getToken(n - 1) + | + exists(ArgumentPosition apos, ParameterPosition ppos | + node.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(mid.asCall(), apos) and + parameterMatch(ppos, apos) + | + c = "Argument" or parseArg(c, ppos) + ) + or + exists(ArgumentPosition apos, ParameterPosition ppos | + node.asNode().(ParamNode).isParameterOf(mid.asCallable(), ppos) and + parameterMatch(ppos, apos) + | + c = "Parameter" or parseParam(c, apos) + ) + or + c = "ReturnValue" and + node.asNode() = getAnOutNodeExt(mid.asCall(), TValueReturn(getReturnValueKind())) + or + interpretOutputSpecific(c, mid, node) + ) + } + + /** Holds if the first `n` tokens of `input` resolve to the given interpretation. */ + private predicate interpretInput(AccessPath input, int n, InterpretNode ref, InterpretNode node) { + sinkElementRef(ref, input, _) and + n = 0 and + ( + if input = "" + then + // Allow language-specific interpretation of the empty access path + interpretInputSpecific("", ref, node) + else node = ref + ) + or + exists(InterpretNode mid, AccessPathToken c | + interpretInput(input, n - 1, ref, mid) and + c = input.getToken(n - 1) + | + exists(ArgumentPosition apos, ParameterPosition ppos | + node.asNode().(ArgNode).argumentOf(mid.asCall(), apos) and + parameterMatch(ppos, apos) + | + c = "Argument" or parseArg(c, ppos) + ) + or + exists(ReturnNodeExt ret | + c = "ReturnValue" and + ret = node.asNode() and + ret.getKind().(ValueReturnKind).getKind() = getReturnValueKind() and + mid.asCallable() = getNodeEnclosingCallable(ret) + ) + or + interpretInputSpecific(c, mid, node) + ) + } + + /** + * Holds if `node` is specified as a source with the given kind in a MaD flow + * model. + */ + predicate isSourceNode(InterpretNode node, string kind) { + exists(InterpretNode ref, AccessPath output | + sourceElementRef(ref, output, kind) and + interpretOutput(output, output.getNumToken(), ref, node) + ) + } + + /** + * Holds if `node` is specified as a sink with the given kind in a MaD flow + * model. + */ + predicate isSinkNode(InterpretNode node, string kind) { + exists(InterpretNode ref, AccessPath input | + sinkElementRef(ref, input, kind) and + interpretInput(input, input.getNumToken(), ref, node) + ) + } + } + + /** Provides a query predicate for outputting a set of relevant flow summaries. */ + module TestOutput { + /** A flow summary to include in the `summary/1` query predicate. */ + abstract class RelevantSummarizedCallable instanceof SummarizedCallable { + /** Gets the string representation of this callable used by `summary/1`. */ + abstract string getCallableCsv(); + + /** Holds if flow is propagated between `input` and `output`. */ + predicate relevantSummary( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + super.propagatesFlow(input, output, preservesValue) + } + + string toString() { result = super.toString() } + } + + /** A model to include in the `neutral/1` query predicate. */ + abstract class RelevantNeutralCallable instanceof NeutralCallable { + /** Gets the string representation of this callable used by `neutral/1`. */ + abstract string getCallableCsv(); + + /** + * Gets the kind of the neutral. + */ + string getKind() { result = super.getKind() } + + string toString() { result = super.toString() } + } + + /** Render the kind in the format used in flow summaries. */ + private string renderKind(boolean preservesValue) { + preservesValue = true and result = "value" + or + preservesValue = false and result = "taint" + } + + private string renderProvenance(SummarizedCallable c) { + if c.applyManualModel() then result = "manual" else c.hasProvenance(result) + } + + private string renderProvenanceNeutral(NeutralCallable c) { + if c.hasManualModel() then result = "manual" else c.hasProvenance(result) + } + + /** + * A query predicate for outputting flow summaries in semi-colon separated format in QL tests. + * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance", + * ext is hardcoded to empty. + */ + query predicate summary(string csv) { + exists( + RelevantSummarizedCallable c, SummaryComponentStack input, SummaryComponentStack output, + boolean preservesValue + | + c.relevantSummary(input, output, preservesValue) and + csv = + c.getCallableCsv() // Callable information + + input.getMadRepresentation() + ";" // input + + output.getMadRepresentation() + ";" // output + + renderKind(preservesValue) + ";" // kind + + renderProvenance(c) // provenance + ) + } + + /** + * Holds if a neutral model `csv` exists (semi-colon separated format). Used for testing purposes. + * The syntax is: "namespace;type;name;signature;kind;provenance"", + */ + query predicate neutral(string csv) { + exists(RelevantNeutralCallable c | + csv = + c.getCallableCsv() // Callable information + + c.getKind() + ";" // kind + + renderProvenanceNeutral(c) // provenance + ) + } + } + + /** + * Provides query predicates for rendering the generated data flow graph for + * a summarized callable. + * + * Import this module into a `.ql` file of `@kind graph` to render the graph. + * The graph is restricted to callables from `RelevantSummarizedCallable`. + */ + module RenderSummarizedCallable { + /** A summarized callable to include in the graph. */ + abstract class RelevantSummarizedCallable instanceof SummarizedCallable { + string toString() { result = super.toString() } + } + + private newtype TNodeOrCall = + MkNode(SummaryNode n) { + exists(RelevantSummarizedCallable c | + n = TSummaryInternalNode(c, _) + or + n = TSummaryParameterNode(c, _) + ) + } or + MkCall(DataFlowCall call) { + call = summaryDataFlowCall(_) and + call.getEnclosingCallable() = inject(any(RelevantSummarizedCallable c)) + } + + private class NodeOrCall extends TNodeOrCall { + SummaryNode asNode() { this = MkNode(result) } + + DataFlowCall asCall() { this = MkCall(result) } + + string toString() { + result = this.asNode().toString() + or + result = this.asCall().toString() + } + + /** + * Holds if this element is at the specified location. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `filepath`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ + predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + filepath = "" and + startline = 0 and + startcolumn = 0 and + endline = 0 and + endcolumn = 0 + } + } + + query predicate nodes(NodeOrCall n, string key, string val) { + key = "semmle.label" and val = n.toString() + } + + private predicate edgesComponent(NodeOrCall a, NodeOrCall b, string value) { + exists(boolean preservesValue | + Private::Steps::summaryLocalStep(a.asNode(), b.asNode(), preservesValue) and + if preservesValue = true then value = "value" else value = "taint" + ) + or + exists(ContentSet c | + Private::Steps::summaryReadStep(a.asNode(), c, b.asNode()) and + value = "read (" + c + ")" + or + Private::Steps::summaryStoreStep(a.asNode(), c, b.asNode()) and + value = "store (" + c + ")" + or + Private::Steps::summaryClearsContent(a.asNode(), c) and + b = a and + value = "clear (" + c + ")" + or + Private::Steps::summaryExpectsContent(a.asNode(), c) and + b = a and + value = "expect (" + c + ")" + ) + or + summaryPostUpdateNode(b.asNode(), a.asNode()) and + value = "post-update" + or + b.asCall() = summaryDataFlowCall(a.asNode()) and + value = "receiver" + or + exists(ArgumentPosition pos | + summaryArgumentNode(b.asCall(), a.asNode(), pos) and + value = "argument (" + pos + ")" + ) + } + + query predicate edges(NodeOrCall a, NodeOrCall b, string key, string value) { + key = "semmle.label" and + value = strictconcat(string s | edgesComponent(a, b, s) | s, " / ") + } + } +} From 60101f5e6a0ad7d4a14ee5226e77286387e857fd Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 19:58:49 +0200 Subject: [PATCH 012/223] JS: Instantiate flow summary library --- .../javascript/dataflow/FlowSummary.qll | 92 +++++ .../dataflow/internal/DataFlowNode.qll | 2 + .../dataflow/internal/DataFlowPrivate.qll | 103 ++++++ .../dataflow/internal/FlowSummaryPrivate.qll | 339 ++++++++++++++++++ .../internal/TaintTrackingPrivate.qll | 3 + .../sharedlib/DataFlowImplSpecific.qll | 12 + .../sharedlib/FlowSummaryImplSpecific.qll | 1 + 7 files changed, 552 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplSpecific.qll create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImplSpecific.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll new file mode 100644 index 000000000000..426f8b758514 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll @@ -0,0 +1,92 @@ +/** Provides classes and predicates for defining flow summaries. */ + +private import javascript +private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as Impl +private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImplSpecific +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +class SummaryComponent = Impl::Public::SummaryComponent; + +/** Provides predicates for constructing summary components. */ +module SummaryComponent { + private import Impl::Public::SummaryComponent as SC + + predicate parameter = SC::parameter/1; + + predicate argument = SC::argument/1; + + predicate content = SC::content/1; + + predicate withoutContent = SC::withoutContent/1; + + predicate withContent = SC::withContent/1; + + class SyntheticGlobal = SC::SyntheticGlobal; + + /** Gets a summary component that represents a receiver. */ + SummaryComponent receiver() { result = argument(MkThisParameter()) } + + /** Gets a summary component that represents the return value of a call. */ + SummaryComponent return() { result = SC::return(MkNormalReturnKind()) } + + /** Gets a summary component that represents the exception thrown from a call. */ + SummaryComponent exceptionalReturn() { result = SC::return(MkExceptionalReturnKind()) } +} + +class SummaryComponentStack = Impl::Public::SummaryComponentStack; + +/** Provides predicates for constructing stacks of summary components. */ +module SummaryComponentStack { + private import Impl::Public::SummaryComponentStack as SCS + + predicate singleton = SCS::singleton/1; + + predicate push = SCS::push/2; + + predicate argument = SCS::argument/1; + + /** Gets a singleton stack representing a receiver. */ + SummaryComponentStack receiver() { result = singleton(SummaryComponent::receiver()) } + + /** Gets a singleton stack representing the return value of a call. */ + SummaryComponentStack return() { result = singleton(SummaryComponent::return()) } + + /** Gets a singleton stack representing the exception thrown from a call. */ + SummaryComponentStack exceptionalReturn() { + result = singleton(SummaryComponent::exceptionalReturn()) + } +} + +/** A callable with a flow summary, identified by a unique string. */ +abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable { + bindingset[this] + SummarizedCallable() { any() } + + /** + * Same as + * + * ```ql + * propagatesFlow( + * SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + * ) + * ``` + * + * but uses an external (string) representation of the input and output stacks. + */ + pragma[nomagic] + predicate propagatesFlowExt(string input, string output, boolean preservesValue) { none() } + + /** + * Gets the synthesized parameter that results from an input specification + * that starts with `Argument[s]` for this library callable. + */ + DataFlow::ParameterNode getParameter(string s) { + exists(ParameterPosition pos | + DataFlowImplCommon::parameterNode(result, MkLibraryCallable(this), pos) and + s = getParameterPosition(pos) + ) + } +} + +class RequiredSummaryComponentStack = Impl::Public::RequiredSummaryComponentStack; diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index bee7b1259b44..22df2f07189b 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -5,6 +5,7 @@ */ private import javascript +private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl cached private module Cached { /** @@ -48,6 +49,7 @@ private module Cached { } or TConstructorThisArgumentNode(InvokeExpr e) { e instanceof NewExpr or e instanceof SuperCall } or TConstructorThisPostUpdate(Constructor ctor) or + TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or } import Cached diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 9a9559e28dbe..fe222b1cf3d5 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -5,11 +5,24 @@ private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps private import semmle.javascript.dataflow.internal.Contents::Private private import semmle.javascript.dataflow.internal.VariableCapture private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon +private import sharedlib.FlowSummaryImpl as FlowSummaryImpl private class Node = DataFlow::Node; class PostUpdateNode = DataFlow::PostUpdateNode; +class FlowSummaryNode extends DataFlow::Node, TFlowSummaryNode { + FlowSummaryImpl::Private::SummaryNode getSummaryNode() { this = TFlowSummaryNode(result) } + + /** Gets the summarized callable that this node belongs to. */ + FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() { + result = this.getSummaryNode().getSummarizedCallable() + } + + cached + override string toString() { result = this.getSummaryNode().toString() } +} + cached newtype TReturnKind = MkNormalReturnKind() or @@ -33,6 +46,8 @@ private predicate returnNodeImpl(DataFlow::Node node, ReturnKind kind) { // See the models for AsyncAwait and Generator. not fun.isAsyncOrGenerator() ) + or + FlowSummaryImpl::Private::summaryReturnNode(node.(FlowSummaryNode).getSummaryNode(), kind) } private DataFlow::Node getAnOutNodeImpl(DataFlowCall call, ReturnKind kind) { @@ -45,6 +60,8 @@ private DataFlow::Node getAnOutNodeImpl(DataFlowCall call, ReturnKind kind) { kind = MkExceptionalReturnKind() and result = call.asBoundCall(_).getExceptionalReturn() or kind = MkNormalReturnKind() and result = call.asAccessorCall().(DataFlow::PropRead) + or + FlowSummaryImpl::Private::summaryOutNode(call, result.(FlowSummaryNode).getSummaryNode(), kind) } class ReturnNode extends DataFlow::Node { @@ -86,6 +103,9 @@ predicate postUpdatePair(Node pre, Node post) { pre = TThisNode(constructor) and post = TConstructorThisPostUpdate(constructor) ) + or + FlowSummaryImpl::Private::summaryPostUpdateNode(post.(FlowSummaryNode).getSummaryNode(), + pre.(FlowSummaryNode).getSummaryNode()) } class CastNode extends DataFlow::Node instanceof EmptyType { } @@ -93,6 +113,7 @@ class CastNode extends DataFlow::Node instanceof EmptyType { } cached newtype TDataFlowCallable = MkSourceCallable(StmtContainer container) or + MkLibraryCallable(LibraryCallable callable) /** * A callable entity. This is a wrapper around either a `StmtContainer` or a `LibraryCallable`. @@ -122,6 +143,18 @@ class DataFlowCallable extends TDataFlowCallable { LibraryCallable asLibraryCallable() { this = MkLibraryCallable(result) } } +/** A callable defined in library code, identified by a unique string. */ +abstract class LibraryCallable extends string { + bindingset[this] + LibraryCallable() { any() } + + /** Gets a call to this library callable. */ + DataFlow::InvokeNode getACall() { none() } + + /** Same as `getACall()` except this does not depend on the call graph or API graph. */ + DataFlow::InvokeNode getACallSimple() { none() } +} + private predicate isParameterNodeImpl(Node p, DataFlowCallable c, ParameterPosition pos) { p = c.asSourceCallable().(Function).getParameter(pos.asPositional()).flow() or @@ -130,6 +163,12 @@ private predicate isParameterNodeImpl(Node p, DataFlowCallable c, ParameterPosit pos.isFunctionSelfReference() and p = TFunctionSelfReferenceNode(c.asSourceCallable()) or pos.isArgumentsArray() and p = TReflectiveParametersNode(c.asSourceCallable()) + or + exists(FlowSummaryNode summaryNode | + summaryNode = p and + FlowSummaryImpl::Private::summaryParameterNode(summaryNode.getSummaryNode(), pos) and + c.asLibraryCallable() = summaryNode.getSummarizedCallable() + ) } predicate isParameterNode(ParameterNode p, DataFlowCallable c, ParameterPosition pos) { @@ -165,6 +204,8 @@ private predicate isArgumentNodeImpl(Node n, DataFlowCall call, ArgumentPosition or // argument to setter (TODO: this has no post-update node) pos.asPositional() = 0 and n = call.asAccessorCall().(DataFlow::PropWrite).getRhs() + or + FlowSummaryImpl::Private::summaryArgumentNode(call, n.(FlowSummaryNode).getSummaryNode(), pos) } predicate isArgumentNode(ArgumentNode n, DataFlowCall call, ArgumentPosition pos) { @@ -173,6 +214,10 @@ predicate isArgumentNode(ArgumentNode n, DataFlowCall call, ArgumentPosition pos DataFlowCallable nodeGetEnclosingCallable(Node node) { result.asSourceCallable() = node.getContainer() + or + result.asLibraryCallable() = node.(FlowSummaryNode).getSummarizedCallable() + or + result.asLibraryCallable() = node.(FlowSummaryIntermediateAwaitStoreNode).getSummarizedCallable() } private newtype TDataFlowType = @@ -189,6 +234,8 @@ DataFlowType getNodeType(Node node) { result = TTodoDataFlowType() and exists(no predicate nodeIsHidden(Node node) { DataFlow::PathNode::shouldNodeBeHidden(node) + or + node instanceof FlowSummaryNode } predicate neverSkipInPathGraph(Node node) { @@ -232,6 +279,11 @@ private newtype TDataFlowCall = node = TValueNode(any(PropAccess p)) or node = TPropNode(any(PropertyPattern p)) } or + MkSummaryCall( + FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver + ) { + FlowSummaryImpl::Private::summaryCallbackRange(c, receiver) + } class DataFlowCall extends TDataFlowCall { DataFlowCallable getEnclosingCallable() { none() } // Overridden in subclass @@ -246,6 +298,13 @@ class DataFlowCall extends TDataFlowCall { DataFlow::InvokeNode asBoundCall(int boundArgs) { this = MkBoundCall(result, boundArgs) } + + predicate isSummaryCall( + FlowSummaryImpl::Public::SummarizedCallable enclosingCallable, + FlowSummaryImpl::Private::SummaryNode receiver + ) { + this = MkSummaryCall(enclosingCallable, receiver) + } predicate hasLocationInfo( string filepath, int startline, int startcolumn, int endline, int endcolumn ) { @@ -334,6 +393,23 @@ private class AccessorCall extends DataFlowCall, MkAccessorCall { ref.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) } } +class SummaryCall extends DataFlowCall, MkSummaryCall { + private FlowSummaryImpl::Public::SummarizedCallable enclosingCallable; + private FlowSummaryImpl::Private::SummaryNode receiver; + + SummaryCall() { this = MkSummaryCall(enclosingCallable, receiver) } + + override DataFlowCallable getEnclosingCallable() { + result.asLibraryCallable() = enclosingCallable + } + + override string toString() { + result = "[summary] call to " + receiver + " in " + enclosingCallable + } + + /** Gets the receiver node. */ + FlowSummaryImpl::Private::SummaryNode getReceiver() { result = receiver } +} private int getMaxArity() { // TODO: account for flow summaries @@ -416,6 +492,11 @@ DataFlowCallable viableCallable(DataFlowCall node) { ) or result.asSourceCallableNotExterns() = node.asAccessorCall().getAnAccessorCallee().getFunction() + or + exists(LibraryCallable callable | + result = MkLibraryCallable(callable) and + node.asOrdinaryCall() = [callable.getACall(), callable.getACallSimple()] + ) } /** @@ -455,6 +536,9 @@ private predicate valuePreservingStep(Node node1, Node node2) { or node2 = FlowSteps::getThrowTarget(node1) or + FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), + node2.(FlowSummaryNode).getSummaryNode(), true) + or // Step from post-update nodes to local sources of the pre-update node. This emulates how JS usually tracks side effects. exists(PostUpdateNode postUpdate | node1 = postUpdate and @@ -480,6 +564,9 @@ predicate localMustFlowStep(Node node1, Node node2) { node1 = node2.getImmediate predicate jumpStep(Node node1, Node node2) { valuePreservingStep(node1, node2) and node1.getContainer() != node2.getContainer() + or + FlowSummaryImpl::Private::Steps::summaryJumpStep(node1.(FlowSummaryNode).getSummaryNode(), + node2.(FlowSummaryNode).getSummaryNode()) } /** @@ -497,6 +584,13 @@ predicate readStep(Node node1, ContentSet c, Node node2) { not exists(read.getPropertyName()) and c = ContentSet::arrayElement() ) + or + exists(ContentSet contentSet | + FlowSummaryImpl::Private::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), + contentSet, node2.(FlowSummaryNode).getSummaryNode()) + | + c = contentSet + ) } /** Gets the post-update node for which `node` is the corresponding pre-update node. */ @@ -523,6 +617,10 @@ predicate storeStep(Node node1, ContentSet c, Node node2) { // Target the post-update node if one exists (for object literals we do not generate post-update nodes) node2 = tryGetPostUpdate(write.getBase()) ) + or + FlowSummaryImpl::Private::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), c, + node2.(FlowSummaryNode).getSummaryNode()) and + ) } /** @@ -531,6 +629,7 @@ predicate storeStep(Node node1, ContentSet c, Node node2) { * in `x.f = newValue`. */ predicate clearsContent(Node n, ContentSet c) { + FlowSummaryImpl::Private::Steps::summaryClearsContent(n.(FlowSummaryNode).getSummaryNode(), c) } /** @@ -538,6 +637,7 @@ predicate clearsContent(Node n, ContentSet c) { * at node `n`. */ predicate expectsContent(Node n, ContentSet c) { + FlowSummaryImpl::Private::Steps::summaryExpectsContent(n.(FlowSummaryNode).getSummaryNode(), c) } /** @@ -557,6 +657,7 @@ int accessPathLimit() { result = 5 } * by default as a heuristic. */ predicate allowParameterReturnInSelf(ParameterNode p) { + FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(p) } class LambdaCallKind = Unit; @@ -568,6 +669,8 @@ predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c) /** Holds if `call` is a lambda call of kind `kind` where `receiver` is the lambda expression. */ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { + call.isSummaryCall(_, receiver.(FlowSummaryNode).getSummaryNode()) and exists(kind) + or receiver = call.asOrdinaryCall().getCalleeNode() and exists(kind) } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll new file mode 100644 index 000000000000..71c794862251 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -0,0 +1,339 @@ +/** + * Provides JS specific classes and predicates for defining flow summaries. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowPrivate +private import semmle.javascript.dataflow.internal.Contents::Private +private import semmle.javascript.dataflow.FlowSummary as FlowSummary +private import sharedlib.DataFlowImplCommon +private import sharedlib.FlowSummaryImpl::Private as Private +private import sharedlib.FlowSummaryImpl::Public +import semmle.javascript.frameworks.data.internal.AccessPathSyntax as AccessPathSyntax + +private class Node = DataFlow::Node; + +/** + * A class of callables that are candidates for flow summary modeling. + */ +class SummarizedCallableBase = string; + +/** + * A class of callables that are candidates for neutral modeling. + */ +class NeutralCallableBase = string; + +/** + * Holds if a neutral model exists for `c` of kind `kind` and with provenance `provenance`. + * Note: Neutral models have not been implemented for Javascript. + */ +predicate neutralElement(NeutralCallableBase c, string kind, string provenance) { none() } + +DataFlowCallable inject(SummarizedCallable c) { result.asLibraryCallable() = c } + +/** Gets the parameter position representing a callback itself, if any. */ +ArgumentPosition callbackSelfParameterPosition() { result.isFunctionSelfReference() } + +/** Gets the synthesized data-flow call for `receiver`. */ +SummaryCall summaryDataFlowCall(Private::SummaryNode receiver) { receiver = result.getReceiver() } + +/** Gets the type of content `c`. */ +DataFlowType getContentType(ContentSet c) { any() } + +/** Gets the type of the parameter at the given position. */ +bindingset[c, pos] +DataFlowType getParameterType(SummarizedCallable c, ParameterPosition pos) { any() } + +/** Gets the return type of kind `rk` for callable `c`. */ +bindingset[c, rk] +DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) { any() } + +/** + * Gets the type of the `i`th parameter in a synthesized call that targets a + * callback of type `t`. + */ +bindingset[t, pos] +DataFlowType getCallbackParameterType(DataFlowType t, ArgumentPosition pos) { any() } + +/** + * Gets the return type of kind `rk` in a synthesized call that targets a + * callback of type `t`. + */ +DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { any() } + +/** Gets the type of synthetic global `sg`. */ +DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { any() } + +/** + * Holds if an external flow summary exists for `c` with input specification + * `input`, output specification `output`, kind `kind`, and provenance `provenance`. + */ +predicate summaryElement( + FlowSummary::SummarizedCallable c, string input, string output, string kind, string provenance +) { + exists(boolean preservesValue | + c.propagatesFlowExt(input, output, preservesValue) and + (if preservesValue = true then kind = "value" else kind = "taint") and + provenance = "manual" + ) +} + +/** + * Holds if a neutral summary model exists for `c` with provenance `provenance`, + * which means that there is no flow through `c`. + * Note. Neutral models have not been implemented for JS. + */ +predicate neutralSummaryElement(FlowSummary::SummarizedCallable c, string provenance) { none() } + +pragma[inline] +private SummaryComponent makeContentComponents( + Private::AccessPathToken token, string name, ContentSet contents +) { + token.getName() = name and + result = FlowSummary::SummaryComponent::content(contents) + or + token.getName() = "With" + name and + result = FlowSummary::SummaryComponent::withContent(contents) + or + token.getName() = "Without" + name and + result = FlowSummary::SummaryComponent::withoutContent(contents) +} + +pragma[inline] +private SummaryComponent makePropertyContentComponents( + Private::AccessPathToken token, string name, PropertyName content +) { + result = makeContentComponents(token, name, ContentSet::property(content)) +} + +/** + * Gets the content set corresponding to `Awaited[arg]`. + */ +private ContentSet getPromiseContent(string arg) { + arg = "value" and result = ContentSet::promiseValue() + or + arg = "error" and result = ContentSet::promiseError() +} + +pragma[nomagic] +private predicate positionName(ParameterPosition pos, string operand) { + operand = pos.asPositional().toString() + or + pos.isThis() and operand = "this" + or + pos.isFunctionSelfReference() and operand = "function" + or + pos.isArgumentsArray() and operand = "arguments-array" + or + operand = pos.asPositionalLowerBound() + ".." +} + +/** + * Holds if `operand` desugars to the given `pos`. Only used for parsing. + */ +bindingset[operand] +private predicate desugaredPositionName(ParameterPosition pos, string operand) { + operand = "any" and + pos.asPositionalLowerBound() = 0 + or + pos.asPositional() = AccessPathSyntax::AccessPath::parseInt(operand) // parse closed intervals +} + +bindingset[operand] +private ParameterPosition parsePosition(string operand) { + positionName(result, operand) or desugaredPositionName(result, operand) +} + +/** + * Gets the summary component for specification component `c`, if any. + * + * This covers all the JS-specific components of a flow summary. + */ +SummaryComponent interpretComponentSpecific(Private::AccessPathToken c) { + c.getName() = "Argument" and + result = FlowSummary::SummaryComponent::argument(parsePosition(c.getAnArgument())) + or + c.getName() = "Parameter" and + result = FlowSummary::SummaryComponent::parameter(parsePosition(c.getAnArgument())) + or + result = makePropertyContentComponents(c, "Member", c.getAnArgument()) + or + result = makeContentComponents(c, "Awaited", getPromiseContent(c.getAnArgument())) + or + c.getNumArgument() = 0 and + result = makeContentComponents(c, "ArrayElement", ContentSet::arrayElement()) + or + c.getAnArgument() = "?" and + result = makeContentComponents(c, "ArrayElement", ContentSet::arrayElementUnknown()) + or + exists(int n | + n = c.getAnArgument().toInt() and + result = makeContentComponents(c, "ArrayElement", ContentSet::arrayElementKnown(n)) + or + // ArrayElement[n!] refers to index n, and never the unknown content + c.getAnArgument().regexpCapture("(\\d+)!", 1).toInt() = n and + result = makePropertyContentComponents(c, "ArrayElement", n.toString()) + or + // ArrayElement[n..] refers to index n or greater + n = AccessPathSyntax::AccessPath::parseLowerBound(c.getAnArgument()) and + result = makeContentComponents(c, "ArrayElement", ContentSet::arrayElementLowerBoundFromInt(n)) + ) + or + c.getNumArgument() = 0 and + result = makeContentComponents(c, "SetElement", ContentSet::setElement()) + or + c.getNumArgument() = 0 and + result = makeContentComponents(c, "IteratorElement", ContentSet::iteratorElement()) + or + c.getNumArgument() = 0 and + result = makeContentComponents(c, "IteratorError", ContentSet::iteratorError()) + or + c.getNumArgument() = 0 and + result = makeContentComponents(c, "MapKey", ContentSet::mapKey()) + or + // + // Note: although it is supported internally, we currently do not expose a syntax for MapValue with a known key + // + c.getNumArgument() = 0 and + result = makeContentComponents(c, "MapValue", ContentSet::mapValueAll()) + or + c.getName() = "ReturnValue" and + c.getAnArgument() = "exception" and + result = SummaryComponent::return(MkExceptionalReturnKind()) +} + +private string getMadStringFromContentSetAux(ContentSet cs) { + cs = ContentSet::arrayElement() and + result = "ArrayElement" + or + cs = ContentSet::arrayElementUnknown() and + result = "ArrayElement[?]" + or + exists(int n | + cs = ContentSet::arrayElementLowerBound(n) and + result = "ArrayElement[" + n + "..]" and + n > 0 // n=0 is just 'ArrayElement' + or + cs = ContentSet::arrayElementKnown(n) and + result = "ArrayElement[" + n + "]" + or + n = cs.asPropertyName().toInt() and + n >= 0 and + result = "ArrayElement[" + n + "!]" + ) + or + cs = ContentSet::mapValueAll() and result = "MapValue" + or + cs = ContentSet::mapKey() and result = "MapKey" + or + cs = ContentSet::setElement() and result = "SetElement" + or + cs = ContentSet::iteratorElement() and result = "IteratorElement" + or + cs = ContentSet::iteratorError() and result = "IteratorError" + or + exists(string awaitedArg | + cs = getPromiseContent(awaitedArg) and + result = "Awaited[" + awaitedArg + "]" + ) +} + +private string getMadStringFromContentSet(ContentSet cs) { + result = getMadStringFromContentSetAux(cs) + or + not exists(getMadStringFromContentSetAux(cs)) and + result = "Member[" + cs.asSingleton() + "]" +} + +/** Gets the textual representation of a summary component in the format used for MaD models. */ +string getMadRepresentationSpecific(SummaryComponent sc) { + exists(ContentSet cs | + sc = Private::TContentSummaryComponent(cs) and result = getMadStringFromContentSet(cs) + ) + or + exists(ReturnKind rk | + sc = Private::TReturnSummaryComponent(rk) and + not rk = getReturnValueKind() and + result = "ReturnValue[" + rk + "]" + ) +} + +/** Gets the textual representation of a parameter position in the format used for flow summaries. */ +bindingset[pos] +string getParameterPosition(ParameterPosition pos) { positionName(pos, result) and result != "any" } + +/** Gets the textual representation of an argument position in the format used for flow summaries. */ +bindingset[pos] +string getArgumentPosition(ArgumentPosition pos) { positionName(pos, result) and result != "any" } + +/** Holds if input specification component `c` needs a reference. */ +predicate inputNeedsReferenceSpecific(string c) { none() } + +/** Holds if output specification component `c` needs a reference. */ +predicate outputNeedsReferenceSpecific(string c) { none() } + +/** Gets the return kind corresponding to specification `"ReturnValue"`. */ +MkNormalReturnKind getReturnValueKind() { any() } + +/** + * All definitions in this module are required by the shared implementation + * (for source/sink interpretation), but they are unused for JS, where + * we rely on API graphs instead. + */ +private module UnusedSourceSinkInterpretation { + /** + * Holds if an external source specification exists for `n` with output specification + * `output`, kind `kind`, and provenance `provenance`. + */ + predicate sourceElement(AstNode n, string output, string kind, string provenance) { none() } + + /** + * Holds if an external sink specification exists for `n` with input specification + * `input`, kind `kind` and provenance `provenance`. + */ + predicate sinkElement(AstNode n, string input, string kind, string provenance) { none() } + + class SourceOrSinkElement = AstNode; + + /** An entity used to interpret a source/sink specification. */ + class InterpretNode extends AstNode { + /** Gets the element that this node corresponds to, if any. */ + SourceOrSinkElement asElement() { none() } + + /** Gets the data-flow node that this node corresponds to, if any. */ + Node asNode() { none() } + + /** Gets the call that this node corresponds to, if any. */ + DataFlowCall asCall() { none() } + + /** Gets the callable that this node corresponds to, if any. */ + DataFlowCallable asCallable() { none() } + + /** Gets the target of this call, if any. */ + StmtContainer getCallTarget() { none() } + } + + /** Provides additional sink specification logic. */ + predicate interpretOutputSpecific(string c, InterpretNode mid, InterpretNode node) { none() } + + /** Provides additional source specification logic. */ + predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode node) { none() } +} + +import UnusedSourceSinkInterpretation + +/** Gets the argument position obtained by parsing `X` in `Parameter[X]`. */ +bindingset[s] +ArgumentPosition parseParamBody(string s) { + s = "this" and result.isThis() + or + s = "function" and result.isFunctionSelfReference() + or + result.asPositional() = AccessPathSyntax::AccessPath::parseInt(s) +} + +/** Gets the parameter position obtained by parsing `X` in `Argument[X]`. */ +bindingset[s] +ParameterPosition parseArgBody(string s) { + result = parseParamBody(s) // Currently these are identical +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll index 42c06d318f08..aa965e248282 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll @@ -1,9 +1,12 @@ private import javascript private import semmle.javascript.dataflow.internal.DataFlowPrivate private import semmle.javascript.dataflow.internal.Contents::Public +private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl cached predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), + node2.(FlowSummaryNode).getSummaryNode(), false) } /** diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplSpecific.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplSpecific.qll new file mode 100644 index 000000000000..a8b541c1b318 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplSpecific.qll @@ -0,0 +1,12 @@ +private import javascript + +// This file provides the input to FlowSummaryImpl.qll, which is shared via identical-files.json. +module Private { + import semmle.javascript.dataflow.internal.DataFlowPrivate +} + +module Public { + import semmle.javascript.dataflow.internal.Contents::Public + + class Node = DataFlow::Node; +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImplSpecific.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImplSpecific.qll new file mode 100644 index 000000000000..71b4db2f016e --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImplSpecific.qll @@ -0,0 +1 @@ +import semmle.javascript.dataflow.internal.FlowSummaryPrivate From 32070abb27175372a4b9c475d1eaea1530fa19c8 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 19:59:35 +0200 Subject: [PATCH 013/223] JS: Implicitly treat array steps as taint steps --- .../javascript/dataflow/internal/TaintTrackingPrivate.qll | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll index aa965e248282..119293d82490 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll @@ -7,6 +7,13 @@ cached predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), node2.(FlowSummaryNode).getSummaryNode(), false) + or + // Convert steps into and out of array elements to plain taint steps + FlowSummaryImpl::Private::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), + ContentSet::arrayElement(), node2.(FlowSummaryNode).getSummaryNode()) + or + FlowSummaryImpl::Private::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), + ContentSet::arrayElement(), node2.(FlowSummaryNode).getSummaryNode()) } /** From 293899d64850760e4127860ead8fde3a6c2b669a Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 20:00:09 +0200 Subject: [PATCH 014/223] JS: Add 'Awaited' token --- .../dataflow/internal/DataFlowNode.qll | 3 + .../dataflow/internal/DataFlowPrivate.qll | 61 +++++++++++++++++++ .../dataflow/internal/FlowSummaryPrivate.qll | 7 +++ 3 files changed, 71 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index 22df2f07189b..cfc305828776 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -50,6 +50,9 @@ private module Cached { TConstructorThisArgumentNode(InvokeExpr e) { e instanceof NewExpr or e instanceof SuperCall } or TConstructorThisPostUpdate(Constructor ctor) or TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or + TFlowSummaryIntermediateAwaitStoreNode(FlowSummaryImpl::Private::SummaryNode sn) { + FlowSummaryImpl::Private::Steps::summaryStoreStep(sn, MkAwaited(), _) + } or } import Cached diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index fe222b1cf3d5..bf78a739507f 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -23,6 +23,23 @@ class FlowSummaryNode extends DataFlow::Node, TFlowSummaryNode { override string toString() { result = this.getSummaryNode().toString() } } +class FlowSummaryIntermediateAwaitStoreNode extends DataFlow::Node, + TFlowSummaryIntermediateAwaitStoreNode +{ + FlowSummaryImpl::Private::SummaryNode getSummaryNode() { + this = TFlowSummaryIntermediateAwaitStoreNode(result) + } + + /** Gets the summarized callable that this node belongs to. */ + FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() { + result = this.getSummaryNode().getSummarizedCallable() + } + + override string toString() { + result = this.getSummaryNode().toString() + " [intermediate node for Awaited store]" + } +} + cached newtype TReturnKind = MkNormalReturnKind() or @@ -236,6 +253,8 @@ predicate nodeIsHidden(Node node) { DataFlow::PathNode::shouldNodeBeHidden(node) or node instanceof FlowSummaryNode + or + node instanceof FlowSummaryIntermediateAwaitStoreNode } predicate neverSkipInPathGraph(Node node) { @@ -552,6 +571,21 @@ predicate simpleLocalFlowStep(Node node1, Node node2) { valuePreservingStep(node1, node2) and nodeGetEnclosingCallable(pragma[only_bind_out](node1)) = nodeGetEnclosingCallable(pragma[only_bind_out](node2)) + or + exists(FlowSummaryImpl::Private::SummaryNode input, FlowSummaryImpl::Private::SummaryNode output | + FlowSummaryImpl::Private::Steps::summaryStoreStep(input, MkAwaited(), output) and + node1 = TFlowSummaryNode(input) and + ( + node2 = TFlowSummaryNode(output) and + not node2 instanceof PostUpdateNode // When doing a store-back, do not add the local flow edge + or + node2 = TFlowSummaryIntermediateAwaitStoreNode(input) + ) + or + FlowSummaryImpl::Private::Steps::summaryReadStep(input, MkAwaited(), output) and + node1 = TFlowSummaryNode(input) and + node2 = TFlowSummaryNode(output) + ) } predicate localMustFlowStep(Node node1, Node node2) { node1 = node2.getImmediatePredecessor() } @@ -589,7 +623,11 @@ predicate readStep(Node node1, ContentSet c, Node node2) { FlowSummaryImpl::Private::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), contentSet, node2.(FlowSummaryNode).getSummaryNode()) | + not isSpecialContentSet(contentSet) and c = contentSet + or + contentSet = MkAwaited() and + c = ContentSet::promiseValue() ) } @@ -620,6 +658,14 @@ predicate storeStep(Node node1, ContentSet c, Node node2) { or FlowSummaryImpl::Private::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), c, node2.(FlowSummaryNode).getSummaryNode()) and + not isSpecialContentSet(c) + or + // Store into Awaited + exists(FlowSummaryImpl::Private::SummaryNode input, FlowSummaryImpl::Private::SummaryNode output | + FlowSummaryImpl::Private::Steps::summaryStoreStep(input, MkAwaited(), output) and + node1 = TFlowSummaryIntermediateAwaitStoreNode(input) and + node2 = TFlowSummaryNode(output) and + c = ContentSet::promiseValue() ) } @@ -630,6 +676,15 @@ predicate storeStep(Node node1, ContentSet c, Node node2) { */ predicate clearsContent(Node n, ContentSet c) { FlowSummaryImpl::Private::Steps::summaryClearsContent(n.(FlowSummaryNode).getSummaryNode(), c) + or + // Clear promise content before storing into promise value, to avoid creating nested promises + n = TFlowSummaryIntermediateAwaitStoreNode(_) and + c = MkPromiseFilter() + or + // After reading from Awaited, the output must not be stored in a promise content + FlowSummaryImpl::Private::Steps::summaryReadStep(_, MkAwaited(), + n.(FlowSummaryNode).getSummaryNode()) and + c = MkPromiseFilter() } /** @@ -638,6 +693,12 @@ predicate clearsContent(Node n, ContentSet c) { */ predicate expectsContent(Node n, ContentSet c) { FlowSummaryImpl::Private::Steps::summaryExpectsContent(n.(FlowSummaryNode).getSummaryNode(), c) + or + // After storing into Awaited, the result must be stored in a promise-content. + // There is a value step from the input directly to this node, hence the need for expectsContent. + FlowSummaryImpl::Private::Steps::summaryStoreStep(_, MkAwaited(), + n.(FlowSummaryNode).getSummaryNode()) and + c = MkPromiseFilter() } /** diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index 71c794862251..32739451ede5 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -200,6 +200,11 @@ SummaryComponent interpretComponentSpecific(Private::AccessPathToken c) { c.getName() = "ReturnValue" and c.getAnArgument() = "exception" and result = SummaryComponent::return(MkExceptionalReturnKind()) + or + // Awaited is mapped down to a combination steps that handle coercion and promise-flattening. + c.getName() = "Awaited" and + c.getNumArgument() = 0 and + result = SummaryComponent::content(MkAwaited()) } private string getMadStringFromContentSetAux(ContentSet cs) { @@ -236,6 +241,8 @@ private string getMadStringFromContentSetAux(ContentSet cs) { cs = getPromiseContent(awaitedArg) and result = "Awaited[" + awaitedArg + "]" ) + or + cs = MkAwaited() and result = "Awaited" } private string getMadStringFromContentSet(ContentSet cs) { From 5bccc652c86751f5c00d203258a2610816b81888 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 10:30:28 +0200 Subject: [PATCH 015/223] JS: Move SharedFlowStep to AdditionalFlowSteps.qll NOTE that this commit only moves around code. There are no changes. --- .../dataflow/AdditionalFlowSteps.qll | 114 ++++++++++++++++ .../javascript/dataflow/Configuration.qll | 123 +----------------- 2 files changed, 115 insertions(+), 122 deletions(-) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll new file mode 100644 index 000000000000..fb0311010884 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll @@ -0,0 +1,114 @@ +private import javascript + +/** + * A data flow edge that should be added to all data flow configurations in + * addition to standard data flow edges. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalFlowStep` + * for analysis-specific flow steps. + */ +class SharedFlowStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + none() + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + none() + } +} + +/** + * Contains predicates for accessing the steps contributed by `SharedFlowStep`, `LegacyFlowStep`, and `AdditionalFlowStep` subclasses. + */ +module SharedFlowStep { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + pragma[inline] + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedFlowStep s).step(pred, succ) + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + pragma[inline] + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(SharedFlowStep s).storeStep(pred, succ, prop) + } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + pragma[inline] + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(SharedFlowStep s).loadStep(pred, succ, prop) + } + + // The following are aliases for old step predicates that have no corresponding predicate in AdditionalFlowStep + /** + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + any(SharedFlowStep s).step(pred, succ, predlbl, succlbl) + } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + cached + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(SharedFlowStep s).loadStoreStep(pred, succ, prop) + } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + cached + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + any(SharedFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index d0087dcdca00..c693ebf12067 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -74,6 +74,7 @@ private import internal.AccessPaths private import internal.CallGraphs private import semmle.javascript.Unit private import semmle.javascript.internal.CachedStages +private import AdditionalFlowSteps /** * A data flow tracking configuration for finding inter-procedural paths from @@ -575,128 +576,6 @@ abstract class LabeledBarrierGuardNode extends BarrierGuardNode { override predicate blocks(boolean outcome, Expr e) { none() } } -/** - * A data flow edge that should be added to all data flow configurations in - * addition to standard data flow edges. - * - * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. - * - * Note: For performance reasons, all subclasses of this class should be part - * of the standard library. Override `Configuration::isAdditionalFlowStep` - * for analysis-specific flow steps. - */ -class SharedFlowStep extends Unit { - /** - * Holds if `pred` → `succ` should be considered a data flow edge. - */ - predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a data flow edge - * transforming values with label `predlbl` to have label `succlbl`. - */ - predicate step( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, - DataFlow::FlowLabel succlbl - ) { - none() - } - - /** - * Holds if `pred` should be stored in the object `succ` under the property `prop`. - * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. - */ - predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } - - /** - * Holds if the property `prop` of the object `pred` should be loaded into `succ`. - */ - predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } - - /** - * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. - */ - predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } - - /** - * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. - */ - predicate loadStoreStep( - DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp - ) { - none() - } -} - -/** - * Contains predicates for accessing the steps contributed by `SharedFlowStep` subclasses. - */ -cached -module SharedFlowStep { - cached - private module Internal { - // Forces this to be part of the `FlowSteps` stage. - // We use a public predicate in a private module to avoid warnings about this being unused. - cached - predicate forceStage() { Stages::FlowSteps::ref() } - } - - /** - * Holds if `pred` → `succ` should be considered a data flow edge. - */ - cached - predicate step(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedFlowStep s).step(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a data flow edge - * transforming values with label `predlbl` to have label `succlbl`. - */ - cached - predicate step( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, - DataFlow::FlowLabel succlbl - ) { - any(SharedFlowStep s).step(pred, succ, predlbl, succlbl) - } - - /** - * Holds if `pred` should be stored in the object `succ` under the property `prop`. - * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. - */ - cached - predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { - any(SharedFlowStep s).storeStep(pred, succ, prop) - } - - /** - * Holds if the property `prop` of the object `pred` should be loaded into `succ`. - */ - cached - predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { - any(SharedFlowStep s).loadStep(pred, succ, prop) - } - - /** - * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. - */ - cached - predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { - any(SharedFlowStep s).loadStoreStep(pred, succ, prop) - } - - /** - * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. - */ - cached - predicate loadStoreStep( - DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp - ) { - any(SharedFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) - } -} - /** * A collection of pseudo-properties that are used in multiple files. * From c24a0e00f5058db905abf91ea56fb982228ba55c Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 10:33:17 +0200 Subject: [PATCH 016/223] JS: Move SharedTaintStep to AdditionalTaintSteps.qll NOTE that this commit only moves around code. There are no changes. --- .../dataflow/AdditionalTaintSteps.qll | 250 ++++++++++++++++++ .../javascript/dataflow/TaintTracking.qll | 247 +---------------- 2 files changed, 252 insertions(+), 245 deletions(-) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll new file mode 100644 index 000000000000..926f6e1325c5 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll @@ -0,0 +1,250 @@ +private import javascript +private import semmle.javascript.internal.CachedStages + +/** + * A taint-propagating data flow edge that should be added to all taint tracking + * configurations in addition to standard data flow edges. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalTaintStep` + * for analysis-specific taint steps. + * + * This class has multiple kinds of `step` predicates; these all have the same + * effect on taint-tracking configurations. However, the categorization of steps + * allows some data-flow configurations to opt in to specific kinds of taint steps. + */ +class SharedTaintStep extends Unit { + // Each step relation in this class should have a cached version in the `Cached` module + // and be included in the `sharedTaintStep` predicate. + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through URI manipulation. + * + * Does not include string operations that aren't specific to URIs, such + * as concatenation and substring operations. + */ + predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge contributed by the heuristics library. + * + * Such steps are provided by the `semmle.javascript.heuristics` libraries + * and will default to be being empty if those libraries are not imported. + */ + predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through persistent storage. + */ + predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the heap. + */ + predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through arrays. + * + * These steps considers an array to be tainted if it contains tainted elements. + */ + predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the `state` or `props` or a React component. + */ + predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string concatenation. + */ + predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string manipulation (other than concatenation). + */ + predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data serialization, such as `JSON.stringify`. + */ + predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data deserialization, such as `JSON.parse`. + */ + predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a promise. + * + * These steps consider a promise object to tainted if it can resolve to + * a tainted value. + */ + predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { none() } +} + +/** + * Module existing only to ensure all taint steps are cached as a single stage, + * and without the the `Unit` type column. + */ +cached +private module Cached { + cached + predicate forceStage() { + Stages::Taint::ref() + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge, which doesn't fit into a more specific category. + */ + cached + predicate genericStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).step(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge, contribued by the heuristics library. + */ + cached + predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).heuristicStep(pred, succ) + } + + /** + * Public taint step relations. + */ + cached + module Public { + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a URI library function. + */ + cached + predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).uriStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through persistent storage. + */ + cached + predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).persistentStorageStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through the heap. + */ + cached + predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).heapStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through an array. + */ + cached + predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).arrayStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through the + * properties of a view compenent, such as the `state` or `props` of a React component. + */ + cached + predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).viewComponentStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through string + * concatenation. + */ + cached + predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).stringConcatenationStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through string manipulation + * (other than concatenation). + */ + cached + predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).stringManipulationStep(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data serialization, such as `JSON.stringify`. + */ + cached + predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).serializeStep(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data deserialization, such as `JSON.parse`. + */ + cached + predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).deserializeStep(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a promise. + * + * These steps consider a promise object to tainted if it can resolve to + * a tainted value. + */ + cached + predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).promiseStep(pred, succ) + } + } +} + +import Cached::Public + +/** + * Holds if `pred -> succ` is an edge used by all taint-tracking configurations in + * the old data flow library. + */ +predicate sharedTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + Cached::genericStep(pred, succ) or + Cached::heuristicStep(pred, succ) or + uriStep(pred, succ) or + persistentStorageStep(pred, succ) or + heapStep(pred, succ) or + arrayStep(pred, succ) or + viewComponentStep(pred, succ) or + stringConcatenationStep(pred, succ) or + stringManipulationStep(pred, succ) or + serializeStep(pred, succ) or + deserializeStep(pred, succ) or + promiseStep(pred, succ) +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 11ce802ac720..3b62b33c4ada 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -23,6 +23,8 @@ private import semmle.javascript.internal.CachedStages * Provides classes for modeling taint propagation. */ module TaintTracking { + import AdditionalTaintSteps + /** * A data flow tracking configuration that considers taint propagation through * objects, arrays, promises and strings in addition to standard data flow. @@ -228,251 +230,6 @@ module TaintTracking { override predicate sanitizes(boolean outcome, Expr e) { none() } } - /** - * A taint-propagating data flow edge that should be added to all taint tracking - * configurations in addition to standard data flow edges. - * - * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. - * - * Note: For performance reasons, all subclasses of this class should be part - * of the standard library. Override `Configuration::isAdditionalTaintStep` - * for analysis-specific taint steps. - * - * This class has multiple kinds of `step` predicates; these all have the same - * effect on taint-tracking configurations. However, the categorization of steps - * allows some data-flow configurations to opt in to specific kinds of taint steps. - */ - class SharedTaintStep extends Unit { - // Each step relation in this class should have a cached version in the `Cached` module - // and be included in the `sharedTaintStep` predicate. - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge. - */ - predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through URI manipulation. - * - * Does not include string operations that aren't specific to URIs, such - * as concatenation and substring operations. - */ - predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge contributed by the heuristics library. - * - * Such steps are provided by the `semmle.javascript.heuristics` libraries - * and will default to be being empty if those libraries are not imported. - */ - predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through persistent storage. - */ - predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through the heap. - */ - predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through arrays. - * - * These steps considers an array to be tainted if it contains tainted elements. - */ - predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through the `state` or `props` or a React component. - */ - predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through string concatenation. - */ - predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through string manipulation (other than concatenation). - */ - predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data serialization, such as `JSON.stringify`. - */ - predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data deserialization, such as `JSON.parse`. - */ - predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through a promise. - * - * These steps consider a promise object to tainted if it can resolve to - * a tainted value. - */ - predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - } - - /** - * Module existing only to ensure all taint steps are cached as a single stage, - * and without the the `Unit` type column. - */ - cached - private module Cached { - cached - predicate forceStage() { Stages::Taint::ref() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge, which doesn't fit into a more specific category. - */ - cached - predicate genericStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).step(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge, contribued by the heuristics library. - */ - cached - predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).heuristicStep(pred, succ) - } - - /** - * Public taint step relations. - */ - cached - module Public { - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through a URI library function. - */ - cached - predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).uriStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through persistent storage. - */ - cached - predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).persistentStorageStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through the heap. - */ - cached - predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).heapStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through an array. - */ - cached - predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).arrayStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through the - * properties of a view compenent, such as the `state` or `props` of a React component. - */ - cached - predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).viewComponentStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through string - * concatenation. - */ - cached - predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).stringConcatenationStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through string manipulation - * (other than concatenation). - */ - cached - predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).stringManipulationStep(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data serialization, such as `JSON.stringify`. - */ - cached - predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).serializeStep(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data deserialization, such as `JSON.parse`. - */ - cached - predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).deserializeStep(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through a promise. - * - * These steps consider a promise object to tainted if it can resolve to - * a tainted value. - */ - cached - predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).promiseStep(pred, succ) - } - } - } - - import Cached::Public - - /** - * Holds if `pred -> succ` is an edge used by all taint-tracking configurations. - */ - predicate sharedTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - Cached::genericStep(pred, succ) or - Cached::heuristicStep(pred, succ) or - uriStep(pred, succ) or - persistentStorageStep(pred, succ) or - heapStep(pred, succ) or - arrayStep(pred, succ) or - viewComponentStep(pred, succ) or - stringConcatenationStep(pred, succ) or - stringManipulationStep(pred, succ) or - serializeStep(pred, succ) or - deserializeStep(pred, succ) or - promiseStep(pred, succ) - } - /** Gets a data flow node referring to the client side URL. */ private DataFlow::SourceNode clientSideUrlRef(DataFlow::TypeTracker t) { t.start() and From 1afe06e3a5c2e62d7634a1daa6387369887d7185 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 10:36:11 +0200 Subject: [PATCH 017/223] JS: Add "additional" and "legacy" steps See the comment at the top of AdditionalFlowSteps.qll --- .../dataflow/AdditionalFlowSteps.qll | 274 ++++++++++++++++++ .../javascript/dataflow/Configuration.qll | 8 +- .../semmle/javascript/dataflow/DataFlow.qll | 1 + .../dataflow/internal/DataFlowPrivate.qll | 9 + .../dataflow/internal/FlowSteps.qll | 4 +- 5 files changed, 290 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll index fb0311010884..d3935d463f14 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll @@ -1,4 +1,259 @@ +/** + * This contains three step-contribution classes, in order to support graceful deprecation of the old data flow library. + * + * - `class AdditionalFlowStep`: steps used only by the new dataflow library + * - `class LegacyFlowStep`: steps used only by the old data flow library + * - `class SharedFlowStep`: steps used by both + * + * The latter two will be deprecated in the future, but are currently not marked as `deprecated`. + * This is because a library model should be able to support both data flow libraries simultaneously, without itself getting + * deprecation warnings. + * + * To simplify correct consumption of these steps there is a correspondingly-named module for each: + * + * - `module AdditionalFlowStep`: exposes steps from `AdditionalFlowStep` and `SharedFlowStep` subclasses. + * - `module LegacyFlowStep`: exposes steps from `LegacyFlowStep` and `SharedFlowStep` subclasses. + * - `module SharedFlowStep`: exposes steps from all three classes. + * + * This design is intended to simplify consumption of steps, and to ensure existing consumers of `SharedFlowStep` + * outside this codebase will continue to work with as few surprises as possible. + */ + private import javascript +private import semmle.javascript.internal.CachedStages + +/** + * A value-preserving data flow edge that should be used in all data flow configurations in + * addition to standard data flow edges. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalFlowStep` + * for analysis-specific flow steps. + */ +class AdditionalFlowStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a value-preserving data flow edge.f + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a value-preserving data flow edge that + * crosses calling contexts. + */ + predicate jumpStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` should be stored in the given `content` of the object `succ`. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + none() + } + + /** + * Holds if the given `content` of the object in `pred` should be read into `succ`. + */ + predicate readStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + none() + } +} + +/** + * Contains predicates for accessing the steps contributed by `AdditionalFlowStep` and `SharedFlowStep` subclasses. + */ +cached +module AdditionalFlowStep { + cached + private module Internal { + // Forces this to be part of the `FlowSteps` stage. + // We use a public predicate in a private module to avoid warnings about this being unused. + cached + predicate forceStage() { Stages::FlowSteps::ref() } + } + + bindingset[a, b] + pragma[inline_late] + private predicate sameContainer(DataFlow::Node a, DataFlow::Node b) { + a.getContainer() = b.getContainer() + } + + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(AdditionalFlowStep s).step(pred, succ) + or + any(SharedFlowStep s).step(pred, succ) and + sameContainer(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a value-preserving data flow edge that + * crosses calling contexts. + */ + cached + predicate jumpStep(DataFlow::Node pred, DataFlow::Node succ) { + any(AdditionalFlowStep s).jumpStep(pred, succ) + or + any(SharedFlowStep s).step(pred, succ) and + not sameContainer(pred, succ) + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + */ + cached + predicate storeStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + any(AdditionalFlowStep s).storeStep(pred, contents, succ) + or + exists(string prop | + any(SharedFlowStep s).storeStep(pred, succ, prop) and + contents = DataFlow::ContentSet::fromLegacyProperty(prop) + ) + } + + /** + * Holds if the property `prop` of the object `pred` should be read into `succ`. + */ + cached + predicate readStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + any(AdditionalFlowStep s).readStep(pred, contents, succ) + or + exists(string prop | + any(SharedFlowStep s).loadStep(pred, succ, prop) and + contents = DataFlow::ContentSet::fromLegacyProperty(prop) + ) + } +} + +/** + * A data flow edge that is only seen by the old, deprecated data flow library. + * + * This class is typically used when a step has been replaced by a flow summary. Since the old data flow + * library does not support flow summaries, such a step should remain as a legacy step, until the old data flow + * library can be removed. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalFlowStep` + * for analysis-specific flow steps. + */ +class LegacyFlowStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + none() + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + none() + } +} + +/** + * Contains predicates for accessing the steps contributed by `LegacyFlowStep` and `SharedFlowStep` subclasses. + */ +cached +module LegacyFlowStep { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(LegacyFlowStep s).step(pred, succ) + or + any(SharedFlowStep s).step(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + cached + predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + any(LegacyFlowStep s).step(pred, succ, predlbl, succlbl) + or + any(SharedFlowStep s).step(pred, succ, predlbl, succlbl) + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + cached + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(LegacyFlowStep s).storeStep(pred, succ, prop) + or + any(SharedFlowStep s).storeStep(pred, succ, prop) + } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + cached + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(LegacyFlowStep s).loadStep(pred, succ, prop) + or + any(SharedFlowStep s).loadStep(pred, succ, prop) + } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + cached + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(LegacyFlowStep s).loadStoreStep(pred, succ, prop) + or + any(SharedFlowStep s).loadStoreStep(pred, succ, prop) + } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + cached + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + any(LegacyFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + or + any(SharedFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + } +} /** * A data flow edge that should be added to all data flow configurations in @@ -63,6 +318,10 @@ module SharedFlowStep { pragma[inline] predicate step(DataFlow::Node pred, DataFlow::Node succ) { any(SharedFlowStep s).step(pred, succ) + or + any(AdditionalFlowStep s).step(pred, succ) + or + any(LegacyFlowStep s).step(pred, succ) } /** @@ -72,6 +331,11 @@ module SharedFlowStep { pragma[inline] predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { any(SharedFlowStep s).storeStep(pred, succ, prop) + or + any(AdditionalFlowStep s) + .storeStep(pred, DataFlow::ContentSet::property(prop), succ.getALocalUse()) + or + any(LegacyFlowStep s).storeStep(pred, succ, prop) } /** @@ -80,6 +344,10 @@ module SharedFlowStep { pragma[inline] predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { any(SharedFlowStep s).loadStep(pred, succ, prop) + or + any(AdditionalFlowStep s).readStep(pred, DataFlow::ContentSet::property(prop), succ) + or + any(LegacyFlowStep s).loadStep(pred, succ, prop) } // The following are aliases for old step predicates that have no corresponding predicate in AdditionalFlowStep @@ -92,6 +360,8 @@ module SharedFlowStep { DataFlow::FlowLabel succlbl ) { any(SharedFlowStep s).step(pred, succ, predlbl, succlbl) + or + any(LegacyFlowStep s).step(pred, succ, predlbl, succlbl) } /** @@ -100,6 +370,8 @@ module SharedFlowStep { cached predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { any(SharedFlowStep s).loadStoreStep(pred, succ, prop) + or + any(LegacyFlowStep s).loadStoreStep(pred, succ, prop) } /** @@ -110,5 +382,7 @@ module SharedFlowStep { DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp ) { any(SharedFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + or + any(LegacyFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index c693ebf12067..29f55ed01a68 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -1177,7 +1177,7 @@ private string getARelevantProp(DataFlow::Configuration cfg) { private predicate isAdditionalLoadStep( DataFlow::Node pred, DataFlow::Node succ, string prop, DataFlow::Configuration cfg ) { - SharedFlowStep::loadStep(pred, succ, prop) + LegacyFlowStep::loadStep(pred, succ, prop) or cfg.isAdditionalLoadStep(pred, succ, prop) } @@ -1188,7 +1188,7 @@ private predicate isAdditionalLoadStep( private predicate isAdditionalStoreStep( DataFlow::Node pred, DataFlow::Node succ, string prop, DataFlow::Configuration cfg ) { - SharedFlowStep::storeStep(pred, succ, prop) + LegacyFlowStep::storeStep(pred, succ, prop) or cfg.isAdditionalStoreStep(pred, succ, prop) } @@ -1200,13 +1200,13 @@ private predicate isAdditionalLoadStoreStep( DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp, DataFlow::Configuration cfg ) { - SharedFlowStep::loadStoreStep(pred, succ, loadProp, storeProp) + LegacyFlowStep::loadStoreStep(pred, succ, loadProp, storeProp) or cfg.isAdditionalLoadStoreStep(pred, succ, loadProp, storeProp) or loadProp = storeProp and ( - SharedFlowStep::loadStoreStep(pred, succ, loadProp) + LegacyFlowStep::loadStoreStep(pred, succ, loadProp) or cfg.isAdditionalLoadStoreStep(pred, succ, loadProp) ) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index 47fb26937cd3..75926baa889c 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -1990,5 +1990,6 @@ module DataFlow { import TypeInference import Configuration import TypeTracking + import AdditionalFlowSteps import internal.FunctionWrapperSteps } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index bf78a739507f..1b5d84bcce6a 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -586,6 +586,9 @@ predicate simpleLocalFlowStep(Node node1, Node node2) { node1 = TFlowSummaryNode(input) and node2 = TFlowSummaryNode(output) ) + or + // NOTE: For consistency with readStep/storeStep, we do not translate these steps to jump steps automatically. + DataFlow::AdditionalFlowStep::step(node1, node2) } predicate localMustFlowStep(Node node1, Node node2) { node1 = node2.getImmediatePredecessor() } @@ -601,6 +604,8 @@ predicate jumpStep(Node node1, Node node2) { or FlowSummaryImpl::Private::Steps::summaryJumpStep(node1.(FlowSummaryNode).getSummaryNode(), node2.(FlowSummaryNode).getSummaryNode()) + or + DataFlow::AdditionalFlowStep::jumpStep(node1, node2) } /** @@ -629,6 +634,8 @@ predicate readStep(Node node1, ContentSet c, Node node2) { contentSet = MkAwaited() and c = ContentSet::promiseValue() ) + or + DataFlow::AdditionalFlowStep::readStep(node1, c, node2) } /** Gets the post-update node for which `node` is the corresponding pre-update node. */ @@ -667,6 +674,8 @@ predicate storeStep(Node node1, ContentSet c, Node node2) { node2 = TFlowSummaryNode(output) and c = ContentSet::promiseValue() ) + or + DataFlow::AdditionalFlowStep::storeStep(node1, c, node2) } /** diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll index e65a38908fe5..f64834972c5f 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll @@ -41,9 +41,9 @@ predicate localFlowStep( ) { pred = succ.getAPredecessor() and predlbl = succlbl or - DataFlow::SharedFlowStep::step(pred, succ) and predlbl = succlbl + DataFlow::LegacyFlowStep::step(pred, succ) and predlbl = succlbl or - DataFlow::SharedFlowStep::step(pred, succ, predlbl, succlbl) + DataFlow::LegacyFlowStep::step(pred, succ, predlbl, succlbl) or exists(boolean vp | configuration.isAdditionalFlowStep(pred, succ, vp) | vp = true and From 27c7d5004af16e4c07b290f994883bdfe142c936 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 10:37:57 +0200 Subject: [PATCH 018/223] JS: Do the same for additional taint steps --- .../dataflow/AdditionalTaintSteps.qll | 176 ++++++++++++++++++ .../internal/TaintTrackingPrivate.qll | 2 + 2 files changed, 178 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll index 926f6e1325c5..86eb6078a72d 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll @@ -1,6 +1,28 @@ +/** + * Note: The contents of this file are exposed with the `TaintTracking::` prefix, via an import in `TaintTracking.qll`. + */ + private import javascript private import semmle.javascript.internal.CachedStages +/** + * A taint-propagating data flow edge that should be added to all taint tracking + * configurations, but only those that use the new data flow library. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalTaintStep` + * for analysis-specific taint steps. + */ +class AdditionalTaintStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } +} + /** * A taint-propagating data flow edge that should be added to all taint tracking * configurations in addition to standard data flow edges. @@ -102,6 +124,106 @@ class SharedTaintStep extends Unit { predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { none() } } +/** + * A taint-propagating data flow edge that should be used with the old data flow library. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalTaintStep` + * for analysis-specific taint steps. + * + * This class has multiple kinds of `step` predicates; these all have the same + * effect on taint-tracking configurations. However, the categorization of steps + * allows some data-flow configurations to opt in to specific kinds of taint steps. + */ +class LegacyTaintStep extends Unit { + // Each step relation in this class should have a cached version in the `Cached` module + // and be included in the `sharedTaintStep` predicate. + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through URI manipulation. + * + * Does not include string operations that aren't specific to URIs, such + * as concatenation and substring operations. + */ + predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge contributed by the heuristics library. + * + * Such steps are provided by the `semmle.javascript.heuristics` libraries + * and will default to be being empty if those libraries are not imported. + */ + predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through persistent storage. + */ + predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the heap. + */ + predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through arrays. + * + * These steps considers an array to be tainted if it contains tainted elements. + */ + predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the `state` or `props` or a React component. + */ + predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string concatenation. + */ + predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string manipulation (other than concatenation). + */ + predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data serialization, such as `JSON.stringify`. + */ + predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data deserialization, such as `JSON.parse`. + */ + predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a promise. + * + * These steps consider a promise object to tainted if it can resolve to + * a tainted value. + */ + predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { none() } +} + /** * Module existing only to ensure all taint steps are cached as a single stage, * and without the the `Unit` type column. @@ -110,6 +232,7 @@ cached private module Cached { cached predicate forceStage() { + // TODO: ensure that this stage is only evaluated if using the old data flow library Stages::Taint::ref() } @@ -120,6 +243,8 @@ private module Cached { cached predicate genericStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).step(pred, succ) + or + any(LegacyTaintStep step).step(pred, succ) } /** @@ -129,6 +254,8 @@ private module Cached { cached predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).heuristicStep(pred, succ) + or + any(LegacyTaintStep step).heuristicStep(pred, succ) } /** @@ -143,6 +270,8 @@ private module Cached { cached predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).uriStep(pred, succ) + or + any(LegacyTaintStep step).uriStep(pred, succ) } /** @@ -151,6 +280,8 @@ private module Cached { cached predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).persistentStorageStep(pred, succ) + or + any(LegacyTaintStep step).persistentStorageStep(pred, succ) } /** @@ -159,6 +290,8 @@ private module Cached { cached predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).heapStep(pred, succ) + or + any(LegacyTaintStep step).heapStep(pred, succ) } /** @@ -167,6 +300,8 @@ private module Cached { cached predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).arrayStep(pred, succ) + or + any(LegacyTaintStep step).arrayStep(pred, succ) } /** @@ -176,6 +311,8 @@ private module Cached { cached predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).viewComponentStep(pred, succ) + or + any(LegacyTaintStep step).viewComponentStep(pred, succ) } /** @@ -185,6 +322,8 @@ private module Cached { cached predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).stringConcatenationStep(pred, succ) + or + any(LegacyTaintStep step).stringConcatenationStep(pred, succ) } /** @@ -194,6 +333,8 @@ private module Cached { cached predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).stringManipulationStep(pred, succ) + or + any(LegacyTaintStep step).stringManipulationStep(pred, succ) } /** @@ -203,6 +344,8 @@ private module Cached { cached predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).serializeStep(pred, succ) + or + any(LegacyTaintStep step).serializeStep(pred, succ) } /** @@ -212,6 +355,8 @@ private module Cached { cached predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).deserializeStep(pred, succ) + or + any(LegacyTaintStep step).deserializeStep(pred, succ) } /** @@ -224,6 +369,8 @@ private module Cached { cached predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { any(SharedTaintStep step).promiseStep(pred, succ) + or + any(LegacyTaintStep step).promiseStep(pred, succ) } } } @@ -233,6 +380,8 @@ import Cached::Public /** * Holds if `pred -> succ` is an edge used by all taint-tracking configurations in * the old data flow library. + * + * The new data flow library uses a different set of steps, exposed by `AdditionalTaintStep::step`. */ predicate sharedTaintStep(DataFlow::Node pred, DataFlow::Node succ) { Cached::genericStep(pred, succ) or @@ -248,3 +397,30 @@ predicate sharedTaintStep(DataFlow::Node pred, DataFlow::Node succ) { deserializeStep(pred, succ) or promiseStep(pred, succ) } + +/** + * Contains predicates for accessing the taint steps used by taint-tracking configurations + * in the new data flow library. + */ +module AdditionalTaintStep { + /** + * Holds if `pred` → `succ` is considered a taint-propagating data flow edge when + * using the new data flow library. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(AdditionalTaintStep step).step(pred, succ) or + any(SharedTaintStep step).step(pred, succ) or + any(SharedTaintStep step).heuristicStep(pred, succ) or + any(SharedTaintStep step).uriStep(pred, succ) or + any(SharedTaintStep step).persistentStorageStep(pred, succ) or + any(SharedTaintStep step).heapStep(pred, succ) or + any(SharedTaintStep step).arrayStep(pred, succ) or + any(SharedTaintStep step).viewComponentStep(pred, succ) or + any(SharedTaintStep step).stringConcatenationStep(pred, succ) or + any(SharedTaintStep step).stringManipulationStep(pred, succ) or + any(SharedTaintStep step).serializeStep(pred, succ) or + any(SharedTaintStep step).deserializeStep(pred, succ) or + any(SharedTaintStep step).promiseStep(pred, succ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll index 119293d82490..0380cf8202fc 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll @@ -5,6 +5,8 @@ private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as cached predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + TaintTracking::AdditionalTaintStep::step(node1, node2) + or FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), node2.(FlowSummaryNode).getSummaryNode(), false) or From 6037ff553cbaa4938e8f0730b513a1e7735a0bfd Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 10:39:18 +0200 Subject: [PATCH 019/223] JS: Add LegacyPreUpdateStep This contributes to both LegacyFlowStep and SharedTypeTrackingStep. That is, this is for steps that are used by type-tracking and the old data flow library, but not the new data flow library. --- .../dataflow/internal/PreCallGraphStep.qll | 117 ++++++++++++++++++ 1 file changed, 117 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll index 18db549300a7..0416dc99a020 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll @@ -90,6 +90,89 @@ module PreCallGraphStep { } } +/** + * Internal extension point for adding legacy flow edges prior to call graph construction + * and type tracking, but where the steps should not be used by the new data flow library. + * + * Steps added here will be added to both `LegacyFlowStep` and `SharedTypeTrackingStep`. + * + * Contributing steps that rely on type tracking will lead to negative recursion. + */ +class LegacyPreCallGraphStep extends Unit { + /** + * Holds if there is a step from `pred` to `succ`. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if there is a step from `pred` into the `prop` property of `succ`. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if there is a step from the `prop` property of `pred` to `succ`. + */ + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if there is a step from the `prop` property of `pred` to the same property in `succ`. + */ + predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if there is a step from the `loadProp` property of `pred` to the `storeProp` property in `succ`. + */ + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp + ) { + none() + } +} + +module LegacyPreCallGraphStep { + /** + * Holds if there is a step from `pred` to `succ`. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(LegacyPreCallGraphStep s).step(pred, succ) + } + + /** + * Holds if there is a step from `pred` into the `prop` property of `succ`. + */ + cached + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(LegacyPreCallGraphStep s).storeStep(pred, succ, prop) + } + + /** + * Holds if there is a step from the `prop` property of `pred` to `succ`. + */ + cached + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + Stages::TypeTracking::ref() and + any(LegacyPreCallGraphStep s).loadStep(pred, succ, prop) + } + + /** + * Holds if there is a step from the `prop` property of `pred` to the same property in `succ`. + */ + cached + predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(LegacyPreCallGraphStep s).loadStoreStep(pred, succ, prop) + } + + /** + * Holds if there is a step from the `loadProp` property of `pred` to the `storeProp` property in `succ`. + */ + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp + ) { + any(LegacyPreCallGraphStep s).loadStoreStep(pred, succ, loadProp, storeProp) + } +} + private class SharedFlowStepFromPreCallGraph extends DataFlow::SharedFlowStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { PreCallGraphStep::step(pred, succ) @@ -114,26 +197,60 @@ private class SharedFlowStepFromPreCallGraph extends DataFlow::SharedFlowStep { } } +private class LegacyFlowStepFromPreCallGraph extends DataFlow::LegacyFlowStep { + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + LegacyPreCallGraphStep::step(pred, succ) + } + + override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + LegacyPreCallGraphStep::storeStep(pred, succ, prop) + } + + override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + LegacyPreCallGraphStep::loadStep(pred, succ, prop) + } + + override predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + LegacyPreCallGraphStep::loadStoreStep(pred, succ, prop) + } + + override predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + LegacyPreCallGraphStep::loadStoreStep(pred, succ, loadProp, storeProp) + } +} + private class SharedTypeTrackingStepFromPreCallGraph extends DataFlow::SharedTypeTrackingStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { PreCallGraphStep::step(pred, succ) + or + LegacyPreCallGraphStep::step(pred, succ) } override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { PreCallGraphStep::storeStep(pred, succ, prop) + or + LegacyPreCallGraphStep::storeStep(pred, succ, prop) } override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { PreCallGraphStep::loadStep(pred, succ, prop) + or + LegacyPreCallGraphStep::loadStep(pred, succ, prop) } override predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { PreCallGraphStep::loadStoreStep(pred, succ, prop) + or + LegacyPreCallGraphStep::loadStoreStep(pred, succ, prop) } override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp ) { PreCallGraphStep::loadStoreStep(pred, succ, loadProp, storeProp) + or + LegacyPreCallGraphStep::loadStoreStep(pred, succ, loadProp, storeProp) } } From 3f20d71a9b1f73fdd30e89543ce02b3cd488fa46 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 10:41:39 +0200 Subject: [PATCH 020/223] JS: Add legacy post-update step This is to ensure getALocalSource() can be replaced by getPostUpdateNode() as the base of a store --- .../javascript/dataflow/internal/FlowSteps.qll | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll index f64834972c5f..2ee04b8dbf56 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll @@ -30,6 +30,20 @@ predicate returnExpr(Function f, DataFlow::Node source, DataFlow::Node sink) { not f = any(SetterMethodDeclaration decl).getBody() } +/** + * A step from a post-update node to the local sources of the corresponding pre-update node. + * + * This ensures that `getPostUpdateNode()` can be used in place of `getALocalSource()` when generating + * store steps, and the resulting step will work in both data flow analyses. + */ +pragma[nomagic] +private predicate legacyPostUpdateStep(DataFlow::Node pred, DataFlow::Node succ) { + exists(DataFlow::Node node | + pred = node.getPostUpdateNode() and + succ = node.getALocalSource() + ) +} + /** * Holds if data can flow in one step from `pred` to `succ`, taking * additional steps from the configuration into account. @@ -41,6 +55,8 @@ predicate localFlowStep( ) { pred = succ.getAPredecessor() and predlbl = succlbl or + legacyPostUpdateStep(pred, succ) and predlbl = succlbl + or DataFlow::LegacyFlowStep::step(pred, succ) and predlbl = succlbl or DataFlow::LegacyFlowStep::step(pred, succ, predlbl, succlbl) From 46fec8ea7ee528520ebd14b1b53f48aa4404cbc1 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 10:42:58 +0200 Subject: [PATCH 021/223] JS: Add AdditionalFlowInternal This provides access to more features than we want to expose publicly at the moment, but is useful for modelling certain language features. --- .../internal/AdditionalFlowInternal.qll | 34 +++++++++++++++++++ .../dataflow/internal/DataFlowNode.qll | 5 +++ .../dataflow/internal/DataFlowPrivate.qll | 29 ++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll new file mode 100644 index 000000000000..d7f92ce8dd30 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll @@ -0,0 +1,34 @@ +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +/** + * Gets a data-flow node synthesized using `AdditionalFlowInternal#needsSynthesizedNode`. + */ +DataFlow::Node getSynthesizedNode(AstNode node, string tag) { + result = TGenericSynthesizedNode(node, tag, _) +} + +/** + * An extension to `AdditionalFlowStep` with additional internal-only predicates. + */ +class AdditionalFlowInternal extends DataFlow::AdditionalFlowStep { + /** + * Holds if a data-flow node should be synthesized for the pair `(node, tag)`. + * + * The node can be obtained using `getSynthesizedNode(node, tag)`. + * + * `container` will be seen as the node's enclosing container. + */ + predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) { none() } + + /** + * Holds if `node` should only permit flow of values stored in `contents`. + */ + predicate expectsContent(DataFlow::Node node, DataFlow::ContentSet contents) { none() } + + /** + * Holds if `node` should not permit flow of values stored in `contents`. + */ + predicate clearsContent(DataFlow::Node node, DataFlow::ContentSet contents) { none() } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index cfc305828776..5ae1c7e71380 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -5,6 +5,8 @@ */ private import javascript +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.DataFlowPrivate as DataFlowPrivate private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl cached private module Cached { @@ -53,6 +55,9 @@ private module Cached { TFlowSummaryIntermediateAwaitStoreNode(FlowSummaryImpl::Private::SummaryNode sn) { FlowSummaryImpl::Private::Steps::summaryStoreStep(sn, MkAwaited(), _) } or + TGenericSynthesizedNode(AstNode node, string tag, DataFlowPrivate::DataFlowCallable container) { + any(AdditionalFlowInternal flow).needsSynthesizedNode(node, tag, container) + } } import Cached diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 1b5d84bcce6a..3ee4748ad348 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -2,6 +2,7 @@ private import javascript private import semmle.javascript.dataflow.internal.CallGraphs private import semmle.javascript.dataflow.internal.DataFlowNode private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal private import semmle.javascript.dataflow.internal.Contents::Private private import semmle.javascript.dataflow.internal.VariableCapture private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon @@ -40,6 +41,26 @@ class FlowSummaryIntermediateAwaitStoreNode extends DataFlow::Node, } } +class GenericSynthesizedNode extends DataFlow::Node, TGenericSynthesizedNode { + private AstNode node; + private string tag; + private DataFlowCallable container; + + GenericSynthesizedNode() { this = TGenericSynthesizedNode(node, tag, container) } + + override StmtContainer getContainer() { result = container.asSourceCallable() } + + override string toString() { result = "[synthetic node] " + tag } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + node.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } + + string getTag() { result = tag } +} + cached newtype TReturnKind = MkNormalReturnKind() or @@ -235,6 +256,8 @@ DataFlowCallable nodeGetEnclosingCallable(Node node) { result.asLibraryCallable() = node.(FlowSummaryNode).getSummarizedCallable() or result.asLibraryCallable() = node.(FlowSummaryIntermediateAwaitStoreNode).getSummarizedCallable() + or + node = TGenericSynthesizedNode(_, _, result) } private newtype TDataFlowType = @@ -255,6 +278,8 @@ predicate nodeIsHidden(Node node) { node instanceof FlowSummaryNode or node instanceof FlowSummaryIntermediateAwaitStoreNode + or + node instanceof GenericSynthesizedNode } predicate neverSkipInPathGraph(Node node) { @@ -694,6 +719,8 @@ predicate clearsContent(Node n, ContentSet c) { FlowSummaryImpl::Private::Steps::summaryReadStep(_, MkAwaited(), n.(FlowSummaryNode).getSummaryNode()) and c = MkPromiseFilter() + or + any(AdditionalFlowInternal flow).clearsContent(n, c) } /** @@ -708,6 +735,8 @@ predicate expectsContent(Node n, ContentSet c) { FlowSummaryImpl::Private::Steps::summaryStoreStep(_, MkAwaited(), n.(FlowSummaryNode).getSummaryNode()) and c = MkPromiseFilter() + or + any(AdditionalFlowInternal flow).expectsContent(n, c) } /** From a31e251529bc5557a77f00365372689dfe98531a Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 13:14:14 +0200 Subject: [PATCH 022/223] JS: Add flow summaries for core methods --- .../dataflow/internal/DataFlowPrivate.qll | 1 + .../flow_summaries/AllFlowSummaries.qll | 1 + .../flow_summaries/AmbiguousCoreMethods.qll | 151 ++++++++++++++++++ .../flow_summaries/FlowSummaryUtil.qll | 15 ++ 4 files changed, 168 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 3ee4748ad348..693767bb7100 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -6,6 +6,7 @@ private import semmle.javascript.dataflow.internal.AdditionalFlowInternal private import semmle.javascript.dataflow.internal.Contents::Private private import semmle.javascript.dataflow.internal.VariableCapture private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon +private import semmle.javascript.internal.flow_summaries.AllFlowSummaries private import sharedlib.FlowSummaryImpl as FlowSummaryImpl private class Node = DataFlow::Node; diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll new file mode 100644 index 000000000000..2af0a73f9a26 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -0,0 +1 @@ +private import AmbiguousCoreMethods diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll new file mode 100644 index 000000000000..9c74cc7e33fe --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll @@ -0,0 +1,151 @@ +/** + * Contains flow summaries for methods with a name that can found on more than one of the core types: Array, String, Map, Set, Promise. + * + * This is an overview of the ambiguous methods and the classes that contain them (not all of these require a flow summary): + * ``` + * at: String, Array + * concat: String, Array + * includes: String, Array + * indexOf: String, Array + * lastIndexOf: String, Array + * slice: String, Array + * entries: Array, Map, Set + * forEach: Array, Map, Set + * keys: Array, Map, Set + * values: Array, Map, Set + * clear: Map, Set + * delete: Map, Set + * has: Map, Set + * ``` + * + * (Promise is absent in the table above as there currently are no name clashes with Promise methods) + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +class At extends SummarizedCallable { + At() { this = "Array#at / String#at" } + + override InstanceCall getACallSimple() { result.getMethodName() = "at" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue" + // + // There is no flow for String#at since we currently consider single-character extraction to be too restrictive + } +} + +class Concat extends SummarizedCallable { + Concat() { this = "Array#concat / String#concat" } + + override InstanceCall getACallSimple() { result.getMethodName() = "concat" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this,0..].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + preservesValue = false and + input = "Argument[this,0..]" and + output = "ReturnValue" + } +} + +class Slice extends SummarizedCallable { + Slice() { this = "Array#slice / String#slice" } + + override InstanceCall getACallSimple() { result.getMethodName() = "slice" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue" + } +} + +class Entries extends SummarizedCallable { + Entries() { this = "Array#entries / Map#entries / Set#entries" } + + override InstanceCall getACall() { + result.getMethodName() = "entries" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this]." + ["MapKey", "SetElement"] and + output = "ReturnValue.IteratorElement.Member[0]" + or + input = "Argument[this]." + ["ArrayElement", "SetElement", "MapValue"] and + output = "ReturnValue.IteratorElement.Member[1]" + ) + } +} + +class ForEach extends SummarizedCallable { + ForEach() { this = "Array#forEach / Map#forEach / Set#forEach" } + + override InstanceCall getACallSimple() { result.getMethodName() = "forEach" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + /* + * array.forEach(callbackfn, thisArg) + * callbackfn(value, index, array) + */ + + ( + input = "Argument[this]." + ["ArrayElement", "SetElement", "MapValue"] and + output = "Argument[0].Parameter[0]" + or + input = "Argument[this]." + ["MapKey", "SetElement"] and + output = "Argument[0].Parameter[1]" + or + input = "Argument[this]" and + output = "Argument[0].Parameter[2]" // object being iterated over + or + input = "Argument[1]" and // thisArg + output = "Argument[0].Parameter[this]" + ) + } +} + +class Keys extends SummarizedCallable { + Keys() { this = "Array#keys / Map#keys / Set#keys" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "keys" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this]." + ["MapKey", "SetElement"] and + output = "ReturnValue.IteratorElement" + } +} + +class Values extends SummarizedCallable { + Values() { this = "Array#values / Map#values / Set#values" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "values" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this]." + ["ArrayElement", "SetElement", "MapValue"] and + output = "ReturnValue.IteratorElement" + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll new file mode 100644 index 000000000000..729c76a2662d --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll @@ -0,0 +1,15 @@ +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.internal.Contents::Private + +/** + * A method call or a reflective invocation (`call` or `apply`) that takes a receiver. + * + * Note that `DataFlow::MethodCallNode` does not include reflective invocation. + */ +class InstanceCall extends DataFlow::CallNode { + InstanceCall() { exists(this.getReceiver()) } + + /** Gets the name of method being invoked */ + string getMethodName() { result = this.getCalleeName() } +} From 4319b0779853e3a7468db34b99d23fe7801d0ed7 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 13:14:29 +0200 Subject: [PATCH 023/223] JS: Add flow summaries for Arrays --- .../ql/lib/semmle/javascript/Arrays.qll | 32 +- .../flow_summaries/AllFlowSummaries.qll | 1 + .../internal/flow_summaries/Arrays2.qll | 577 ++++++++++++++++++ .../flow_summaries/FlowSummaryUtil.qll | 19 + 4 files changed, 613 insertions(+), 16 deletions(-) create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays2.qll diff --git a/javascript/ql/lib/semmle/javascript/Arrays.qll b/javascript/ql/lib/semmle/javascript/Arrays.qll index 64ed34ae631a..b67a728d0d89 100644 --- a/javascript/ql/lib/semmle/javascript/Arrays.qll +++ b/javascript/ql/lib/semmle/javascript/Arrays.qll @@ -9,7 +9,7 @@ module ArrayTaintTracking { /** * A taint propagating data flow edge caused by the builtin array functions. */ - private class ArrayFunctionTaintStep extends TaintTracking::SharedTaintStep { + private class ArrayFunctionTaintStep extends TaintTracking::LegacyTaintStep { override predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { arrayFunctionTaintStep(pred, succ, _) } @@ -114,7 +114,7 @@ private module ArrayDataFlow { * A step modeling the creation of an Array using the `Array.from(x)` method. * The step copies the elements of the argument (set, array, or iterator elements) into the resulting array. */ - private class ArrayFrom extends DataFlow::SharedFlowStep { + private class ArrayFrom extends DataFlow::LegacyFlowStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::Node succ, string fromProp, string toProp ) { @@ -134,7 +134,7 @@ private module ArrayDataFlow { * * Such a step can occur both with the `push` and `unshift` methods, or when creating a new array. */ - private class ArrayCopySpread extends DataFlow::SharedFlowStep { + private class ArrayCopySpread extends DataFlow::LegacyFlowStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::Node succ, string fromProp, string toProp ) { @@ -155,7 +155,7 @@ private module ArrayDataFlow { /** * A step for storing an element on an array using `arr.push(e)` or `arr.unshift(e)`. */ - private class ArrayAppendStep extends DataFlow::SharedFlowStep { + private class ArrayAppendStep extends DataFlow::LegacyFlowStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { prop = arrayElement() and exists(DataFlow::MethodCallNode call | @@ -186,7 +186,7 @@ private module ArrayDataFlow { * A step for reading/writing an element from an array inside a for-loop. * E.g. a read from `foo[i]` to `bar` in `for(var i = 0; i < arr.length; i++) {bar = foo[i]}`. */ - private class ArrayIndexingStep extends DataFlow::SharedFlowStep { + private class ArrayIndexingStep extends DataFlow::LegacyFlowStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(ArrayIndexingAccess access | prop = arrayElement() and @@ -208,7 +208,7 @@ private module ArrayDataFlow { * A step for retrieving an element from an array using `.pop()`, `.shift()`, or `.at()`. * E.g. `array.pop()`. */ - private class ArrayPopStep extends DataFlow::SharedFlowStep { + private class ArrayPopStep extends DataFlow::LegacyFlowStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = ["pop", "shift", "at"] and @@ -229,7 +229,7 @@ private module ArrayDataFlow { * * And the second parameter in the callback is the array ifself, so there is a `loadStoreStep` from the array to that second parameter. */ - private class ArrayIteration extends PreCallGraphStep { + private class ArrayIteration extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = ["map", "forEach"] and @@ -261,7 +261,7 @@ private module ArrayDataFlow { /** * A step for creating an array and storing the elements in the array. */ - private class ArrayCreationStep extends PreCallGraphStep { + private class ArrayCreationStep extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::ArrayCreationNode array, int i | element = array.getElement(i) and @@ -275,7 +275,7 @@ private module ArrayDataFlow { * A step modeling that `splice` can insert elements into an array. * For example in `array.splice(i, del, e)`: if `e` is tainted, then so is `array */ - private class ArraySpliceStep extends DataFlow::SharedFlowStep { + private class ArraySpliceStep extends DataFlow::LegacyFlowStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = "splice" and @@ -290,7 +290,7 @@ private module ArrayDataFlow { * A step for modeling `concat`. * For example in `e = arr1.concat(arr2, arr3)`: if any of the `arr` is tainted, then so is `e`. */ - private class ArrayConcatStep extends DataFlow::SharedFlowStep { + private class ArrayConcatStep extends DataFlow::LegacyFlowStep { override predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = "concat" and @@ -304,7 +304,7 @@ private module ArrayDataFlow { /** * A step for modeling that elements from an array `arr` also appear in the result from calling `slice`/`splice`/`filter`. */ - private class ArraySliceStep extends DataFlow::SharedFlowStep { + private class ArraySliceStep extends DataFlow::LegacyFlowStep { override predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = ["slice", "splice", "filter"] and @@ -318,7 +318,7 @@ private module ArrayDataFlow { /** * A step modeling that elements from an array `arr` are received by calling `find`. */ - private class ArrayFindStep extends DataFlow::SharedFlowStep { + private class ArrayFindStep extends DataFlow::LegacyFlowStep { override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { exists(DataFlow::CallNode call | call = arrayFindCall(pred) and @@ -368,7 +368,7 @@ private module ArrayLibraries { /** * A taint step through the `arrify` library, or other libraries that (maybe) convert values into arrays. */ - private class ArrayifyStep extends TaintTracking::SharedTaintStep { + private class ArrayifyStep extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(API::CallNode call | call = API::moduleImport(["arrify", "array-ify"]).getACall() | pred = call.getArgument(0) and succ = call @@ -388,7 +388,7 @@ private module ArrayLibraries { /** * A taint step for a library that copies the elements of an array into another array. */ - private class ArrayCopyTaint extends TaintTracking::SharedTaintStep { + private class ArrayCopyTaint extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(DataFlow::CallNode call | call = arrayCopyCall(pred) and @@ -400,7 +400,7 @@ private module ArrayLibraries { /** * A loadStoreStep for a library that copies the elements of an array into another array. */ - private class ArrayCopyLoadStore extends DataFlow::SharedFlowStep { + private class ArrayCopyLoadStore extends DataFlow::LegacyFlowStep { override predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { exists(DataFlow::CallNode call | call = arrayCopyCall(pred) and @@ -413,7 +413,7 @@ private module ArrayLibraries { /** * A taint step through a call to `Array.prototype.flat` or a polyfill implementing array flattening. */ - private class ArrayFlatStep extends TaintTracking::SharedTaintStep { + private class ArrayFlatStep extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(DataFlow::CallNode call | succ = call | call.(DataFlow::MethodCallNode).getMethodName() = "flat" and diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 2af0a73f9a26..90f700405c19 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -1 +1,2 @@ private import AmbiguousCoreMethods +private import Arrays2 diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays2.qll new file mode 100644 index 000000000000..054e617721e2 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays2.qll @@ -0,0 +1,577 @@ +/** + * Contains a summary for relevant methods on arrays, except Array.prototype.join which is currently special-cased in StringConcatenation.qll. + * + * Note that some of Array methods are modelled in `AmbiguousCoreMethods.qll`, and `join` and `toString` are special-cased elsewhere. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.InferredTypes +private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private +private import FlowSummaryUtil + +pragma[nomagic] +DataFlow::SourceNode arrayConstructorRef() { result = DataFlow::globalVarRef("Array") } + +pragma[nomagic] +private int firstSpreadIndex(ArrayExpr expr) { + result = min(int i | expr.getElement(i) instanceof SpreadElement) +} + +/** + * Store and read steps for an array literal. Since literals are not seen as calls, this is not a flow summary. + * + * In case of spread elements `[x, ...y]`, we generate a read from `y -> ...y` and then a store from `...y` into + * the array literal (to ensure constant-indices get broken up). + */ +class ArrayLiteralStep extends DataFlow::AdditionalFlowStep { + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(ArrayExpr array, int i | + pred = array.getElement(i).flow() and + succ = array.flow() + | + if i >= firstSpreadIndex(array) + then contents = DataFlow::ContentSet::arrayElement() // after a spread operator, store into unknown indices + else contents = DataFlow::ContentSet::arrayElementFromInt(i) + ) + } + + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(SpreadElement spread | + spread = any(ArrayExpr array).getAnElement() and + pred = spread.getOperand().flow() and + succ = spread.flow() and + contents = DataFlow::ContentSet::arrayElement() + ) + } +} + +pragma[nomagic] +private predicate isForLoopVariable(Variable v) { + v.getADeclarationStatement() = any(ForStmt stmt).getInit() + or + // Handle the somewhat rare case: `for (v; ...; ++v) { ... }` + v.getADeclaration() = any(ForStmt stmt).getInit() +} + +private predicate isLikelyArrayIndex(Expr e) { + // Require that 'e' is of type number and refers to a for-loop variable. + // TODO: This is here to mirror the old behaviour. Experiment with turning the 'and' into an 'or'. + TTNumber() = unique(InferredType type | type = e.flow().analyze().getAType()) and + isForLoopVariable(e.(VarAccess).getVariable()) + or + e.(PropAccess).getPropertyName() = "length" +} + +/** + * A dynamic property store `obj[e] = rhs` seen as a potential array access. + * + * We need to restrict to cases where `e` is likely to be an array index, as + * propagating data between arbitrary unknown property accesses is too imprecise. + */ +class DynamicArrayStoreStep extends DataFlow::AdditionalFlowStep { + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(Assignment assignment, IndexExpr lvalue | + lvalue = assignment.getLhs() and + not exists(lvalue.getPropertyName()) and + isLikelyArrayIndex(lvalue.getPropertyNameExpr()) and + contents = DataFlow::ContentSet::arrayElement() and + succ.(DataFlow::ExprPostUpdateNode).getPreUpdateNode() = lvalue.getBase().flow() + | + pred = assignment.(Assignment).getRhs().flow() + or + // for compound assignments, use the result of the operator + pred = assignment.(CompoundAssignExpr).flow() + ) + } +} + +class ArrayConstructorSummary extends SummarizedCallable { + ArrayConstructorSummary() { this = "Array constructor" } + + override DataFlow::InvokeNode getACallSimple() { + result = arrayConstructorRef().getAnInvocation() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0..]" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[arguments-array].WithArrayElement" and + output = "ReturnValue" + ) + or + // TODO: workaround for WithArrayElement not being converted to a taint step + preservesValue = false and + input = "Argument[arguments-array]" and + output = "ReturnValue" + } +} + +class CopyWithin extends SummarizedCallable { + CopyWithin() { this = "Array#copyWithin" } + + override InstanceCall getACallSimple() { result.getMethodName() = "copyWithin" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].WithArrayElement" and + output = "ReturnValue" + or + // TODO: workaround for WithArrayElement not being converted to a taint step + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue" + } +} + +class FlowIntoCallback extends SummarizedCallable { + FlowIntoCallback() { this = "Array method with flow into callback" } + + override InstanceCall getACallSimple() { + result.getMethodName() = ["every", "findIndex", "findLastIndex", "some"] + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + ) + } +} + +class Filter extends SummarizedCallable { + Filter() { this = "Array#filter" } + + override InstanceCall getACallSimple() { result.getMethodName() = "filter" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + or + // Note: in case the filter condition acts as a barrier/sanitizer, + // it is up to the query to mark the 'filter' call as a barrier/sanitizer + input = "Argument[this].WithArrayElement" and + output = "ReturnValue" + ) + or + // TODO: workaround for WithArrayElement not being converted to a taint step + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue" + } +} + +class Fill extends SummarizedCallable { + Fill() { this = "Array#fill" } // TODO: clear contents if no interval is given + + override InstanceCall getACallSimple() { result.getMethodName() = "fill" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..]" and + output = ["ReturnValue.ArrayElement", "Argument[this].ArrayElement"] + } +} + +class FindLike extends SummarizedCallable { + FindLike() { this = "Array#find / Array#findLast" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["find", "findLast"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = ["Argument[0].Parameter[0]", "ReturnValue"] + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + ) + } +} + +class FindLibrary extends SummarizedCallable { + FindLibrary() { this = "'array.prototype.find' / 'array-find'" } + + override DataFlow::CallNode getACallSimple() { + result = DataFlow::moduleImport(["array.prototype.find", "array-find"]).getACall() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ArrayElement" and + output = ["Argument[1].Parameter[0]", "ReturnValue"] + or + input = "Argument[2]" and + output = "Argument[1].Parameter[this]" + ) + } +} + +class Flat extends SummarizedCallable { + private int depth; + + Flat() { this = "Array#flat(" + depth + ")" and depth in [1 .. 3] } + + override InstanceCall getACallSimple() { + result.getMethodName() = "flat" and + ( + result.getNumArgument() = 1 and + result.getArgument(0).getIntValue() = depth + or + depth = 1 and + result.getNumArgument() = 0 + ) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this]" + concat(int n | n in [0 .. depth] | ".ArrayElement") + or + exists(int partialDepth | partialDepth in [1 .. depth - 1] | + input = + "Argument[this]" + concat(int n | n in [0 .. partialDepth] | ".ArrayElement") + + ".WithoutArrayElement" + ) + ) and + output = "ReturnValue.ArrayElement" + } +} + +class FlatMap extends SummarizedCallable { + FlatMap() { this = "Array#flatMap" } + + override InstanceCall getACallSimple() { result.getMethodName() = "flatMap" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[this]" and + output = "Argument[0].Parameter[2]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[1]" + or + input = "Argument[0].ReturnValue." + ["ArrayElement", "WithoutArrayElement"] and + output = "ReturnValue.ArrayElement" + ) + } +} + +private DataFlow::CallNode arrayFromCall() { + // TODO: update fromAsync model when async iterators are supported + result = arrayConstructorRef().getAMemberCall(["from", "fromAsync"]) + or + result = DataFlow::moduleImport("array-from").getACall() +} + +class From1Arg extends SummarizedCallable { + From1Arg() { this = "Array.from(arg)" } + + override DataFlow::CallNode getACallSimple() { + result = arrayFromCall() and result.getNumArgument() = 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].WithArrayElement" and + output = "ReturnValue" + or + input = "Argument[0]." + ["SetElement", "IteratorElement"] and + output = "ReturnValue.ArrayElement" + or + input = "Argument[0].MapKey" and + output = "ReturnValue.ArrayElement.Member[0]" + or + input = "Argument[0].MapValue" and + output = "ReturnValue.ArrayElement.Member[1]" + or + input = "Argument[0].IteratorError" and + output = "ReturnValue[exception]" + ) + or + // TODO: we currently convert ArrayElement read/store steps to taint steps, but this does not + // work for WithArrayElement because it's just an expectsContent node, and there's no way easy + // to omit the expectsContent restriction in taint tracking. + // Work around this for now. + preservesValue = false and + input = "Argument[0]" and + output = "ReturnValue" + } +} + +class FromManyArg extends SummarizedCallable { + FromManyArg() { this = "Array.from(arg, callback, [thisArg])" } + + override DataFlow::CallNode getACallSimple() { + result = arrayFromCall() and + result.getNumArgument() > 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] and + output = "Argument[1].Parameter[0]" + or + input = "Argument[0].MapKey" and + output = "Argument[1].Parameter[0].Member[0]" + or + input = "Argument[0].MapValue" and + output = "Argument[1].Parameter[0].Member[1]" + or + input = "Argument[1].ReturnValue" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[2]" and + output = "Argument[1].Parameter[this]" + or + input = "Argument[0].IteratorError" and + output = "ReturnValue[exception]" + ) + } +} + +class Map extends SummarizedCallable { + Map() { this = "Array#map" } + + override InstanceCall getACallSimple() { + // Note that this summary may spuriously apply to library methods named `map` such as from lodash/underscore. + // However, this will not cause spurious flow, because for such functions, the first argument will be an array, not a callback, + // and every part of the summary below uses Argument[0] in a way that requires it to be a callback. + result.getMethodName() = "map" + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[this]" and + output = "Argument[0].Parameter[2]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + or + input = "Argument[0].ReturnValue" and + output = "ReturnValue.ArrayElement" + ) + } +} + +class Of extends SummarizedCallable { + Of() { this = "Array.of" } + + override DataFlow::CallNode getACallSimple() { + result = arrayConstructorRef().getAMemberCall("of") + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..]" and + output = "ReturnValue.ArrayElement" + } +} + +class Pop extends SummarizedCallable { + Pop() { this = "Array#pop" } + + override InstanceCall getACallSimple() { result.getMethodName() = "pop" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue" + } +} + +class PushLike extends SummarizedCallable { + PushLike() { this = "Array#push / Array#unshift" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["push", "unshift"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + // TODO: make it so `arguments-array` is handled without needing to reference it explicitly in every flow-summary + input = ["Argument[0..]", "Argument[arguments-array].ArrayElement"] and + output = "Argument[this].ArrayElement" + } +} + +class ReduceLike extends SummarizedCallable { + ReduceLike() { this = "Array#reduce / Array#reduceRight" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["reduce", "reduceRight"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + /* + * Signatures: + * reduce(callbackFn, [initialValue]) + * callbackfn(accumulator, currentValue, index, array) + */ + + ( + input = ["Argument[1]", "Argument[0].ReturnValue"] and + output = "Argument[0].Parameter[0]" // accumulator + or + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[1]" // currentValue + or + input = "Argument[this]" and + output = "Argument[0].Parameter[3]" // array + or + input = "Argument[0].ReturnValue" and + output = "ReturnValue" + ) + } +} + +class Reverse extends SummarizedCallable { + Reverse() { this = "Array#reverse / Array#toReversed" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["reverse", "toReversed"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} + +class Shift extends SummarizedCallable { + Shift() { this = "Array#shift" } + + override InstanceCall getACallSimple() { result.getMethodName() = "shift" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue" + } +} + +class Sort extends SummarizedCallable { + Sort() { this = "Array#sort / Array#toSorted" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["sort", "toSorted"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0,1]" + ) + } +} + +class Splice extends SummarizedCallable { + Splice() { this = "Array#splice" } + + override InstanceCall getACallSimple() { result.getMethodName() = "splice" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[2..]" and + output = ["Argument[this].ArrayElement", "ReturnValue.ArrayElement"] + ) + } +} + +class ToSpliced extends SummarizedCallable { + ToSpliced() { this = "Array#toSpliced" } + + override InstanceCall getACallSimple() { result.getMethodName() = "toSpliced" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[2..]" and + output = "ReturnValue.ArrayElement" + ) + } +} + +class ArrayCoercionPackage extends FunctionalPackageSummary { + ArrayCoercionPackage() { this = "ArrayCoercionPackage" } + + override string getAPackageName() { result = ["arrify", "array-ify"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].WithArrayElement" and + output = "ReturnValue" + or + input = "Argument[0].WithoutArrayElement" and + output = "ReturnValue.ArrayElement" + ) + or + // TODO: workaround for WithArrayElement not being converted to a taint step + preservesValue = false and + input = "Argument[0]" and + output = "ReturnValue" + } +} + +class ArrayCopyingPackage extends FunctionalPackageSummary { + ArrayCopyingPackage() { this = "ArrayCopyingPackage" } + + override string getAPackageName() { result = ["array-union", "array-uniq", "uniq"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} + +class ArrayFlatteningPackage extends FunctionalPackageSummary { + ArrayFlatteningPackage() { this = "ArrayFlatteningPackage" } + + override string getAPackageName() { + result = ["array-flatten", "arr-flatten", "flatten", "array.prototype.flat"] + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + // TODO: properly support these. For the moment we're just adding parity with the old model + preservesValue = false and + input = "Argument[0..]" and + output = "ReturnValue" + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll index 729c76a2662d..46fe61b7a7c7 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll @@ -13,3 +13,22 @@ class InstanceCall extends DataFlow::CallNode { /** Gets the name of method being invoked */ string getMethodName() { result = this.getCalleeName() } } + +/** + * A summary a function that is the default export from an NPM package. + */ +abstract class FunctionalPackageSummary extends SummarizedCallable { + bindingset[this] + FunctionalPackageSummary() { any() } + + /** Gets a name of a package for which this summary applies. */ + abstract string getAPackageName(); + + override DataFlow::InvokeNode getACallSimple() { + result = DataFlow::moduleImport(this.getAPackageName()).getAnInvocation() + } + + override DataFlow::InvokeNode getACall() { + result = API::moduleImport(this.getAPackageName()).getAnInvocation() + } +} From 5054c43b1816be5976ed70ba9616a7a5914f1b97 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 13 Oct 2023 11:25:39 +0200 Subject: [PATCH 024/223] JS: Add flow summaries/steps for promises and async/await --- .../ql/lib/semmle/javascript/Promises.qll | 18 +- .../flow_summaries/AllFlowSummaries.qll | 2 + .../internal/flow_summaries/AsyncAwait.qll | 104 ++++++ .../flow_summaries/FlowSummaryUtil.qll | 17 + .../internal/flow_summaries/Promises2.qll | 320 ++++++++++++++++++ 5 files changed, 454 insertions(+), 7 deletions(-) create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/AsyncAwait.qll create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises2.qll diff --git a/javascript/ql/lib/semmle/javascript/Promises.qll b/javascript/ql/lib/semmle/javascript/Promises.qll index bb1ee9326d83..c254128f87b5 100644 --- a/javascript/ql/lib/semmle/javascript/Promises.qll +++ b/javascript/ql/lib/semmle/javascript/Promises.qll @@ -6,7 +6,9 @@ import javascript private import dataflow.internal.StepSummary /** - * A definition of a `Promise` object. + * A call to the `Promise` constructor, such as `new Promise((resolve, reject) => { ... })`. + * + * This includes calls to the built-in `Promise` constructor as well as promise implementations from known libraries, such as `bluebird`. */ abstract class PromiseDefinition extends DataFlow::SourceNode { /** Gets the executor function of this promise object. */ @@ -196,6 +198,8 @@ module Promises { override string getAProperty() { result = [valueProp(), errorProp()] } } + + predicate promiseConstructorRef = getAPromiseObject/0; } /** @@ -267,7 +271,7 @@ private import semmle.javascript.dataflow.internal.PreCallGraphStep * These steps are for `await p`, `new Promise()`, `Promise.resolve()`, * `Promise.then()`, `Promise.catch()`, and `Promise.finally()`. */ -private class PromiseStep extends PreCallGraphStep { +private class PromiseStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { PromiseFlow::loadStep(obj, element, prop) } @@ -459,7 +463,7 @@ module PromiseFlow { } } -private class PromiseTaintStep extends TaintTracking::SharedTaintStep { +private class PromiseTaintStep extends TaintTracking::LegacyTaintStep { override predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { // from `x` to `new Promise((res, rej) => res(x))` pred = succ.(PromiseDefinition).getResolveParameter().getACall().getArgument(0) @@ -530,7 +534,7 @@ private module AsyncReturnSteps { /** * A data-flow step for ordinary and exceptional returns from async functions. */ - private class AsyncReturn extends PreCallGraphStep { + private class AsyncReturn extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::FunctionNode f | f.getFunction().isAsync() | // ordinary return @@ -548,7 +552,7 @@ private module AsyncReturnSteps { /** * A data-flow step for ordinary return from an async function in a taint configuration. */ - private class AsyncTaintReturn extends TaintTracking::SharedTaintStep { + private class AsyncTaintReturn extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(Function f | f.isAsync() and @@ -665,7 +669,7 @@ private module ClosurePromise { /** * Taint steps through closure promise methods. */ - private class ClosurePromiseTaintStep extends TaintTracking::SharedTaintStep { + private class ClosurePromiseTaintStep extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { // static methods in goog.Promise exists(DataFlow::CallNode call, string name | @@ -699,7 +703,7 @@ private module DynamicImportSteps { * let Foo = await import('./foo'); * ``` */ - class DynamicImportStep extends PreCallGraphStep { + class DynamicImportStep extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DynamicImportExpr imprt | pred = imprt.getImportedModule().getAnExportedValue("default") and diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 90f700405c19..df293bfd499a 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -1,2 +1,4 @@ private import AmbiguousCoreMethods private import Arrays2 +private import AsyncAwait +private import Promises2 diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AsyncAwait.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AsyncAwait.qll new file mode 100644 index 000000000000..a39b0e6f43d7 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AsyncAwait.qll @@ -0,0 +1,104 @@ +/** + * Contains flow steps to model flow through `async` functions and the `await` operator. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +/** + * Steps modelling flow in an `async` function. + * + * Note about promise-coercion and flattening: + * - `await` preserves non-promise values, e.g. `await "foo"` is just `"foo"`. + * - `return` preserves existing promise values, and boxes other values in a promise. + * + * We rely on `expectsContent` and `clearsContent` to handle coercion/flattening without risk of creating a nested promise object. + * + * The following is a brief overview of the steps we generate: + * ```js + * async function foo() { + * await x; // x --- READ[promise-value] ---> await x + * await x; // x --- VALUE -----------------> await x (has clearsContent) + * await x; // x --- READ[promise-error] ---> exception target + * + * return x; // x --- VALUE --> return node (has expectsContent) + * return x; // x --- VALUE --> synthetic node (clearsContent) --- STORE[promise-value] --> return node + * + * // exceptional return node --> STORE[promise-error] --> return node + * } + * ``` + */ +class AsyncAwait extends AdditionalFlowInternal { + override predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) { + // We synthesize a clearsContent node to contain the values that need to be boxed in a promise before returning + node.(Function).isAsync() and + container.asSourceCallable() = node and + tag = "async-raw-return" + } + + override predicate clearsContent(DataFlow::Node node, DataFlow::ContentSet contents) { + node = getSynthesizedNode(_, "async-raw-return") and + contents = DataFlow::ContentSet::promiseFilter() + or + // The result of 'await' cannot be a promise. This is needed for the local flow step into 'await' + node.asExpr() instanceof AwaitExpr and + contents = DataFlow::ContentSet::promiseFilter() + } + + override predicate expectsContent(DataFlow::Node node, DataFlow::ContentSet contents) { + // The final return value must be a promise. This is needed for the local flow step into the return node. + exists(Function f | + f.isAsync() and + node = TFunctionReturnNode(f) and + contents = DataFlow::ContentSet::promiseFilter() + ) + } + + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + exists(AwaitExpr await | + // Allow non-promise values to propagate through await. + pred = await.getOperand().flow() and + succ = await.flow() // clears promise-content + ) + or + exists(Function f | + // To avoid creating a nested promise, flow to two different nodes which only permit promises/non-promises respectively + f.isAsync() and + pred = f.getAReturnedExpr().flow() + | + succ = getSynthesizedNode(f, "async-raw-return") // clears promise-content + or + succ = TFunctionReturnNode(f) // expects promise-content + ) + } + + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(AwaitExpr await | pred = await.getOperand().flow() | + contents = DataFlow::ContentSet::promiseValue() and + succ = await.flow() + or + contents = DataFlow::ContentSet::promiseError() and + succ = await.getExceptionTarget() + ) + } + + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(Function f | f.isAsync() | + // Box returned non-promise values in a promise + pred = getSynthesizedNode(f, "async-raw-return") and + contents = DataFlow::ContentSet::promiseValue() and + succ = TFunctionReturnNode(f) + or + // Store thrown exceptions in promise-error + pred = TExceptionalFunctionReturnNode(f) and + contents = DataFlow::ContentSet::promiseError() and + succ = TFunctionReturnNode(f) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll index 46fe61b7a7c7..a5df1d4716af 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll @@ -32,3 +32,20 @@ abstract class FunctionalPackageSummary extends SummarizedCallable { result = API::moduleImport(this.getAPackageName()).getAnInvocation() } } + +/** + * Gets a content from a set of contents that together represent all valid array indices. + * + * This can be used to generate flow summaries that should preserve precise array indices, + * in cases where `WithArrayElement` is not sufficient. + */ +string getAnArrayContent() { + // Values stored at a known, small index + result = "ArrayElement[" + getAPreciseArrayIndex() + "!]" + or + // Values stored at a known, but large index + result = "ArrayElement[" + (getMaxPreciseArrayIndex() + 1) + "..]" + or + // Values stored at an unknown index + result = "ArrayElement[?]" +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises2.qll new file mode 100644 index 000000000000..9a2a79e8a0ae --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises2.qll @@ -0,0 +1,320 @@ +/** + * Contains flow summaries and steps modelling flow through `Promise` objects. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +private DataFlow::SourceNode promiseConstructorRef() { + result = Promises::promiseConstructorRef() + or + result = DataFlow::moduleImport("bluebird") + or + result = DataFlow::moduleMember(["q", "kew", "bluebird"], "Promise") // note: bluebird.Promise == bluebird + or + result = Closure::moduleImport("goog.Promise") +} + +// +// Note that the 'Awaited' token has a special interpretation. +// See a write-up here: https://github.com/github/codeql-javascript-team/issues/423 +// +private class PromiseConstructor extends SummarizedCallable { + PromiseConstructor() { this = "new Promise()" } + + override DataFlow::InvokeNode getACallSimple() { + // Disabled for now. The field-flow branch limit will be negatively affected by having + // calls to multiple variants of `new Promise()`. + none() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + // TODO: when FlowSummaryImpl.qll supports these summaries, remove the workaround in PromiseConstructorWorkaround + // resolve(value) + input = "Argument[0].Parameter[0].Argument[0]" and output = "ReturnValue.Awaited" + or + // reject(value) + input = "Argument[0].Parameter[1].Argument[0]" and output = "ReturnValue.Awaited[error]" + or + // throw from executor + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + ) + } +} + +/** + * A workaround to the `PromiseConstructor`, to be used until FlowSummaryImpl.qll has sufficient support + * for callbacks. + */ +module PromiseConstructorWorkaround { + class ResolveSummary extends SummarizedCallable { + ResolveSummary() { this = "new Promise() resolve callback" } + + override DataFlow::InvokeNode getACallSimple() { + result = + promiseConstructorRef().getAnInstantiation().getCallback(0).getParameter(0).getACall() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "Argument[function].Member[resolve-value]" + } + } + + class RejectCallback extends SummarizedCallable { + RejectCallback() { this = "new Promise() reject callback" } + + override DataFlow::InvokeNode getACallSimple() { + result = + promiseConstructorRef().getAnInstantiation().getCallback(0).getParameter(1).getACall() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "Argument[function].Member[reject-value]" + } + } + + class ConstructorSummary extends SummarizedCallable { + ConstructorSummary() { this = "new Promise() workaround" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].Parameter[0].Member[resolve-value]" and + output = "ReturnValue.Awaited" + or + input = "Argument[0].Parameter[1].Member[reject-value]" and + output = "ReturnValue.Awaited[error]" + or + input = "Argument[0].ReturnValue[exception]" and + output = "ReturnValue.Awaited[error]" + ) + } + } +} + +private class PromiseThen2Arguments extends SummarizedCallable { + PromiseThen2Arguments() { this = "Promise#then() with 2 arguments" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "then" and + result.getNumArgument() = 2 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0,1].ReturnValue" and output = "ReturnValue.Awaited" + or + input = "Argument[0,1].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].Awaited[value]" and output = "Argument[0].Parameter[0]" + or + input = "Argument[this].Awaited[error]" and output = "Argument[1].Parameter[0]" + ) + } +} + +private class PromiseThen1Argument extends SummarizedCallable { + PromiseThen1Argument() { this = "Promise#then() with 1 argument" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "then" and + result.getNumArgument() = 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ReturnValue" and output = "ReturnValue.Awaited" + or + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].Awaited[value]" and output = "Argument[0].Parameter[0]" + or + input = "Argument[this].WithAwaited[error]" and output = "ReturnValue" + ) + } +} + +private class PromiseCatch extends SummarizedCallable { + PromiseCatch() { this = "Promise#catch()" } + + override InstanceCall getACallSimple() { result.getMethodName() = "catch" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ReturnValue" and output = "ReturnValue.Awaited" + or + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].Awaited[value]" and output = "ReturnValue.Awaited[value]" + or + input = "Argument[this].Awaited[error]" and output = "Argument[0].Parameter[0]" + ) + } +} + +private class PromiseFinally extends SummarizedCallable { + PromiseFinally() { this = "Promise#finally()" } + + override InstanceCall getACallSimple() { result.getMethodName() = "finally" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ReturnValue.Awaited[error]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].WithAwaited[value,error]" and output = "ReturnValue" + ) + } +} + +private class PromiseResolve extends SummarizedCallable { + PromiseResolve() { this = "Promise.resolve()" } + + override InstanceCall getACallSimple() { + result = promiseConstructorRef().getAMemberCall("resolve") + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "ReturnValue.Awaited" + } +} + +private class PromiseReject extends SummarizedCallable { + PromiseReject() { this = "Promise.reject()" } + + override InstanceCall getACallSimple() { + result = promiseConstructorRef().getAMemberCall("reject") + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "ReturnValue.Awaited[error]" + } +} + +private class PromiseAll extends SummarizedCallable { + PromiseAll() { this = "Promise.all()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall("all") + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + exists(string content | content = getAnArrayContent() | + input = "Argument[0]." + content + ".Awaited" and + output = "ReturnValue.Awaited[value]." + content + ) + or + preservesValue = true and + input = "Argument[0].ArrayElement.WithAwaited[error]" and + output = "ReturnValue" + } +} + +private class PromiseAnyLike extends SummarizedCallable { + PromiseAnyLike() { this = "Promise.any() or Promise.race()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall(["any", "race", "firstFulfilled"]) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0].ArrayElement" and + output = "ReturnValue.Awaited" + } +} + +private class PromiseAllSettled extends SummarizedCallable { + PromiseAllSettled() { this = "Promise.allSettled()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall("allSettled") + or + result = DataFlow::moduleImport("promise.allsettled").getACall() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + exists(string content | content = getAnArrayContent() | + input = "Argument[0]." + content + ".Awaited" and + output = "ReturnValue.Awaited[value]." + content + ".Member[value]" + or + input = "Argument[0]." + content + ".Awaited[error]" and + output = "ReturnValue.Awaited[value]." + content + ".Member[reason]" + ) + } +} + +private class BluebirdMapSeries extends SummarizedCallable { + BluebirdMapSeries() { this = "bluebird.mapSeries" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall("mapSeries") + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].Awaited.ArrayElement.Awaited" and + output = "Argument[1].Parameter[0]" + or + input = "Argument[0].Awaited.ArrayElement.WithAwaited[error]" and + output = "ReturnValue" + or + input = "Argument[0].WithAwaited[error]" and + output = "ReturnValue" + or + input = "Argument[1].ReturnValue.Awaited" and + output = "ReturnValue.Awaited.ArrayElement" + or + input = "Argument[1].ReturnValue.WithAwaited[error]" and + output = "ReturnValue" + ) + } +} + +/** + * - `Promise.withResolvers`, a method pending standardization, + * - `goog.Closure.withResolver()` (non-plural spelling) + * - `bluebird.Promise.defer()` + */ +private class PromiseWithResolversLike extends SummarizedCallable { + PromiseWithResolversLike() { this = "Promise.withResolvers()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall(["withResolver", "withResolvers", "defer"]) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + // TODO: not currently supported by FlowSummaryImpl.qll + input = "ReturnValue.Member[resolve].Argument[0]" and + output = "ReturnValue.Member[promise].Awaited" + or + input = "ReturnValue.Member[reject].Argument[0]" and + output = "ReturnValue.Member[promise].Awaited[error]" + ) + } +} From f0c2afe39ebd895aa3d02564480e0386320b779c Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 13:18:15 +0200 Subject: [PATCH 025/223] JS: Add flow summaries for maps and sets --- .../ql/lib/semmle/javascript/Collections.qll | 16 +-- .../flow_summaries/AllFlowSummaries.qll | 2 + .../internal/flow_summaries/Maps2.qll | 120 ++++++++++++++++++ .../internal/flow_summaries/Sets2.qll | 46 +++++++ 4 files changed, 176 insertions(+), 8 deletions(-) create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps2.qll create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets2.qll diff --git a/javascript/ql/lib/semmle/javascript/Collections.qll b/javascript/ql/lib/semmle/javascript/Collections.qll index a0e251554ff7..5f54dc57f1b2 100644 --- a/javascript/ql/lib/semmle/javascript/Collections.qll +++ b/javascript/ql/lib/semmle/javascript/Collections.qll @@ -16,7 +16,7 @@ private module CollectionDataFlow { /** * A step for `Set.add()` method, which adds an element to a Set. */ - private class SetAdd extends PreCallGraphStep { + private class SetAdd extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::MethodCallNode call | call = obj.getAMethodCall("add") and @@ -29,7 +29,7 @@ private module CollectionDataFlow { /** * A step for the `Set` constructor, which copies any elements from the first argument into the resulting set. */ - private class SetConstructor extends PreCallGraphStep { + private class SetConstructor extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { @@ -49,7 +49,7 @@ private module CollectionDataFlow { * For sets and iterators the l-value are the elements of the set/iterator. * For maps the l-value is a tuple containing a key and a value. */ - private class ForOfStep extends PreCallGraphStep { + private class ForOfStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node e, string prop) { exists(ForOfStmt forOf | obj = forOf.getIterationDomain().flow() and @@ -73,7 +73,7 @@ private module CollectionDataFlow { /** * A step for a call to `forEach` on a Set or Map. */ - private class SetMapForEach extends PreCallGraphStep { + private class SetMapForEach extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = "forEach" and @@ -88,7 +88,7 @@ private module CollectionDataFlow { * A call to the `get` method on a Map. * If the key of the call to `get` has a known string value, then only the value corresponding to that key will be retrieved. (The known string value is encoded as part of the pseudo-property) */ - private class MapGet extends PreCallGraphStep { + private class MapGet extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = "get" and @@ -108,7 +108,7 @@ private module CollectionDataFlow { * Otherwise the value will be stored into a pseudo-property corresponding to values with unknown keys. * The value will additionally be stored into a pseudo-property corresponding to all values. */ - class MapSet extends PreCallGraphStep { + class MapSet extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::MethodCallNode call | call = obj.getAMethodCall("set") and @@ -121,7 +121,7 @@ private module CollectionDataFlow { /** * A step for a call to `values` on a Map or a Set. */ - private class MapAndSetValues extends PreCallGraphStep { + private class MapAndSetValues extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { @@ -138,7 +138,7 @@ private module CollectionDataFlow { /** * A step for a call to `keys` on a Set. */ - private class SetKeys extends PreCallGraphStep { + private class SetKeys extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index df293bfd499a..d500c953cc7e 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -1,4 +1,6 @@ private import AmbiguousCoreMethods private import Arrays2 private import AsyncAwait +private import Maps2 private import Promises2 +private import Sets2 diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps2.qll new file mode 100644 index 000000000000..57d4fb69340b --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps2.qll @@ -0,0 +1,120 @@ +/** + * Contains flow summaries and steps modelling flow through `Map` objects. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +private DataFlow::SourceNode mapConstructorRef() { result = DataFlow::globalVarRef("Map") } + +class MapConstructor extends SummarizedCallable { + MapConstructor() { this = "Map constructor" } + + override DataFlow::InvokeNode getACallSimple() { + result = mapConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] + ".Member[0]" and + output = "ReturnValue.MapKey" + or + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] + ".Member[1]" and + output = "ReturnValue.MapValue" + or + input = ["Argument[0].WithMapKey", "Argument[0].WithMapValue"] and + output = "ReturnValue" + ) + } +} + +/** + * A read step for `Map#get`. + * + * This is implemented as a step instead of a flow summary, as we currently do not expose a MaD syntax + * for map values with a known key. + */ +class MapGetStep extends DataFlow::AdditionalFlowStep { + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(DataFlow::MethodCallNode call | + call.getMethodName() = "get" and + call.getNumArgument() = 1 and + pred = call.getReceiver() and + succ = call + | + contents = DataFlow::ContentSet::mapValueFromKey(call.getArgument(0).getStringValue()) + or + not exists(call.getArgument(0).getStringValue()) and + contents = DataFlow::ContentSet::mapValueAll() + ) + } +} + +/** + * A read step for `Map#set`. + * + * This is implemented as a step instead of a flow summary, as we currently do not expose a MaD syntax + * for map values with a known key. + */ +class MapSetStep extends DataFlow::AdditionalFlowStep { + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(DataFlow::MethodCallNode call | + call.getMethodName() = "set" and + call.getNumArgument() = 2 and + pred = call.getArgument(1) and + succ.(DataFlow::ExprPostUpdateNode).getPreUpdateNode() = call.getReceiver() + | + contents = DataFlow::ContentSet::mapValueFromKey(call.getArgument(0).getStringValue()) + or + not exists(call.getArgument(0).getStringValue()) and + contents = DataFlow::ContentSet::mapValueWithUnknownKey() + ) + } +} + +class MapGet extends SummarizedCallable { + MapGet() { this = "Map#get" } + + override DataFlow::MethodCallNode getACallSimple() { + none() and // Disabled for now - need MaD syntax for known map values + result.getMethodName() = "get" and + result.getNumArgument() = 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].MapValue" and + output = "ReturnValue" + } +} + +class MapSet extends SummarizedCallable { + MapSet() { this = "Map#set" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "set" and + result.getNumArgument() = 2 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = ["Argument[this].WithMapKey", "Argument[this].WithMapValue"] and + output = "ReturnValue" + or + preservesValue = true and + none() and // Disabled for now - need MaD syntax for known map values + ( + input = "Argument[0]" and + output = "Argument[this].MapKey" + or + input = "Argument[1]" and + output = "Argument[this].MapValue" + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets2.qll new file mode 100644 index 000000000000..1880eb569bf5 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets2.qll @@ -0,0 +1,46 @@ +/** + * Contains flow summaries and steps modelling flow through `Set` objects. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +private DataFlow::SourceNode setConstructorRef() { result = DataFlow::globalVarRef("Set") } + +class SetConstructor extends SummarizedCallable { + SetConstructor() { this = "Set constructor" } + + override DataFlow::InvokeNode getACallSimple() { + result = setConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] and + output = "ReturnValue.SetElement" + or + input = "Argument[0].MapKey" and + output = "ReturnValue.SetElement.Member[0]" + or + input = "Argument[0].MapValue" and + output = "ReturnValue.SetElement.Member[1]" + ) + } +} + +class SetAdd extends SummarizedCallable { + SetAdd() { this = "Set#add" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "add" and + result.getNumArgument() = 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "Argument[this].SetElement" + } +} From da3a0de814808c1ba06181d20e623416fbb1faf1 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 15:52:49 +0200 Subject: [PATCH 026/223] JS: Port String#replace to flow summary --- .../javascript/dataflow/TaintTracking.qll | 31 +++++--- .../flow_summaries/AllFlowSummaries.qll | 1 + .../internal/flow_summaries/Strings2.qll | 72 +++++++++++++++++++ 3 files changed, 93 insertions(+), 11 deletions(-) create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings2.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 3b62b33c4ada..eb58a1d30555 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -409,18 +409,27 @@ module TaintTracking { ]).getACall() and pred = c.getArgument(0) ) + ) + } + } + + /** + * A taint propagating edge for the string `replace` function. + * + * This is a legacy step as it crosses a function boundary, and would thus be converted to a jump step. + */ + private class ReplaceCallbackSteps extends LegacyTaintStep { + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + // In and out of .replace callbacks + exists(StringReplaceCall call | + // Into the callback if the regexp does not sanitize matches + hasWildcardReplaceRegExp(call) and + pred = call.getReceiver() and + succ = call.getReplacementCallback().getParameter(0) or - // In and out of .replace callbacks - exists(StringReplaceCall call | - // Into the callback if the regexp does not sanitize matches - hasWildcardReplaceRegExp(call) and - pred = call.getReceiver() and - succ = call.getReplacementCallback().getParameter(0) - or - // Out of the callback - pred = call.getReplacementCallback().getReturnNode() and - succ = call - ) + // Out of the callback + pred = call.getReplacementCallback().getReturnNode() and + succ = call ) } } diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index d500c953cc7e..c299f0b0aac3 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -4,3 +4,4 @@ private import AsyncAwait private import Maps2 private import Promises2 private import Sets2 +private import Strings2 diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings2.qll new file mode 100644 index 000000000000..cfa8688105ec --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings2.qll @@ -0,0 +1,72 @@ +/** + * Contains flow summaries and steps modelling flow through string methods. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary + +/** Holds if the given call takes a regexp containing a wildcard. */ +pragma[noinline] +private predicate hasWildcardReplaceRegExp(StringReplaceCall call) { + RegExp::isWildcardLike(call.getRegExp().getRoot().getAChild*()) +} + +/** + * Summary for calls to `.replace` or `.replaceAll` (without a regexp pattern containing a wildcard). + */ +private class StringReplaceNoWildcard extends SummarizedCallable { + StringReplaceNoWildcard() { + this = "String#replace / String#replaceAll (without wildcard pattern)" + } + + override StringReplaceCall getACall() { not hasWildcardReplaceRegExp(result) } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = false and + ( + input = "Argument[this]" and + output = "ReturnValue" + or + input = "Argument[1].ReturnValue" and + output = "ReturnValue" + ) + } +} + +/** + * Summary for calls to `.replace` or `.replaceAll` (with a regexp pattern containing a wildcard). + * + * In this case, the receiver is considered to flow into the callback. + */ +private class StringReplaceWithWildcard extends SummarizedCallable { + StringReplaceWithWildcard() { + this = "String#replace / String#replaceAll (with wildcard pattern)" + } + + override StringReplaceCall getACall() { hasWildcardReplaceRegExp(result) } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = false and + ( + input = "Argument[this]" and + output = ["ReturnValue", "Argument[1].Parameter[0]"] + or + input = "Argument[1].ReturnValue" and + output = "ReturnValue" + ) + } +} + +class StringSplit extends SummarizedCallable { + StringSplit() { this = "String#split" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "split" and result.getNumArgument() = 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue.ArrayElement" + } +} From 0c2e52baba1f73069072bcdc27d2a21506f7b2bc Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 15:58:51 +0200 Subject: [PATCH 027/223] JS: Summary/steps for iterators and generators --- .../ql/lib/semmle/javascript/Generators.qll | 2 +- .../flow_summaries/AllFlowSummaries.qll | 3 + .../internal/flow_summaries/ForOfLoops.qll | 53 +++++++++++++++++ .../internal/flow_summaries/Generators.qll | 59 +++++++++++++++++++ .../internal/flow_summaries/Iterators2.qll | 29 +++++++++ 5 files changed, 145 insertions(+), 1 deletion(-) create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/Generators.qll create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators2.qll diff --git a/javascript/ql/lib/semmle/javascript/Generators.qll b/javascript/ql/lib/semmle/javascript/Generators.qll index 06a19d1cfdfd..b2b81ef5c882 100644 --- a/javascript/ql/lib/semmle/javascript/Generators.qll +++ b/javascript/ql/lib/semmle/javascript/Generators.qll @@ -11,7 +11,7 @@ private import semmle.javascript.dataflow.internal.PreCallGraphStep private module GeneratorDataFlow { private import DataFlow::PseudoProperties - private class ArrayIteration extends PreCallGraphStep { + private class ArrayIteration extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::FunctionNode f | f.getFunction().isGenerator() | prop = iteratorElement() and diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index c299f0b0aac3..ca8e2aebf69f 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -1,6 +1,9 @@ private import AmbiguousCoreMethods private import Arrays2 private import AsyncAwait +private import ForOfLoops +private import Generators +private import Iterators2 private import Maps2 private import Promises2 private import Sets2 diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll new file mode 100644 index 000000000000..0efe77bcab88 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll @@ -0,0 +1,53 @@ +/** + * Contains flow steps to model flow through `for..of` loops. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +class ForOfLoopStep extends AdditionalFlowInternal { + override predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) { + // Intermediate nodes to convert (MapKey, MapValue) to a `[key, value]` array. + node instanceof ForOfStmt and + tag = ["map-key", "map-value"] and + container.asSourceCallable() = node.getContainer() + } + + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(ForOfStmt stmt | pred = stmt.getIterationDomain().flow() | + contents = + [ + DataFlow::ContentSet::arrayElement(), DataFlow::ContentSet::setElement(), + DataFlow::ContentSet::iteratorElement() + ] and + succ = DataFlow::lvalueNode(stmt.getLValue()) + or + contents = DataFlow::ContentSet::mapKey() and + succ = getSynthesizedNode(stmt, "map-key") + or + contents = DataFlow::ContentSet::mapValueAll() and + succ = getSynthesizedNode(stmt, "map-value") + or + contents = DataFlow::ContentSet::iteratorError() and + succ = stmt.getIterationDomain().getExceptionTarget() + ) + } + + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(ForOfStmt stmt | + pred = getSynthesizedNode(stmt, "map-key") and + contents.asArrayIndex() = 0 + or + pred = getSynthesizedNode(stmt, "map-value") and + contents.asArrayIndex() = 1 + | + succ = DataFlow::lvalueNode(stmt.getLValue()) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Generators.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Generators.qll new file mode 100644 index 000000000000..e187b5751cfd --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Generators.qll @@ -0,0 +1,59 @@ +/** + * Contains flow steps to model flow through generator functions. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal + +/** + * Steps modelling flow out of a generator function: + * ```js + * function* foo() { + * yield x; // store 'x' in the return value's IteratorElement + * yield* y; // flow directly to return value, which has expectsContent, so only iterator contents can pass through. + * throw z; // store 'z' in the return value's IteratorError + * } + * ``` + */ +class GeneratorFunctionStep extends AdditionalFlowInternal { + override predicate expectsContent(DataFlow::Node node, DataFlow::ContentSet contents) { + // Ensure that the return value can only return iterator contents. This is needed for 'yield*'. + exists(Function fun | + fun.isGenerator() and + node = TFunctionReturnNode(fun) and + contents = DataFlow::ContentSet::iteratorFilter() + ) + } + + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + // `yield x`. Store into the return value's iterator element. + exists(Function fun, YieldExpr yield | fun.isGenerator() | + not yield.isDelegating() and + yield.getContainer() = fun and + pred = yield.getOperand().flow() and + contents = DataFlow::ContentSet::iteratorElement() and + succ = TFunctionReturnNode(fun) + ) + or + exists(Function f | f.isGenerator() | + // Store thrown exceptions in the iterator-error + pred = TExceptionalFunctionReturnNode(f) and + succ = TFunctionReturnNode(f) and + contents = DataFlow::ContentSet::iteratorError() + ) + } + + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + // `yield* x`. Flow into the return value, which has expectsContent, so only iterator contents can pass through. + exists(Function fun, YieldExpr yield | + fun.isGenerator() and + yield.getContainer() = fun and + yield.isDelegating() and + pred = yield.getOperand().flow() and + succ = TFunctionReturnNode(fun) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators2.qll new file mode 100644 index 000000000000..94afac527873 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators2.qll @@ -0,0 +1,29 @@ +/** + * Contains flow summaries and steps modelling flow through iterators. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import FlowSummaryUtil + +class IteratorNext extends SummarizedCallable { + IteratorNext() { this = "Iterator#next" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "next" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].IteratorElement" and + output = "ReturnValue.Member[value]" + or + input = "Argument[this].IteratorError" and + output = "ReturnValue[exception]" + ) + } +} From e31ae3a1bf50b956d4f203c0a55609cf4c73df19 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 3 Oct 2023 16:01:45 +0200 Subject: [PATCH 028/223] JS: Model JSON.stringify with "deep" read operators --- .../dataflow/internal/DataFlowPrivate.qll | 13 ++++++++++++ .../dataflow/internal/FlowSummaryPrivate.qll | 8 ++++++++ .../flow_summaries/AllFlowSummaries.qll | 1 + .../internal/flow_summaries/JsonStringify.qll | 20 +++++++++++++++++++ 4 files changed, 42 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 693767bb7100..440f36332016 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -661,6 +661,19 @@ predicate readStep(Node node1, ContentSet c, Node node2) { c = ContentSet::promiseValue() ) or + // For deep reads, generate read edges with a self-loop + exists(Node origin, ContentSet contentSet | + FlowSummaryImpl::Private::Steps::summaryReadStep(origin.(FlowSummaryNode).getSummaryNode(), + contentSet, node2.(FlowSummaryNode).getSummaryNode()) and + node1 = [origin, node2] + | + contentSet = MkAnyPropertyDeep() and + c = ContentSet::anyProperty() + or + contentSet = MkArrayElementDeep() and + c = ContentSet::arrayElement() + ) + or DataFlow::AdditionalFlowStep::readStep(node1, c, node2) } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index 32739451ede5..a872dc101354 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -205,6 +205,14 @@ SummaryComponent interpretComponentSpecific(Private::AccessPathToken c) { c.getName() = "Awaited" and c.getNumArgument() = 0 and result = SummaryComponent::content(MkAwaited()) + or + c.getName() = "AnyMemberDeep" and + c.getNumArgument() = 0 and + result = SummaryComponent::content(MkAnyPropertyDeep()) + or + c.getName() = "ArrayElementDeep" and + c.getNumArgument() = 0 and + result = SummaryComponent::content(MkArrayElementDeep()) } private string getMadStringFromContentSetAux(ContentSet cs) { diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index ca8e2aebf69f..9ca967f73540 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -4,6 +4,7 @@ private import AsyncAwait private import ForOfLoops private import Generators private import Iterators2 +private import JsonStringify private import Maps2 private import Promises2 private import Sets2 diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll new file mode 100644 index 000000000000..86779b8e7ecb --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll @@ -0,0 +1,20 @@ +/** + * Contains implicit read steps at the input to any function that converts a deep object to a string, such as `JSON.stringify`. + */ + +private import javascript +private import FlowSummaryUtil +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.FlowSummary + +private class JsonStringifySummary extends SummarizedCallable { + JsonStringifySummary() { this = "JSON.stringify" } + + override DataFlow::InvokeNode getACall() { result instanceof JsonStringifyCall } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = false and + input = ["Argument[0]", "Argument[0].AnyMemberDeep"] and + output = "ReturnValue" + } +} From 9fef8803ed7874151027daa9674ab705f9b136f4 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 14:39:52 +0200 Subject: [PATCH 029/223] JS: Avoid BarrierGuardNode's range from depending on Configuration --- .../javascript/dataflow/Configuration.qll | 83 ++++++++++--------- 1 file changed, 45 insertions(+), 38 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index 29f55ed01a68..698c823ecdcf 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -161,7 +161,7 @@ abstract class Configuration extends string { * Holds if the intermediate flow node `node` is prohibited. */ predicate isBarrier(DataFlow::Node node) { - exists(BarrierGuardNode guard | + exists(BarrierGuardNodeInternal guard | isBarrierGuardInternal(this, guard) and barrierGuardBlocksNode(guard, node, "") ) @@ -201,7 +201,7 @@ abstract class Configuration extends string { * Holds if flow with label `lbl` cannot flow into `node`. */ predicate isLabeledBarrier(DataFlow::Node node, FlowLabel lbl) { - exists(BarrierGuardNode guard | + exists(BarrierGuardNodeInternal guard | isBarrierGuardInternal(this, guard) and barrierGuardBlocksNode(guard, node, lbl) ) @@ -282,10 +282,12 @@ abstract class Configuration extends string { * `isBarrierGuard` or `AdditionalBarrierGuardNode`. */ pragma[nomagic] -private predicate isBarrierGuardInternal(Configuration cfg, BarrierGuardNode guard) { +private predicate isBarrierGuardInternal(Configuration cfg, BarrierGuardNodeInternal guard) { cfg.isBarrierGuard(guard) or guard.(AdditionalBarrierGuardNode).appliesTo(cfg) + or + guard.(DerivedBarrierGuardNode).appliesTo(cfg) } /** @@ -348,6 +350,8 @@ module FlowLabel { FlowLabel taint() { result = "taint" } } +abstract private class BarrierGuardNodeInternal extends DataFlow::Node { } + /** * A node that can act as a barrier when appearing in a condition. * @@ -359,7 +363,7 @@ module FlowLabel { * classes as precise as possible: if two subclasses of `BarrierGuardNode` overlap, their * implementations of `blocks` will _both_ apply to any configuration that includes either of them. */ -abstract class BarrierGuardNode extends DataFlow::Node { +abstract class BarrierGuardNode extends BarrierGuardNodeInternal { /** * Holds if this node blocks expression `e` provided it evaluates to `outcome`. * @@ -373,6 +377,20 @@ abstract class BarrierGuardNode extends DataFlow::Node { predicate blocks(boolean outcome, Expr e, FlowLabel label) { none() } } +/** + * Barrier guards derived from other barrier guards. + */ +abstract private class DerivedBarrierGuardNode extends BarrierGuardNodeInternal { + abstract predicate appliesTo(Configuration cfg); + + /** + * Holds if this node blocks expression `e` from flow of type `label`, provided it evaluates to `outcome`. + * + * `label` is bound to the empty string if it blocks all flow labels. + */ + abstract predicate blocks(boolean outcome, Expr e, string label); +} + /** * Holds if data flow node `guard` acts as a barrier for data flow. * @@ -380,24 +398,20 @@ abstract class BarrierGuardNode extends DataFlow::Node { */ pragma[nomagic] private predicate barrierGuardBlocksExpr( - BarrierGuardNode guard, boolean outcome, Expr test, string label + BarrierGuardNodeInternal guard, boolean outcome, Expr test, string label ) { - guard.blocks(outcome, test) and label = "" - or - guard.blocks(outcome, test, label) + guard.(BarrierGuardNode).blocks(outcome, test) and label = "" or - // Handle labelled barrier guard functions specially, to avoid negative recursion - // through the non-abstract 3-argument version of blocks(). - guard.(AdditionalBarrierGuardCall).internalBlocksLabel(outcome, test, label) + guard.(BarrierGuardNode).blocks(outcome, test, label) or - guard.(CallAgainstEqualityCheck).internalBlocksLabel(outcome, test, label) + guard.(DerivedBarrierGuardNode).blocks(outcome, test, label) } /** * Holds if `guard` may block the flow of a value reachable through exploratory flow. */ pragma[nomagic] -private predicate barrierGuardIsRelevant(BarrierGuardNode guard) { +private predicate barrierGuardIsRelevant(BarrierGuardNodeInternal guard) { exists(Expr e | barrierGuardBlocksExpr(guard, _, e, _) and isRelevantForward(e.flow(), _) @@ -412,7 +426,7 @@ private predicate barrierGuardIsRelevant(BarrierGuardNode guard) { */ pragma[nomagic] private predicate barrierGuardBlocksAccessPath( - BarrierGuardNode guard, boolean outcome, AccessPath ap, string label + BarrierGuardNodeInternal guard, boolean outcome, AccessPath ap, string label ) { barrierGuardIsRelevant(guard) and barrierGuardBlocksExpr(guard, outcome, ap.getAnInstance(), label) @@ -425,7 +439,7 @@ private predicate barrierGuardBlocksAccessPath( */ pragma[nomagic] private predicate barrierGuardBlocksSsaRefinement( - BarrierGuardNode guard, boolean outcome, SsaRefinementNode ref, string label + BarrierGuardNodeInternal guard, boolean outcome, SsaRefinementNode ref, string label ) { barrierGuardIsRelevant(guard) and guard.getEnclosingExpr() = ref.getGuard().getTest() and @@ -441,7 +455,7 @@ private predicate barrierGuardBlocksSsaRefinement( */ pragma[nomagic] private predicate barrierGuardUsedInCondition( - BarrierGuardNode guard, ConditionGuardNode cond, boolean outcome + BarrierGuardNodeInternal guard, ConditionGuardNode cond, boolean outcome ) { barrierGuardIsRelevant(guard) and outcome = cond.getOutcome() and @@ -459,7 +473,9 @@ private predicate barrierGuardUsedInCondition( * `label` is bound to the blocked label, or the empty string if all labels should be blocked. */ pragma[nomagic] -private predicate barrierGuardBlocksNode(BarrierGuardNode guard, DataFlow::Node nd, string label) { +private predicate barrierGuardBlocksNode( + BarrierGuardNodeInternal guard, DataFlow::Node nd, string label +) { // 1) `nd` is a use of a refinement node that blocks its input variable exists(SsaRefinementNode ref, boolean outcome | nd = DataFlow::ssaDefinitionNode(ref) and @@ -483,7 +499,7 @@ private predicate barrierGuardBlocksNode(BarrierGuardNode guard, DataFlow::Node */ pragma[nomagic] private predicate barrierGuardBlocksEdge( - BarrierGuardNode guard, DataFlow::Node pred, DataFlow::Node succ, string label + BarrierGuardNodeInternal guard, DataFlow::Node pred, DataFlow::Node succ, string label ) { exists( SsaVariable input, SsaPhiNode phi, BasicBlock bb, ConditionGuardNode cond, boolean outcome @@ -503,7 +519,7 @@ private predicate barrierGuardBlocksEdge( * This predicate exists to get a better join-order for the `barrierGuardBlocksEdge` predicate above. */ pragma[noinline] -private BasicBlock getADominatedBasicBlock(BarrierGuardNode guard, ConditionGuardNode cond) { +private BasicBlock getADominatedBasicBlock(BarrierGuardNodeInternal guard, ConditionGuardNode cond) { barrierGuardIsRelevant(guard) and guard.getEnclosingExpr() = cond.getTest() and cond.dominates(result) @@ -518,7 +534,7 @@ private BasicBlock getADominatedBasicBlock(BarrierGuardNode guard, ConditionGuar private predicate isBarrierEdgeRaw(Configuration cfg, DataFlow::Node pred, DataFlow::Node succ) { cfg.isBarrierEdge(pred, succ) or - exists(DataFlow::BarrierGuardNode guard | + exists(BarrierGuardNodeInternal guard | cfg.isBarrierGuard(guard) and barrierGuardBlocksEdge(guard, pred, succ, "") ) @@ -548,7 +564,7 @@ private predicate isLabeledBarrierEdgeRaw( ) { cfg.isBarrierEdge(pred, succ, label) or - exists(DataFlow::BarrierGuardNode guard | + exists(BarrierGuardNodeInternal guard | cfg.isBarrierGuard(guard) and barrierGuardBlocksEdge(guard, pred, succ, label) ) @@ -1843,7 +1859,7 @@ module PathGraph { /** * Gets a logical `and` expression, or parenthesized expression, that contains `guard`. */ -private Expr getALogicalAndParent(BarrierGuardNode guard) { +private Expr getALogicalAndParent(BarrierGuardNodeInternal guard) { barrierGuardIsRelevant(guard) and result = guard.asExpr() or result.(LogAndExpr).getAnOperand() = getALogicalAndParent(guard) @@ -1854,7 +1870,7 @@ private Expr getALogicalAndParent(BarrierGuardNode guard) { /** * Gets a logical `or` expression, or parenthesized expression, that contains `guard`. */ -private Expr getALogicalOrParent(BarrierGuardNode guard) { +private Expr getALogicalOrParent(BarrierGuardNodeInternal guard) { barrierGuardIsRelevant(guard) and result = guard.asExpr() or result.(LogOrExpr).getAnOperand() = getALogicalOrParent(guard) @@ -1879,7 +1895,7 @@ abstract class AdditionalBarrierGuardNode extends BarrierGuardNode { */ private class BarrierGuardFunction extends Function { DataFlow::ParameterNode sanitizedParameter; - BarrierGuardNode guard; + BarrierGuardNodeInternal guard; boolean guardOutcome; string label; int paramIndex; @@ -1923,23 +1939,18 @@ private class BarrierGuardFunction extends Function { ) } - /** - * Holds if this function applies to the flow in `cfg`. - */ predicate appliesTo(Configuration cfg) { isBarrierGuardInternal(cfg, guard) } } /** * A call that sanitizes an argument. */ -private class AdditionalBarrierGuardCall extends AdditionalBarrierGuardNode, DataFlow::CallNode { +private class AdditionalBarrierGuardCall extends DerivedBarrierGuardNode, DataFlow::CallNode { BarrierGuardFunction f; AdditionalBarrierGuardCall() { f.isBarrierCall(this, _, _, _) } - override predicate blocks(boolean outcome, Expr e) { f.isBarrierCall(this, e, outcome, "") } - - predicate internalBlocksLabel(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocks(boolean outcome, Expr e, string label) { f.isBarrierCall(this, e, outcome, label) } @@ -1955,8 +1966,8 @@ private class AdditionalBarrierGuardCall extends AdditionalBarrierGuardNode, Dat * } * ``` */ -private class CallAgainstEqualityCheck extends AdditionalBarrierGuardNode { - DataFlow::BarrierGuardNode prev; +private class CallAgainstEqualityCheck extends DerivedBarrierGuardNode { + BarrierGuardNodeInternal prev; boolean polarity; CallAgainstEqualityCheck() { @@ -1968,11 +1979,7 @@ private class CallAgainstEqualityCheck extends AdditionalBarrierGuardNode { ) } - override predicate blocks(boolean outcome, Expr e) { - none() // handled by internalBlocksLabel - } - - predicate internalBlocksLabel(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocks(boolean outcome, Expr e, string lbl) { exists(boolean prevOutcome | barrierGuardBlocksExpr(prev, prevOutcome, e, lbl) and outcome = prevOutcome.booleanXor(polarity) From 3ef478669b62a6b0da1bebfe9b346a04d369b541 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 14:41:59 +0200 Subject: [PATCH 030/223] JS: Collapse some cached stages --- .../javascript/dataflow/internal/DataFlowNode.qll | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index 5ae1c7e71380..c34928f3b596 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -6,6 +6,8 @@ private import javascript private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.Contents::Private +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon private import semmle.javascript.dataflow.internal.DataFlowPrivate as DataFlowPrivate private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl cached @@ -58,6 +60,18 @@ private module Cached { TGenericSynthesizedNode(AstNode node, string tag, DataFlowPrivate::DataFlowCallable container) { any(AdditionalFlowInternal flow).needsSynthesizedNode(node, tag, container) } + + cached + private module Backref { + cached + predicate backref() { + DataFlowImplCommon::forceCachingInSameStage() or + exists(any(DataFlow::Node node).toString()) or + exists(any(DataFlow::Node node).getContainer()) or + any(DataFlow::Node node).hasLocationInfo(_, _, _, _, _) or + exists(any(Content c).toString()) + } + } } import Cached From 16df2c31bb4ac690bbed061365ea61acd323bd8e Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 15:10:40 +0200 Subject: [PATCH 031/223] Create DataFlowImplConsistency.qll --- .../internal/DataFlowImplConsistency.qll | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll new file mode 100644 index 000000000000..a4cf01999303 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll @@ -0,0 +1,42 @@ +private import javascript +private import codeql.dataflow.internal.DataFlowImplConsistency +private import sharedlib.DataFlowArg +private import semmle.javascript.dataflow.internal.DataFlowPrivate +private import semmle.javascript.dataflow.internal.DataFlowNode + +private module ConsistencyConfig implements InputSig { + private predicate isAmbientNode(DataFlow::Node node) { + exists(AstNode n | n.isAmbient() | + node = TValueNode(n) or + node = TThisNode(n) or + node = TReflectiveParametersNode(n) or + node = TPropNode(n) or + node = TFunctionSelfReferenceNode(n) or + node = TExceptionalFunctionReturnNode(n) or + node = TExprPostUpdateNode(n) or + node = TExceptionalInvocationReturnNode(n) or + node = TDestructuredModuleImportNode(n) + ) + } + + predicate missingLocationExclude(DataFlow::Node n) { + n instanceof FlowSummaryNode + or + n instanceof FlowSummaryIntermediateAwaitStoreNode + or + n instanceof GenericSynthesizedNode + or + n = DataFlow::globalAccessPathRootPseudoNode() + } + + predicate uniqueNodeLocationExclude(DataFlow::Node n) { missingLocationExclude(n) } + + predicate uniqueEnclosingCallableExclude(DataFlow::Node n) { isAmbientNode(n) } + + predicate uniqueCallEnclosingCallableExclude(DataFlowCall call) { + isAmbientNode(call.asOrdinaryCall()) or + isAmbientNode(call.asAccessorCall()) + } +} + +module Consistency = MakeConsistency; From 7bcf8b858babfea0a3e36ce61145954c249e13ac Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 15:15:23 +0200 Subject: [PATCH 032/223] JS: Capture flow --- .../javascript/dataflow/Configuration.qll | 1 + .../dataflow/internal/DataFlowNode.qll | 3 + .../dataflow/internal/DataFlowPrivate.qll | 109 ++++++ .../dataflow/internal/VariableCapture.qll | 323 ++++++++++++++++++ 4 files changed, 436 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index 698c823ecdcf..1788df28d7d0 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -1994,6 +1994,7 @@ private class CallAgainstEqualityCheck extends DerivedBarrierGuardNode { * Can be added to a `isBarrier` in a data-flow configuration to block flow through such checks. */ class VarAccessBarrier extends DataFlow::Node { + // TODO: This does not work in dataflow2 when the variable is captured, since the capture-flow library bypasses the refinement node. VarAccessBarrier() { exists(ConditionGuardNode guard, SsaRefinementNode refinement | this = DataFlow::ssaDefinitionNode(refinement) and diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index c34928f3b596..8323bc23314f 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -10,6 +10,8 @@ private import semmle.javascript.dataflow.internal.Contents::Private private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon private import semmle.javascript.dataflow.internal.DataFlowPrivate as DataFlowPrivate private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.VariableCapture as VariableCapture + cached private module Cached { /** @@ -57,6 +59,7 @@ private module Cached { TFlowSummaryIntermediateAwaitStoreNode(FlowSummaryImpl::Private::SummaryNode sn) { FlowSummaryImpl::Private::Steps::summaryStoreStep(sn, MkAwaited(), _) } or + TSynthCaptureNode(VariableCapture::VariableCaptureOutput::SynthesizedCaptureNode node) or TGenericSynthesizedNode(AstNode node, string tag, DataFlowPrivate::DataFlowCallable container) { any(AdditionalFlowInternal flow).needsSynthesizedNode(node, tag, container) } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 440f36332016..15dda32622b7 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -42,6 +42,30 @@ class FlowSummaryIntermediateAwaitStoreNode extends DataFlow::Node, } } +class CaptureNode extends DataFlow::Node, TSynthCaptureNode { + /** Gets the underlying node from the variable-capture library. */ + VariableCaptureOutput::SynthesizedCaptureNode getNode() { + this = TSynthCaptureNode(result) and DataFlowImplCommon::forceCachingInSameStage() + } + + cached + override StmtContainer getContainer() { result = this.getNode().getEnclosingCallable() } + + cached + private string toStringInternal() { result = this.getNode().toString() } + + override string toString() { result = this.toStringInternal() } // cached in parent class + + cached + private Location getLocation() { result = this.getNode().getLocation() } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } +} + class GenericSynthesizedNode extends DataFlow::Node, TGenericSynthesizedNode { private AstNode node; private string tag; @@ -145,6 +169,8 @@ predicate postUpdatePair(Node pre, Node post) { or FlowSummaryImpl::Private::summaryPostUpdateNode(post.(FlowSummaryNode).getSummaryNode(), pre.(FlowSummaryNode).getSummaryNode()) + or + VariableCaptureOutput::capturePostUpdateNode(getClosureNode(post), getClosureNode(pre)) } class CastNode extends DataFlow::Node instanceof EmptyType { } @@ -232,6 +258,15 @@ private predicate isArgumentNodeImpl(Node n, DataFlowCall call, ArgumentPosition or pos.isFunctionSelfReference() and n = call.asOrdinaryCall().getCalleeNode() or + pos.isFunctionSelfReference() and n = call.asImpliedLambdaCall().flow() + or + exists(Function fun | + call.asImpliedLambdaCall() = fun and + CallGraph::impliedReceiverStep(n, TThisNode(fun)) and + sameContainerAsEnclosingContainer(n, fun) and + pos.isThis() + ) + or pos.isThis() and n = TConstructorThisArgumentNode(call.asOrdinaryCall().asExpr()) or // For now, treat all spread argument as flowing into the 'arguments' array, regardless of preceding arguments @@ -280,6 +315,15 @@ predicate nodeIsHidden(Node node) { or node instanceof FlowSummaryIntermediateAwaitStoreNode or + node instanceof CaptureNode + or + // Hide function expressions, as capture-flow causes them to appear in unhelpful ways + // TODO: Instead hide PathNodes with a capture content as the head of its access path? + node.asExpr() instanceof Function + or + // Also hide post-update nodes for function expressions + node.(DataFlow::ExprPostUpdateNode).getExpr() instanceof Function + or node instanceof GenericSynthesizedNode } @@ -324,6 +368,9 @@ private newtype TDataFlowCall = node = TValueNode(any(PropAccess p)) or node = TPropNode(any(PropertyPattern p)) } or + MkImpliedLambdaCall(Function f) { + VariableCaptureConfig::captures(f, _) or CallGraph::impliedReceiverStep(_, TThisNode(f)) + } or MkSummaryCall( FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver ) { @@ -343,6 +390,7 @@ class DataFlowCall extends TDataFlowCall { DataFlow::InvokeNode asBoundCall(int boundArgs) { this = MkBoundCall(result, boundArgs) } + Function asImpliedLambdaCall() { this = MkImpliedLambdaCall(result) } predicate isSummaryCall( FlowSummaryImpl::Public::SummarizedCallable enclosingCallable, @@ -350,6 +398,7 @@ class DataFlowCall extends TDataFlowCall { ) { this = MkSummaryCall(enclosingCallable, receiver) } + predicate hasLocationInfo( string filepath, int startline, int startcolumn, int endline, int endcolumn ) { @@ -438,6 +487,7 @@ private class AccessorCall extends DataFlowCall, MkAccessorCall { ref.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) } } + class SummaryCall extends DataFlowCall, MkSummaryCall { private FlowSummaryImpl::Public::SummarizedCallable enclosingCallable; private FlowSummaryImpl::Private::SummaryNode receiver; @@ -456,6 +506,30 @@ class SummaryCall extends DataFlowCall, MkSummaryCall { FlowSummaryImpl::Private::SummaryNode getReceiver() { result = receiver } } +/** + * A call that invokes a lambda with nothing but its self-reference node. + * + * This is to help ensure captured variables can flow into the lambda in cases where + * we can't find its call sites. + */ +private class ImpliedLambdaCall extends DataFlowCall, MkImpliedLambdaCall { + private Function function; + + ImpliedLambdaCall() { this = MkImpliedLambdaCall(function) } + + override string toString() { result = "[implied lambda call] " + function } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + function.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = function.getEnclosingContainer() + } +} + private int getMaxArity() { // TODO: account for flow summaries result = @@ -542,6 +616,8 @@ DataFlowCallable viableCallable(DataFlowCall node) { result = MkLibraryCallable(callable) and node.asOrdinaryCall() = [callable.getACall(), callable.getACallSimple()] ) + or + result.asSourceCallableNotExterns() = node.asImpliedLambdaCall() } /** @@ -568,12 +644,28 @@ private predicate sameContainerAsEnclosingContainer(Node node, Function fun) { node.getContainer() = fun.getEnclosingContainer() } +/** + * Holds if `node` should be removed from the local data flow graph, but the node + * still exists for use by the legacy data flow library. + */ +pragma[nomagic] +private predicate isBlockedLegacyNode(TCapturedVariableNode node) { + // Ignore captured variable nodes for those variables that are handled by the captured-variable library. + // Note that some variables, such as top-level variables, are still modelled with these nodes (which will result in jump steps). + exists(LocalVariable variable | + node = TCapturedVariableNode(variable) and + variable instanceof VariableCaptureConfig::CapturedVariable + ) +} + /** * Holds if there is a value-preserving steps `node1` -> `node2` that might * be cross function boundaries. */ private predicate valuePreservingStep(Node node1, Node node2) { node1.getASuccessor() = node2 and + not isBlockedLegacyNode(node1) and + not isBlockedLegacyNode(node2) or FlowSteps::propertyFlowStep(node1, node2) or @@ -613,6 +705,8 @@ predicate simpleLocalFlowStep(Node node1, Node node2) { node2 = TFlowSummaryNode(output) ) or + VariableCaptureOutput::localFlowStep(getClosureNode(node1), getClosureNode(node2)) + or // NOTE: For consistency with readStep/storeStep, we do not translate these steps to jump steps automatically. DataFlow::AdditionalFlowStep::step(node1, node2) } @@ -674,6 +768,11 @@ predicate readStep(Node node1, ContentSet c, Node node2) { c = ContentSet::arrayElement() ) or + exists(LocalVariable variable | + VariableCaptureOutput::readStep(getClosureNode(node1), variable, getClosureNode(node2)) and + c.asSingleton() = MkCapturedContent(variable) + ) + or DataFlow::AdditionalFlowStep::readStep(node1, c, node2) } @@ -714,6 +813,11 @@ predicate storeStep(Node node1, ContentSet c, Node node2) { c = ContentSet::promiseValue() ) or + exists(LocalVariable variable | + VariableCaptureOutput::storeStep(getClosureNode(node1), variable, getClosureNode(node2)) and + c.asSingleton() = MkCapturedContent(variable) + ) + or DataFlow::AdditionalFlowStep::storeStep(node1, c, node2) } @@ -771,6 +875,11 @@ int accessPathLimit() { result = 5 } */ predicate allowParameterReturnInSelf(ParameterNode p) { FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(p) + or + exists(Function f | + VariableCaptureOutput::heuristicAllowInstanceParameterReturnInSelf(f) and + p = TFunctionSelfReferenceNode(f) + ) } class LambdaCallKind = Unit; diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll new file mode 100644 index 000000000000..99315bda045f --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll @@ -0,0 +1,323 @@ +private import javascript as js +private import semmle.javascript.dataflow.internal.DataFlowNode +private import codeql.dataflow.VariableCapture +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon + +module VariableCaptureConfig implements InputSig { + private js::Function getLambdaFromVariable(js::LocalVariable variable) { + result.getVariable() = variable + or + result = variable.getAnAssignedExpr() + or + exists(js::ClassDeclStmt cls | + result = cls.getConstructor().getBody() and + variable = cls.getVariable() + ) + } + + additional predicate isTopLevelLike(js::StmtContainer container) { + container instanceof js::TopLevel + or + container = any(js::AmdModuleDefinition mod).getFactoryFunction() + or + isTopLevelLike(container.(js::ImmediatelyInvokedFunctionExpr).getEnclosingContainer()) + or + // Functions declared in a top-level with no parameters and can't generate flow-through, except through 'this' + // which we rule out with a few syntactic checks. In this case we treat its captured variables as singletons. + // NOTE: This was done to prevent a blow-up in fiddlesalad where a function called 'Runtime' captures 7381 variables but is only called once. + exists(js::Function fun | + container = fun and + fun.getNumParameter() = 0 and + isTopLevelLike(fun.getEnclosingContainer()) and + not mayHaveFlowThroughThisArgument(fun) + ) + or + // Container declaring >100 captured variables tend to be singletons and are too expensive anyway + strictcount(js::LocalVariable v | v.isCaptured() and v.getDeclaringContainer() = container) > + 100 + } + + private predicate hasLocalConstructorCall(js::Function fun) { + fun = getLambdaFromVariable(any(js::NewExpr e).getCallee().(js::VarAccess).getVariable()) + } + + private predicate mayHaveFlowThroughThisArgument(js::Function fun) { + any(js::ThisExpr e).getBinder() = fun and + not hasLocalConstructorCall(fun) and // 'this' argument is assumed to be a fresh object + ( + exists(fun.getAReturnedExpr()) + or + exists(js::YieldExpr e | e.getContainer() = fun) + ) + } + + class CapturedVariable extends js::LocalVariable { + CapturedVariable() { + DataFlowImplCommon::forceCachingInSameStage() and + this.isCaptured() and + not isTopLevelLike(this.getDeclaringContainer()) and + // Exclude variables that just contain a function + // TODO: explain why + // TODO: also exclude if only use of variable is to call it. Handles case where variable is just alias for top-level function + not exists(getLambdaFromVariable(this)) + } + + Callable getCallable() { result = this.getDeclaringContainer().getFunctionBoundary() } + } + + additional predicate captures(js::Function fun, CapturedVariable variable) { + ( + variable.getAnAccess().getContainer().getFunctionBoundary() = fun + or + exists(js::Function inner | + captures(inner, variable) and + containsReferenceTo(fun, inner) + ) + ) and + not variable.getDeclaringContainer() = fun + } + + private predicate containsReferenceTo(js::Function fun, js::Function other) { + other.getEnclosingContainer() = fun + or + exists(js::LocalVariable variable | + other = getLambdaFromVariable(variable) and + variable.getAnAccess().getEnclosingFunction() = fun and + fun.getEnclosingContainer() = other.getEnclosingContainer().getEnclosingContainer*() and + other != fun + ) + } + + private js::Function getACapturingFunctionInTree(js::AstNode e) { + result = e and + captures(e, _) + or + not e instanceof js::Function and + result = getACapturingFunctionInTree(e.getAChild()) + } + + /** + * Holds if `decl` declares a variable that is captured by its own initializer, that is, the initializer of `decl`. + * + * For example, the declaration of `obj` below captures itself in its initializer: + * ```js + * const obj = { + * method: () => { ...obj... } + * } + * ``` + * + * The lambda can only observe values of `obj` at one of the aliases of that lambda. Due to limited aliases analysis, + * the only alias we can see is the lambda itself. However, at this stage the `obj` variable is still unassigned, so it + * just sees its implicit initialization, thus failing to capture any real flows through `obj`. + * + * Consider that the similar example does not have this problem: + * + * ```js + * const obj = {}; + * obj.method = () => { ...obj... }; + * ``` + * + * In this case, `obj` has already been assigned at the point of the lambda creation, so we propagate the correct value + * into the lambda. + * + * Our workaround is to make the first example look like the second one, by placing the assignment of + * `obj` before the object literal. We do this whenever a variable captures itself in its initializer. + */ + private predicate isCapturedByOwnInitializer(js::VariableDeclarator decl) { + exists(js::Function function | + function = getACapturingFunctionInTree(decl.getInit()) and + captures(function, decl.getBindingPattern().(js::VarDecl).getVariable()) + ) + } + + class BasicBlock extends js::BasicBlock { + Callable getEnclosingCallable() { result = this.getContainer().getFunctionBoundary() } + } + + class Location = js::Location; + + class Callable extends js::StmtContainer { + predicate isConstructor() { + // TODO: clarify exactly what the library wants to know here as the meaning of "constructor" varies between languages. + // JS constructors should not be seen as "constructors" in this context. + none() + } + } + + class CapturedParameter extends CapturedVariable { + CapturedParameter() { this.isParameter() } + } + + class Expr extends js::AST::ValueNode { + /** Holds if the `i`th node of basic block `bb` evaluates this expression. */ + predicate hasCfgNode(BasicBlock bb, int i) { + // Note: this is overridden for FunctionDeclStmt + bb.getNode(i) = this + } + } + + class VariableRead extends Expr instanceof js::VarAccess, js::RValue { + private CapturedVariable variable; + + VariableRead() { this = variable.getAnAccess() } + + CapturedVariable getVariable() { result = variable } + } + + class ClosureExpr extends Expr { + ClosureExpr() { captures(this, _) } + + predicate hasBody(Callable c) { c = this } + + predicate hasAliasedAccess(Expr e) { + e = this + or + exists(js::LocalVariable variable | + this = getLambdaFromVariable(variable) and + e = variable.getAnAccess() + ) + } + } + + private newtype TVariableWrite = + MkExplicitVariableWrite(js::VarRef pattern) { + exists(js::DataFlow::lvalueNodeInternal(pattern)) and + pattern.getVariable() instanceof CapturedVariable + } or + MkImplicitVariableInit(CapturedVariable v) { not v instanceof CapturedParameter } + + class VariableWrite extends TVariableWrite { + CapturedVariable getVariable() { none() } // Overridden in subclass + + string toString() { none() } // Overridden in subclass + + Location getLocation() { none() } // Overridden in subclass + + predicate hasCfgNode(BasicBlock bb, int i) { none() } // Overridden in subclass + + // note: langauge-specific + js::DataFlow::Node getSource() { none() } // Overridden in subclass + } + + additional class ExplicitVariableWrite extends VariableWrite, MkExplicitVariableWrite { + private js::VarRef pattern; + + ExplicitVariableWrite() { this = MkExplicitVariableWrite(pattern) } + + override CapturedVariable getVariable() { result = pattern.getVariable() } + + override string toString() { result = pattern.toString() } + + /** Gets the location of this write. */ + override Location getLocation() { result = pattern.getLocation() } + + override js::DataFlow::Node getSource() { + // Note: there is not always an expression corresponding to the RHS of the assignment. + // We do however have a data-flow node for this purpose (the lvalue-node). + // We use the pattern as a placeholder here, to be mapped to a data-flow node with `DataFlow::lvalueNode`. + result = js::DataFlow::lvalueNodeInternal(pattern) + } + + /** + * Gets a CFG node that should act at the place where this variable write happens, overriding its "true" CFG node. + */ + private js::ControlFlowNode getCfgNodeOverride() { + exists(js::VariableDeclarator decl | + decl.getBindingPattern() = pattern and + isCapturedByOwnInitializer(decl) and + result = decl.getInit().getFirstControlFlowNode() + ) + } + + /** Holds if the `i`th node of basic block `bb` evaluates this expression. */ + override predicate hasCfgNode(BasicBlock bb, int i) { + bb.getNode(i) = this.getCfgNodeOverride() + or + not exists(this.getCfgNodeOverride()) and + bb.getNode(i) = pattern.(js::LValue).getDefNode() + } + } + + additional class ImplicitVariableInit extends VariableWrite, MkImplicitVariableInit { + private CapturedVariable variable; + + ImplicitVariableInit() { this = MkImplicitVariableInit(variable) } + + override string toString() { result = "[implicit init] " + variable } + + override Location getLocation() { result = variable.getLocation() } + + override CapturedVariable getVariable() { result = variable } + + override predicate hasCfgNode(BasicBlock bb, int i) { + // 'i' would normally be bound to 0, but we lower it to -1 so FunctionDeclStmts can be evaluated + // at index 0. + any(js::SsaImplicitInit def).definesAt(bb, _, variable) and i = -1 + } + } + + BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getASuccessor() } + + BasicBlock getImmediateBasicBlockDominator(BasicBlock bb) { result = bb.getImmediateDominator() } + + predicate entryBlock(BasicBlock bb) { bb instanceof js::EntryBasicBlock } + + predicate exitBlock(BasicBlock bb) { bb.getLastNode() instanceof js::ControlFlowExitNode } +} + +module VariableCaptureOutput = Flow; + +js::DataFlow::Node getNodeFromClosureNode(VariableCaptureOutput::ClosureNode node) { + result = TValueNode(node.(VariableCaptureOutput::ExprNode).getExpr()) + or + result = TValueNode(node.(VariableCaptureOutput::ParameterNode).getParameter().getADeclaration()) // TODO: is this subsumed by the ExprNode case? + or + result = TExprPostUpdateNode(node.(VariableCaptureOutput::ExprPostUpdateNode).getExpr()) + or + // Note: the `this` parameter in the capture library is expected to be a parameter that refers to the lambda object itself, + // which for JS means the `TFunctionSelfReferenceNode`, not `TThisNode` as one might expect. + result = TFunctionSelfReferenceNode(node.(VariableCaptureOutput::ThisParameterNode).getCallable()) + or + result = TSynthCaptureNode(node.(VariableCaptureOutput::SynthesizedCaptureNode)) + or + result = node.(VariableCaptureOutput::VariableWriteSourceNode).getVariableWrite().getSource() +} + +VariableCaptureOutput::ClosureNode getClosureNode(js::DataFlow::Node node) { + node = getNodeFromClosureNode(result) +} + +private module Debug { + private import VariableCaptureConfig + + predicate relevantContainer(js::StmtContainer container) { + container.getEnclosingContainer*().(js::Function).getName() = "exists" + } + + predicate localFlowStep( + VariableCaptureOutput::ClosureNode node1, VariableCaptureOutput::ClosureNode node2 + ) { + VariableCaptureOutput::localFlowStep(node1, node2) + } + + predicate localFlowStepMapped(js::DataFlow::Node node1, js::DataFlow::Node node2) { + localFlowStep(getClosureNode(node1), getClosureNode(node2)) and + relevantContainer(node1.getContainer()) + } + + predicate readBB(VariableRead read, BasicBlock bb, int i) { read.hasCfgNode(bb, i) } + + predicate writeBB(VariableWrite write, BasicBlock bb, int i) { write.hasCfgNode(bb, i) } + + int captureDegree(js::Function fun) { + result = strictcount(CapturedVariable v | captures(fun, v)) + } + + int maxDegree() { result = max(captureDegree(_)) } + + int captureMax(js::Function fun) { result = captureDegree(fun) and result = maxDegree() } + + int captureMax(js::Function fun, CapturedVariable v) { + result = captureDegree(fun) and result = maxDegree() and captures(fun, v) + } +} From 46e4cdc6232604ea7f58138a336d5a222fad8567 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 11:54:43 +0200 Subject: [PATCH 033/223] JS: Disallow consecutive captured contents --- .../semmle/javascript/dataflow/internal/Contents.qll | 12 ++++++++++++ .../javascript/dataflow/internal/DataFlowPrivate.qll | 7 +++++++ .../javascript/dataflow/internal/VariableCapture.qll | 6 +----- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll index 55de1efc2d62..5c87d3c0a512 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll @@ -81,6 +81,7 @@ module Private { MkPromiseFilter() or MkIteratorFilter() or MkAnyProperty() or + MkAnyCapturedContent() or // The following content sets are used exclusively as an intermediate value in flow summaries. // These are encoded as a ContentSummaryComponent, although the flow graphs we generate are different // than an ordinary content component. These special content sets should never appear in a step. @@ -239,6 +240,9 @@ module Public { or result instanceof MkArrayElementUnknown ) + or + this = ContentSet::anyCapturedContent() and + result instanceof Private::MkCapturedContent } /** Gets the singleton content to be accessed. */ @@ -278,6 +282,9 @@ module Public { this = MkAnyPropertyDeep() and result = "AnyMemberDeep" or this = MkArrayElementDeep() and result = "ArrayElementDeep" + or + this = MkAnyCapturedContent() and + result = "AnyCapturedContent" } } @@ -477,5 +484,10 @@ module Public { else result = property(propertyName) ) } + + /** + * Gets a content set that reads from all captured variables stored on a function. + */ + ContentSet anyCapturedContent() { result = Private::MkAnyCapturedContent() } } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 15dda32622b7..0c269a7f1525 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -839,6 +839,13 @@ predicate clearsContent(Node n, ContentSet c) { c = MkPromiseFilter() or any(AdditionalFlowInternal flow).clearsContent(n, c) + or + // When a function `f` captures itself, all its access paths can be prefixed by an arbitrary number of `f.f.f...`. + // When multiple functions `f,g` capture each other, these prefixes can become interleaved, like `f.g.f.g...`. + // To avoid creating these trivial prefixes, we never allow two consecutive captured variables in the access path. + // We implement this rule by clearing any captured-content before storing into another captured-content. + VariableCaptureOutput::storeStep(getClosureNode(n), _, _) and + c = MkAnyCapturedContent() } /** diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll index 99315bda045f..1b1f50b9ecd1 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll @@ -55,11 +55,7 @@ module VariableCaptureConfig implements InputSig { CapturedVariable() { DataFlowImplCommon::forceCachingInSameStage() and this.isCaptured() and - not isTopLevelLike(this.getDeclaringContainer()) and - // Exclude variables that just contain a function - // TODO: explain why - // TODO: also exclude if only use of variable is to call it. Handles case where variable is just alias for top-level function - not exists(getLambdaFromVariable(this)) + not isTopLevelLike(this.getDeclaringContainer()) } Callable getCallable() { result = this.getDeclaringContainer().getFunctionBoundary() } From 06fd9c23591fd06896fa8a3f1c26a061d5219793 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 15:15:51 +0200 Subject: [PATCH 034/223] JS: Add barrier guard library --- .../semmle/javascript/dataflow/DataFlow.qll | 1 + .../dataflow/internal/BarrierGuards.qll | 380 ++++++++++++++++++ 2 files changed, 381 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index 75926baa889c..d60a6c7bb04e 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -1992,4 +1992,5 @@ module DataFlow { import TypeTracking import AdditionalFlowSteps import internal.FunctionWrapperSteps + import internal.BarrierGuards } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll new file mode 100644 index 000000000000..8e46ae795580 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll @@ -0,0 +1,380 @@ +/** + * A copy of the barrier guard logic from `Configuration.qll` in the JS data flow library. + * + * This version considers all barrier guards to be relevant. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.AccessPaths + +private signature class BarrierGuardSig extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e); +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node)`. + */ +module MakeBarrierGuard { + final private class FinalBaseGuard = BaseGuard; + + private class Adapter extends FinalBaseGuard { + predicate blocksExpr(boolean outcome, Expr e, Unit state) { + super.blocksExpr(outcome, e) and exists(state) + } + } + + /** + * Gets a node that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode() { + result = MakeStateBarrierGuard::getABarrierNode(_) + } +} + +private signature class LabeledBarrierGuardSig extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label); +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node, label)`. + */ +module MakeLabeledBarrierGuard { + final private class FinalBaseGuard = BaseGuard; + + private class Adapter extends FinalBaseGuard { + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { + super.blocksExpr(outcome, e, label) + } + } + + /** + * Gets a node and flow label that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode(DataFlow::FlowLabel label) { + result = MakeStateBarrierGuard::getABarrierNode(label) + } +} + +private signature predicate isBarrierGuardSig(DataFlow::BarrierGuardNode node); + +/** + * Converts a labeled barrier guard class to a set of nodes to include in an implementation of `isBarrier(node)` and `isBarrier(node, label)` + * in a `DataFlow::StateConfigSig` implementation. + */ +module MakeLegacyBarrierGuardLabeled { + final private class FinalNode = DataFlow::Node; + + private class Adapter extends FinalNode instanceof DataFlow::BarrierGuardNode { + Adapter() { isBarrierGuard(this) } + + predicate blocksExpr(boolean outcome, Expr e, string label) { + super.blocks(outcome, e, label) + or + super.blocks(outcome, e) and label = "" + } + } + + private module Guards = MakeStateBarrierGuard; + + /** + * Gets a node that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode() { result = Guards::getABarrierNode("") } + + /** + * Gets a node and flow label that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode(DataFlow::FlowLabel label) { + result = Guards::getABarrierNode(label) + } +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node)` in a `DataFlow::ConfigSig` implementation. + */ +module MakeLegacyBarrierGuard { + final private class FinalNode = DataFlow::Node; + + private class Adapter extends FinalNode instanceof DataFlow::BarrierGuardNode { + Adapter() { isBarrierGuard(this) } + + predicate blocksExpr(boolean outcome, Expr e, string label) { + super.blocks(outcome, e, label) + or + super.blocks(outcome, e) and label = "" + } + } + + private module Guards = MakeStateBarrierGuard; + + /** + * Gets a node that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode() { result = Guards::getABarrierNode(["", "data", "taint"]) } +} + +bindingset[this] +private signature class FlowStateSig; + +private module WithFlowState { + signature class BarrierGuardSig extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for `state`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state); + } +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node, state)`. + */ +module MakeStateBarrierGuard< + FlowStateSig FlowState, WithFlowState::BarrierGuardSig BaseGuard> +{ + final private class FinalNode = DataFlow::Node; + + abstract private class BarrierGuard extends FinalNode { + abstract predicate blocksExpr(boolean outcome, Expr test, FlowState state); + } + + class ExplicitBarrierGuard extends BarrierGuard instanceof BaseGuard { + override predicate blocksExpr(boolean outcome, Expr test, FlowState state) { + BaseGuard.super.blocksExpr(outcome, test, state) + } + } + + /** + * Gets a node and flow state that is blocked by a barrier guard. + */ + pragma[nomagic] + DataFlow::Node getABarrierNode(FlowState state) { barrierGuardBlocksNode(_, result, state) } + + // + // ================================================================================================ + // NOTE + // The rest of this file is a copy of the barrier-guard logic in Configuration.qll except: + // - FlowLabel is replaced by FlowState + // - BarrierGuardNode and AdditionalBarrierGuardNode are replaced by the BarrierGuard class defined above + // - `barrierGuardBlocksEdge` is missing as dataflow2 does not support barrier edges + // - `barrierGuardIsRelevant` does not check pruning results as we can't access that from here + // ================================================================================================ + // + /** + * Holds if data flow node `guard` acts as a barrier for data flow. + * + * `state` is bound to the blocked state, or the empty FlowState if all labels should be blocked. + */ + pragma[nomagic] + private predicate barrierGuardBlocksExpr( + BarrierGuard guard, boolean outcome, Expr test, FlowState state + ) { + guard.blocksExpr(outcome, test, state) + } + + /** + * Holds if `guard` may block the flow of a value reachable through exploratory flow. + */ + pragma[nomagic] + private predicate barrierGuardIsRelevant(BarrierGuard guard) { + exists(Expr e | + barrierGuardBlocksExpr(guard, _, e, _) + // All guards are considered relevant (this is the difference from the main JS lib) + // isRelevantForward(e.flow(), _) + ) + } + + /** + * Holds if data flow node `guard` acts as a barrier for data flow due to aliasing through + * an access path. + * + * `state` is bound to the blocked state, or the empty FlowState if all labels should be blocked. + */ + pragma[nomagic] + private predicate barrierGuardBlocksAccessPath( + BarrierGuard guard, boolean outcome, AccessPath ap, FlowState state + ) { + barrierGuardIsRelevant(guard) and + barrierGuardBlocksExpr(guard, outcome, ap.getAnInstance(), state) + } + + /** + * Holds if there exists an input variable of `ref` that blocks the state `state`. + * + * This predicate is outlined to give the optimizer a hint about the join ordering. + */ + pragma[nomagic] + private predicate barrierGuardBlocksSsaRefinement( + BarrierGuard guard, boolean outcome, SsaRefinementNode ref, FlowState state + ) { + barrierGuardIsRelevant(guard) and + guard.getEnclosingExpr() = ref.getGuard().getTest() and + forex(SsaVariable input | input = ref.getAnInput() | + barrierGuardBlocksExpr(guard, outcome, input.getAUse(), state) + ) + } + + /** + * Holds if the result of `guard` is used in the branching condition `cond`. + * + * `outcome` is bound to the outcome of `cond` for join-ordering purposes. + */ + pragma[nomagic] + private predicate barrierGuardUsedInCondition( + BarrierGuard guard, ConditionGuardNode cond, boolean outcome + ) { + barrierGuardIsRelevant(guard) and + outcome = cond.getOutcome() and + ( + cond.getTest() = guard.getEnclosingExpr() + or + cond.getTest().flow().getImmediatePredecessor+() = guard + ) + } + + /** + * Holds if data flow node `nd` acts as a barrier for data flow, possibly due to aliasing + * through an access path. + * + * `state` is bound to the blocked state, or the empty FlowState if all labels should be blocked. + */ + pragma[nomagic] + private predicate barrierGuardBlocksNode(BarrierGuard guard, DataFlow::Node nd, FlowState state) { + // 1) `nd` is a use of a refinement node that blocks its input variable + exists(SsaRefinementNode ref, boolean outcome | + nd = DataFlow::ssaDefinitionNode(ref) and + outcome = ref.getGuard().(ConditionGuardNode).getOutcome() and + barrierGuardBlocksSsaRefinement(guard, outcome, ref, state) + ) + or + // 2) `nd` is an instance of an access path `p`, and dominated by a barrier for `p` + exists(AccessPath p, BasicBlock bb, ConditionGuardNode cond, boolean outcome | + nd = DataFlow::valueNode(p.getAnInstanceIn(bb)) and + barrierGuardUsedInCondition(guard, cond, outcome) and + barrierGuardBlocksAccessPath(guard, outcome, p, state) and + cond.dominates(bb) + ) + } + + /** + * Gets a logical `and` expression, or parenthesized expression, that contains `guard`. + */ + private Expr getALogicalAndParent(BarrierGuard guard) { + barrierGuardIsRelevant(guard) and result = guard.asExpr() + or + result.(LogAndExpr).getAnOperand() = getALogicalAndParent(guard) + or + result.getUnderlyingValue() = getALogicalAndParent(guard) + } + + /** + * Gets a logical `or` expression, or parenthesized expression, that contains `guard`. + */ + private Expr getALogicalOrParent(BarrierGuard guard) { + barrierGuardIsRelevant(guard) and result = guard.asExpr() + or + result.(LogOrExpr).getAnOperand() = getALogicalOrParent(guard) + or + result.getUnderlyingValue() = getALogicalOrParent(guard) + } + + final private class FinalFunction = Function; + + /** + * A function that returns the result of a barrier guard. + */ + private class BarrierGuardFunction extends FinalFunction { + DataFlow::ParameterNode sanitizedParameter; + BarrierGuard guard; + boolean guardOutcome; + FlowState state; + int paramIndex; + + BarrierGuardFunction() { + barrierGuardIsRelevant(guard) and + exists(Expr e | + exists(Expr returnExpr | + returnExpr = guard.asExpr() + or + // ad hoc support for conjunctions: + getALogicalAndParent(guard) = returnExpr and guardOutcome = true + or + // ad hoc support for disjunctions: + getALogicalOrParent(guard) = returnExpr and guardOutcome = false + | + exists(SsaExplicitDefinition ssa | + ssa.getDef().getSource() = returnExpr and + ssa.getVariable().getAUse() = this.getAReturnedExpr() + ) + or + returnExpr = this.getAReturnedExpr() + ) and + sanitizedParameter.flowsToExpr(e) and + barrierGuardBlocksExpr(guard, guardOutcome, e, state) + ) and + sanitizedParameter.getParameter() = this.getParameter(paramIndex) + } + + /** + * Holds if this function sanitizes argument `e` of call `call`, provided the call evaluates to `outcome`. + */ + predicate isBarrierCall(DataFlow::CallNode call, Expr e, boolean outcome, FlowState st) { + exists(DataFlow::Node arg | + DataFlow::argumentPassingStep(pragma[only_bind_into](call), pragma[only_bind_into](arg), + pragma[only_bind_into](this), pragma[only_bind_into](sanitizedParameter)) and + arg.asExpr() = e and + arg = call.getArgument(paramIndex) and + outcome = guardOutcome and + state = st + ) + } + } + + /** + * A call that sanitizes an argument. + */ + private class AdditionalBarrierGuardCall extends BarrierGuard instanceof DataFlow::CallNode { + BarrierGuardFunction f; + + AdditionalBarrierGuardCall() { f.isBarrierCall(this, _, _, _) } + + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { + f.isBarrierCall(this, e, outcome, state) + } + } + + /** + * A sanitizer where an inner sanitizer is compared against a boolean. + * E.g. (assuming `sanitizes(e)` is an existing sanitizer): + * ```javascript + * if (sanitizes(e) === true) { + * // e is sanitized + * } + * ``` + */ + private class CallAgainstEqualityCheck extends BarrierGuard { + BarrierGuard prev; + boolean polarity; + + CallAgainstEqualityCheck() { + prev instanceof DataFlow::CallNode and + exists(EqualityTest test, BooleanLiteral bool | + this.asExpr() = test and + test.hasOperands(prev.asExpr(), bool) and + polarity = test.getPolarity().booleanXor(bool.getBoolValue()) + ) + } + + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { + exists(boolean prevOutcome | + barrierGuardBlocksExpr(prev, prevOutcome, e, state) and + outcome = prevOutcome.booleanXor(polarity) + ) + } + } +} From 277292e3b9a60be5e2a9050d6d34e28f2603b3e0 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 12 Oct 2023 12:55:36 +0200 Subject: [PATCH 035/223] JS: Improve performance of barrier guards without pruning --- .../dataflow/internal/AccessPaths.qll | 2 +- .../dataflow/internal/BarrierGuards.qll | 86 ++++++++++++++++--- 2 files changed, 76 insertions(+), 12 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll index 669b53418a59..3bcc36a65773 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll @@ -92,7 +92,7 @@ class AccessPath extends TAccessPath { * Gets an expression in `bb` represented by this access path. */ cached - Expr getAnInstanceIn(BasicBlock bb) { + Expr getAnInstanceIn(ReachableBasicBlock bb) { Stages::DataFlowStage::ref() and exists(SsaVariable var | this = MkSsaRoot(var) and diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll index 8e46ae795580..340a7b9694bc 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll @@ -131,6 +131,50 @@ private module WithFlowState { } } +/** + * Projects the dominator tree onto a tree that only considers dominance between `ConditionGuardNode`s. + * + * This exists to speeds up the dominance check for barrier guards acting on an access path, avoiding the following two + * bad join orders: + * + * - Enumerate all basic blocks dominated by a barrier guard, and then find uses of the access path in those blocks. + * - Enumerate all uses of an access path and then select those that are in a dominated block. + * + * Both joins have pathological cases in different benchmarks. + * + * We use a join order that is essentially the first one above, except we only enumerate condition guards, not all the blocks. + */ +cached +private module ConditionGuardDominators { + /** Gets the condition guard that most-immediately dominates `bb`. */ + private ConditionGuardNode getDominatingCondition(ReachableBasicBlock bb) { + result.getBasicBlock() = bb + or + not bb = any(ConditionGuardNode guard).getBasicBlock() and + result = getDominatingCondition(bb.getImmediateDominator()) + } + + private predicate immediateDom(ConditionGuardNode dominator, ConditionGuardNode dominated) { + dominator = getDominatingCondition(dominated.getBasicBlock().getImmediateDominator()) + or + dominator = dominated // make the fastTC below reflexive + } + + /** Gets a condition guard dominated by `node` */ + cached + ConditionGuardNode getADominatedConditionGuard(ConditionGuardNode node) = + fastTC(immediateDom/2)(node, result) + + /** Gets a use of `ap` and binds `guard` to its immediately-dominating condition guard (if any). */ + cached + Expr getAnAccessPathUseUnderCondition(AccessPath ap, ConditionGuardNode guard) { + exists(ReachableBasicBlock bb | + result = ap.getAnInstanceIn(bb) and + guard = getDominatingCondition(bb) + ) + } +} + /** * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node, state)`. */ @@ -153,7 +197,7 @@ module MakeStateBarrierGuard< * Gets a node and flow state that is blocked by a barrier guard. */ pragma[nomagic] - DataFlow::Node getABarrierNode(FlowState state) { barrierGuardBlocksNode(_, result, state) } + DataFlow::Node getABarrierNode(FlowState state) { barrierGuardBlocksNode(result, state) } // // ================================================================================================ @@ -163,6 +207,7 @@ module MakeStateBarrierGuard< // - BarrierGuardNode and AdditionalBarrierGuardNode are replaced by the BarrierGuard class defined above // - `barrierGuardBlocksEdge` is missing as dataflow2 does not support barrier edges // - `barrierGuardIsRelevant` does not check pruning results as we can't access that from here + // - `barrierGuardBlocksNode` has been rewritten to perform better without pruning. // ================================================================================================ // /** @@ -237,27 +282,46 @@ module MakeStateBarrierGuard< ) } + /** Holds if a barrier guard blocks uses of `ap` in basic blocks dominated by `cond`. */ + pragma[nomagic] + private predicate barrierGuardBlocksAccessPathIn( + AccessPath ap, ConditionGuardNode cond, FlowState state + ) { + exists(BarrierGuard guard, boolean outcome | + barrierGuardBlocksAccessPath(guard, outcome, ap, state) and + barrierGuardUsedInCondition(guard, cond, outcome) + ) + } + + /** + * Holds if `expr` is an access path reference that is blocked by a barrier guard. + */ + pragma[noopt] + private predicate barrierGuardBlocksAccessPathUse(Expr use, FlowState state) { + exists(AccessPath p, ConditionGuardNode cond, ConditionGuardNode useDominator | + barrierGuardBlocksAccessPathIn(p, cond, state) and + useDominator = ConditionGuardDominators::getADominatedConditionGuard(cond) and + use = ConditionGuardDominators::getAnAccessPathUseUnderCondition(p, useDominator) + ) + } + /** * Holds if data flow node `nd` acts as a barrier for data flow, possibly due to aliasing * through an access path. * - * `state` is bound to the blocked state, or the empty FlowState if all labels should be blocked. + * `state` is bound to the blocked state. */ pragma[nomagic] - private predicate barrierGuardBlocksNode(BarrierGuard guard, DataFlow::Node nd, FlowState state) { - // 1) `nd` is a use of a refinement node that blocks its input variable - exists(SsaRefinementNode ref, boolean outcome | + private predicate barrierGuardBlocksNode(DataFlow::Node nd, FlowState state) { + exists(BarrierGuard guard, SsaRefinementNode ref, boolean outcome | nd = DataFlow::ssaDefinitionNode(ref) and outcome = ref.getGuard().(ConditionGuardNode).getOutcome() and barrierGuardBlocksSsaRefinement(guard, outcome, ref, state) ) or - // 2) `nd` is an instance of an access path `p`, and dominated by a barrier for `p` - exists(AccessPath p, BasicBlock bb, ConditionGuardNode cond, boolean outcome | - nd = DataFlow::valueNode(p.getAnInstanceIn(bb)) and - barrierGuardUsedInCondition(guard, cond, outcome) and - barrierGuardBlocksAccessPath(guard, outcome, p, state) and - cond.dominates(bb) + exists(Expr use | + barrierGuardBlocksAccessPathUse(use, state) and + nd = DataFlow::valueNode(use) ) } From 1ed32356394e329de45ad144739014dd79a0a341 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 15:17:26 +0200 Subject: [PATCH 036/223] JS: use BarrierGuards --- .../dataflow/internal/TaintTrackingPrivate.qll | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll index 0380cf8202fc..03d82ad42ead 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll @@ -2,6 +2,7 @@ private import javascript private import semmle.javascript.dataflow.internal.DataFlowPrivate private import semmle.javascript.dataflow.internal.Contents::Public private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.BarrierGuards cached predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { @@ -18,6 +19,12 @@ predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) ContentSet::arrayElement(), node2.(FlowSummaryNode).getSummaryNode()) } +private class SanitizerGuardAdapter extends DataFlow::Node instanceof TaintTracking::AdditionalSanitizerGuardNode +{ + // Note: avoid depending on DataFlow::FlowLabel here as it will cause these barriers to be re-evaluated + predicate blocksExpr(boolean outcome, Expr e) { super.sanitizes(outcome, e) } +} + /** * Holds if `node` should be a sanitizer in all global taint flow configurations * but not in local taint. @@ -25,7 +32,9 @@ predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) cached predicate defaultTaintSanitizer(DataFlow::Node node) { node instanceof DataFlow::VarAccessBarrier or + node = MakeBarrierGuard::getABarrierNode() } + /** * Holds if default taint-tracking should allow implicit reads * of `c` at sinks and inputs to additional taint steps. From c924b4a2206d39eeedf13dd9334dab63dd2dbc0f Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 15:32:28 +0200 Subject: [PATCH 037/223] JS: Expose shared API in DataFlow/TaintTracking modules --- javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll | 1 + javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll | 2 ++ 2 files changed, 3 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index d60a6c7bb04e..e742227ded45 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -1992,5 +1992,6 @@ module DataFlow { import TypeTracking import AdditionalFlowSteps import internal.FunctionWrapperSteps + import internal.sharedlib.DataFlow import internal.BarrierGuards } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index eb58a1d30555..9e0a2fe51591 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -1033,4 +1033,6 @@ module TaintTracking { override predicate appliesTo(Configuration cfg) { any() } } + + import internal.sharedlib.TaintTracking } From 26f7f9424643d7c4c64da7d0c3db5d3482f1a405 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 15:32:47 +0200 Subject: [PATCH 038/223] JS: Expose default taint steps/sanitizers We need access to these in order to port taint-tracking configurations where only some flow labels should use taint steps. This isn't supported by the shared data flow library. Such queries must therefore be converted to plain data-flow configurations that explicitly add taint steps to the relevant flow states. --- .../javascript/dataflow/TaintTracking.qll | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 9e0a2fe51591..0175acaf3efa 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -18,6 +18,7 @@ private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps private import semmle.javascript.Unit private import semmle.javascript.dataflow.InferredTypes private import semmle.javascript.internal.CachedStages +private import semmle.javascript.dataflow.internal.TaintTrackingPrivate as TaintTrackingPrivate /** * Provides classes for modeling taint propagation. @@ -1035,4 +1036,22 @@ module TaintTracking { } import internal.sharedlib.TaintTracking + + /** + * Holds if there is a taint step from `node1` to `node2`. + * + * This includes steps between synthesized nodes generated by flow summaries. + */ + pragma[inline] + predicate defaultTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + TaintTrackingPrivate::defaultAdditionalTaintStep(node1, node2) + } + + /** + * Holds if `node` is seen as a barrier for taint-tracking. + */ + pragma[inline] + predicate defaultSanitizer(DataFlow::Node node) { + TaintTrackingPrivate::defaultTaintSanitizer(node) + } } From bc68b6a7f87479ccc44d65a0493813e47aa60209 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 15:41:19 +0200 Subject: [PATCH 039/223] JS: Add AdHocWhitelistSanitizer::getABarrierNode() This sanitizer guard is opt-in, i.e. not an AdditionalSanitizerGuardNode. --- .../ql/lib/semmle/javascript/dataflow/TaintTracking.qll | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 0175acaf3efa..8e1964ac0e3a 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -830,12 +830,18 @@ module TaintTracking { this.getNumArgument() = 1 } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } + /** Barrier nodes derived from the `AdHocWhitelistCheckSanitizer` class. */ + module AdHocWhitelistCheckSanitizer = DataFlow::MakeBarrierGuard; + /** A check of the form `if(x in o)`, which sanitizes `x` in its "then" branch. */ class InSanitizer extends AdditionalSanitizerGuardNode, DataFlow::ValueNode { override InExpr astNode; From aa5a2836f557ddc03c5f33f0706891fbcc098074 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:59:08 +0200 Subject: [PATCH 040/223] JS: Update barriers in TaintedObject --- .../javascript/security/TaintedObject.qll | 25 ++++++++++++++++--- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll b/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll index 3022bded373c..22f253e1423f 100644 --- a/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll +++ b/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll @@ -81,7 +81,24 @@ module TaintedObject { /** * A sanitizer guard that blocks deep object taint. */ - abstract class SanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode { } + abstract class SanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode { + /** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** Holds if this node blocks flow of `label` through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e, FlowLabel label) { none() } + + override predicate sanitizes(boolean outcome, Expr e, FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + + /** + * A sanitizer guard that blocks deep object taint. + */ + module SanitizerGuard = DataFlow::MakeLabeledBarrierGuard; /** * A test of form `typeof x === "something"`, preventing `x` from being an object in some cases. @@ -103,7 +120,7 @@ module TaintedObject { ) } - override predicate sanitizes(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowLabel label) { polarity = outcome and e = operand and label = label() @@ -117,7 +134,7 @@ module TaintedObject { NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } /** A guard that checks whether an input a valid string identifier using `mongoose.Types.ObjectId.isValid` */ @@ -145,7 +162,7 @@ module TaintedObject { JsonSchemaValidationGuard() { this = call.getAValidationResultAccess(polarity) } - override predicate sanitizes(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowLabel label) { outcome = polarity and e = call.getInput().asExpr() and label = label() From 449ec72dbe8ae112d22e29466090bea95d9f1e7d Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:19:46 +0200 Subject: [PATCH 041/223] JS: Port experimental queries --- .../adaptivethreatmodeling/TaintedPathATM.qll | 10 +- .../XssThroughDomATM.qll | 4 +- .../Security/CWE-340/TokenBuiltFromUUID.ql | 17 +- .../src/experimental/Security/CWE-918/SSRF.ql | 6 +- .../experimental/Security/CWE-918/SSRF.qll | 48 +++-- .../ql/src/Security/CWE-094/CodeInjection.ql | 6 +- .../Security/CWE-134/TaintedFormatString.ql | 7 +- .../CorsMisconfigurationForCredentials.ql | 7 +- .../CWE-400/RemotePropertyInjection.ql | 8 +- .../Security/CWE-502/UnsafeDeserialization.ql | 7 +- .../heuristics/ql/src/Security/CWE-611/Xxe.ql | 6 +- .../ql/src/Security/CWE-643/XpathInjection.ql | 6 +- .../src/Security/CWE-730/RegExpInjection.ql | 6 +- .../ql/src/Security/CWE-776/XmlBomb.ql | 6 +- .../CWE-915/PrototypePollutingAssignment.ql | 9 +- .../Security/CWE-918/SSRF.expected | 174 +++++------------- 16 files changed, 133 insertions(+), 194 deletions(-) diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll index c20eceb0f9c1..04b33742a95c 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll @@ -53,11 +53,17 @@ class TaintedPathAtmConfig extends AtmConfig { */ private class BarrierGuardNodeAsSanitizerGuardNode extends TaintTracking::LabeledSanitizerGuardNode instanceof TaintedPath::BarrierGuardNode { - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { this.blocks(outcome, e) or this.blocks(outcome, e, _) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + this.blocksExpr(outcome, e, lbl) + } + + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { this.sanitizes(outcome, e) and exists(label) } } diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll index 0eeba5d23ad5..563974753225 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll @@ -59,7 +59,9 @@ class TypeTestGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNo ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { polarity = outcome and e = operand } diff --git a/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql index a2437fa670cf..2f039b8fc3b4 100644 --- a/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql +++ b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql @@ -14,7 +14,6 @@ import javascript import DataFlow -import DataFlow::PathGraph class PredictableResultSource extends DataFlow::Node { PredictableResultSource() { @@ -38,14 +37,16 @@ class TokenAssignmentValueSink extends DataFlow::Node { } } -class TokenBuiltFromUuidConfig extends TaintTracking::Configuration { - TokenBuiltFromUuidConfig() { this = "TokenBuiltFromUuidConfig" } +module TokenBuiltFromUuidConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof PredictableResultSource } - override predicate isSource(DataFlow::Node source) { source instanceof PredictableResultSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink } + predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink } } -from DataFlow::PathNode source, DataFlow::PathNode sink, TokenBuiltFromUuidConfig config -where config.hasFlowPath(source, sink) +module TokenBuiltFromUuidFlow = TaintTracking::Global; + +import TokenBuiltFromUuidFlow::PathGraph + +from TokenBuiltFromUuidFlow::PathNode source, TokenBuiltFromUuidFlow::PathNode sink +where TokenBuiltFromUuidFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Token built from $@.", source.getNode(), "predictable value" diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql b/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql index ce4d3f7791cf..7ea1826bbfab 100644 --- a/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql +++ b/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql @@ -12,9 +12,9 @@ import javascript import SSRF -import DataFlow::PathGraph +import SsrfFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request +from SsrfFlow::PathNode source, SsrfFlow::PathNode sink, DataFlow::Node request where - cfg.hasFlowPath(source, sink) and request = sink.getNode().(RequestForgery::Sink).getARequest() + SsrfFlow::flowPath(source, sink) and request = sink.getNode().(RequestForgery::Sink).getARequest() select sink, source, sink, "The URL of this request depends on a user-provided value." diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll index 95d46aad8683..da20923ce1a1 100644 --- a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll +++ b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll @@ -2,42 +2,48 @@ import javascript import semmle.javascript.security.dataflow.RequestForgeryCustomizations import semmle.javascript.security.dataflow.UrlConcatenation -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SSRF" } - - override predicate isSource(DataFlow::Node source) { source instanceof RequestForgery::Source } +module SsrfConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof RequestForgery::Source } - override predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgery::Sink } + predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgery::Sink } - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof RequestForgery::Sanitizer + predicate isBarrier(DataFlow::Node node) { + node instanceof RequestForgery::Sanitizer or node = Guards::getABarrierNode() } private predicate hasSanitizingSubstring(DataFlow::Node nd) { nd.getStringValue().regexpMatch(".*[?#].*") or - this.hasSanitizingSubstring(StringConcatenation::getAnOperand(nd)) + hasSanitizingSubstring(StringConcatenation::getAnOperand(nd)) or - this.hasSanitizingSubstring(nd.getAPredecessor()) + hasSanitizingSubstring(nd.getAPredecessor()) } private predicate strictSanitizingPrefixEdge(DataFlow::Node source, DataFlow::Node sink) { exists(DataFlow::Node operator, int n | StringConcatenation::taintStep(source, sink, operator, n) and - this.hasSanitizingSubstring(StringConcatenation::getOperand(operator, [0 .. n - 1])) + hasSanitizingSubstring(StringConcatenation::getOperand(operator, [0 .. n - 1])) ) } - override predicate isSanitizerOut(DataFlow::Node node) { - this.strictSanitizingPrefixEdge(node, _) - } + predicate isBarrierOut(DataFlow::Node node) { strictSanitizingPrefixEdge(node, _) } - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode nd) { + private predicate isBarrierGuard(DataFlow::BarrierGuardNode nd) { nd instanceof IntegerCheck or nd instanceof ValidatorCheck or nd instanceof TernaryOperatorSanitizerGuard } + + private module Guards = DataFlow::MakeLegacyBarrierGuard; +} + +module SsrfFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `SsrfFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "SSRF" } } /** @@ -104,7 +110,9 @@ class TernaryOperatorSanitizerGuard extends TaintTracking::SanitizerGuardNode { not this.asExpr() instanceof LogicalBinaryExpr } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { not this.asExpr() instanceof LogNotExpr and originalGuard.sanitizes(outcome, e) or @@ -126,7 +134,9 @@ class TernaryOperatorSanitizerGuard extends TaintTracking::SanitizerGuardNode { class IntegerCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { IntegerCheck() { this = DataFlow::globalVarRef("Number").getAMemberCall("isInteger") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } @@ -149,7 +159,9 @@ class ValidatorCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNo ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql index 89d7d253f413..34ebe06f68c1 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql @@ -17,10 +17,10 @@ import javascript import semmle.javascript.security.dataflow.CodeInjectionQuery -import DataFlow::PathGraph +import CodeInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +where CodeInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getMessagePrefix() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql index 883f8292c758..8ba7a1273eae 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -13,10 +13,11 @@ import javascript import semmle.javascript.security.dataflow.TaintedFormatStringQuery -import DataFlow::PathGraph +import TaintedFormatStringFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from TaintedFormatStringFlow::PathNode source, TaintedFormatStringFlow::PathNode sink +where + TaintedFormatStringFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "Format string depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index 3448e4e99b62..02677fd6a9ec 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -15,11 +15,12 @@ import javascript import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import CorsMisconfigurationFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from CorsMisconfigurationFlow::PathNode source, CorsMisconfigurationFlow::PathNode sink +where + CorsMisconfigurationFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "$@ leak vulnerability due to a $@.", sink.getNode().(Sink).getCredentialsHeader(), "Credential", source.getNode(), "misconfigured CORS header value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql index fd707ae8faa4..7118c49f2e22 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -15,10 +15,12 @@ import javascript import semmle.javascript.security.dataflow.RemotePropertyInjectionQuery -import DataFlow::PathGraph +import RemotePropertyInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from RemotePropertyInjectionFlow::PathNode source, RemotePropertyInjectionFlow::PathNode sink +where + RemotePropertyInjectionFlow::flowPath(source, sink) and + source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getMessage() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 24939f49b0dc..8acde1f396e8 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -14,10 +14,11 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDeserializationQuery -import DataFlow::PathGraph +import UnsafeDeserializationFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from UnsafeDeserializationFlow::PathNode source, UnsafeDeserializationFlow::PathNode sink +where + UnsafeDeserializationFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "Unsafe deserialization depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql index cbfaa33ca518..262c9d52fe04 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql @@ -15,11 +15,11 @@ import javascript import semmle.javascript.security.dataflow.XxeQuery -import DataFlow::PathGraph +import XxeFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from XxeFlow::PathNode source, XxeFlow::PathNode sink +where XxeFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against external entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql index 0a00511c86b6..c7cd82938ccc 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.XpathInjectionQuery -import DataFlow::PathGraph +import XpathInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from XpathInjectionFlow::PathNode source, XpathInjectionFlow::PathNode sink +where XpathInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql index de302e53871e..b0e761257cb5 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql @@ -16,10 +16,10 @@ import javascript import semmle.javascript.security.dataflow.RegExpInjectionQuery -import DataFlow::PathGraph +import RegExpInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from RegExpInjectionFlow::PathNode source, RegExpInjectionFlow::PathNode sink +where RegExpInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "This regular expression is constructed from a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql index 1c05ba2424f0..dacaa08a1b2a 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql @@ -15,11 +15,11 @@ import javascript import semmle.javascript.security.dataflow.XmlBombQuery -import DataFlow::PathGraph +import XmlBombFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from XmlBombFlow::PathNode source, XmlBombFlow::PathNode sink +where XmlBombFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against uncontrolled entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql index eae399ea00fe..a939794e375d 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql @@ -20,11 +20,14 @@ import javascript import semmle.javascript.security.dataflow.PrototypePollutingAssignmentQuery -import DataFlow::PathGraph +import PrototypePollutingAssignmentFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from + PrototypePollutingAssignmentFlow::PathNode source, PrototypePollutingAssignmentFlow::PathNode sink +where + PrototypePollutingAssignmentFlow::flowPath(source, sink) and + source.getNode() instanceof HeuristicSource select sink, source, sink, "This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected b/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected index 848264b661b1..6546ece25682 100644 --- a/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected +++ b/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected @@ -1,157 +1,67 @@ -nodes -| check-domain.js:16:9:16:27 | url | -| check-domain.js:16:15:16:27 | req.query.url | -| check-domain.js:16:15:16:27 | req.query.url | -| check-domain.js:17:13:17:15 | url | -| check-domain.js:17:13:17:15 | url | -| check-domain.js:26:15:26:27 | req.query.url | -| check-domain.js:26:15:26:27 | req.query.url | -| check-domain.js:26:15:26:27 | req.query.url | -| check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | -| check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | -| check-path.js:19:27:19:43 | req.query.tainted | -| check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:27:23:43 | req.query.tainted | -| check-path.js:23:27:23:43 | req.query.tainted | -| check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:29:33:45 | req.query.tainted | -| check-path.js:33:29:33:45 | req.query.tainted | -| check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | -| check-path.js:37:29:37:45 | req.query.tainted | -| check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | -| check-path.js:45:26:45:42 | req.query.tainted | -| check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | -| check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | -| check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | -| check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | -| check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | -| check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | -| check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | -| check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | -| check-validator.js:54:9:54:37 | numberURL | -| check-validator.js:54:21:54:37 | req.query.tainted | -| check-validator.js:54:21:54:37 | req.query.tainted | -| check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | -| check-validator.js:62:15:62:37 | "test.c ... mberURL | -| check-validator.js:62:15:62:37 | "test.c ... mberURL | -| check-validator.js:62:29:62:37 | numberURL | -| check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | edges | check-domain.js:16:9:16:27 | url | check-domain.js:17:13:17:15 | url | -| check-domain.js:16:9:16:27 | url | check-domain.js:17:13:17:15 | url | | check-domain.js:16:15:16:27 | req.query.url | check-domain.js:16:9:16:27 | url | -| check-domain.js:16:15:16:27 | req.query.url | check-domain.js:16:9:16:27 | url | -| check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | | check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | | check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | | check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | | check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | | check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | | check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | | check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | | check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | | check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | | check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | | check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | | check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | | check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | | check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | | check-validator.js:54:9:54:37 | numberURL | check-validator.js:62:29:62:37 | numberURL | | check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:54:9:54:37 | numberURL | -| check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:54:9:54:37 | numberURL | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | | check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:62:29:62:37 | numberURL | check-validator.js:62:15:62:37 | "test.c ... mberURL | | check-validator.js:62:29:62:37 | numberURL | check-validator.js:62:15:62:37 | "test.c ... mberURL | | check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | +nodes +| check-domain.js:16:9:16:27 | url | semmle.label | url | +| check-domain.js:16:15:16:27 | req.query.url | semmle.label | req.query.url | +| check-domain.js:17:13:17:15 | url | semmle.label | url | +| check-domain.js:26:15:26:27 | req.query.url | semmle.label | req.query.url | +| check-middleware.js:9:13:9:43 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-middleware.js:9:27:9:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:19:13:19:43 | 'test.c ... tainted | semmle.label | 'test.c ... tainted | +| check-path.js:19:27:19:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:23:13:23:45 | `/addre ... inted}` | semmle.label | `/addre ... inted}` | +| check-path.js:23:27:23:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:33:15:33:45 | 'test.c ... tainted | semmle.label | 'test.c ... tainted | +| check-path.js:33:29:33:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:37:15:37:45 | 'test.c ... tainted | semmle.label | 'test.c ... tainted | +| check-path.js:37:29:37:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:45:13:45:44 | `${base ... inted}` | semmle.label | `${base ... inted}` | +| check-path.js:45:26:45:42 | req.query.tainted | semmle.label | req.query.tainted | +| check-regex.js:16:15:16:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-regex.js:16:29:16:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-regex.js:24:15:24:42 | baseURL ... tainted | semmle.label | baseURL ... tainted | +| check-regex.js:24:25:24:42 | req.params.tainted | semmle.label | req.params.tainted | +| check-regex.js:31:15:31:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-regex.js:31:29:31:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-regex.js:34:15:34:42 | baseURL ... tainted | semmle.label | baseURL ... tainted | +| check-regex.js:34:25:34:42 | req.params.tainted | semmle.label | req.params.tainted | +| check-regex.js:41:13:41:43 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-regex.js:41:27:41:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:15:15:15:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:15:29:15:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:27:15:27:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:27:29:27:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:50:15:50:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:50:29:50:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:54:9:54:37 | numberURL | semmle.label | numberURL | +| check-validator.js:54:21:54:37 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:59:15:59:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:59:29:59:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:62:15:62:37 | "test.c ... mberURL | semmle.label | "test.c ... mberURL | +| check-validator.js:62:29:62:37 | numberURL | semmle.label | numberURL | +| check-validator.js:68:15:68:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:68:29:68:45 | req.query.tainted | semmle.label | req.query.tainted | +subpaths #select | check-domain.js:17:13:17:15 | url | check-domain.js:16:15:16:27 | req.query.url | check-domain.js:17:13:17:15 | url | The URL of this request depends on a user-provided value. | | check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | The URL of this request depends on a user-provided value. | From ccd6d3dcd7ead062b89c034ef9b807c8607faa5a Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:31:23 +0200 Subject: [PATCH 042/223] JS: Port example queries --- .../dataflow/BackendIdor/BackendIdor.ql | 30 +++++++++---------- .../DecodingAfterSanitization.ql | 22 +++++++------- .../DecodingAfterSanitizationGeneralized.ql | 26 ++++++++-------- .../queries/dataflow/EvalTaint/EvalTaint.ql | 17 ++++++----- .../dataflow/EvalTaint/EvalTaintPath.ql | 20 +++++++------ .../InformationDisclosure.ql | 30 ++++++++++--------- .../queries/dataflow/StoredXss/StoredXss.ql | 6 ++-- .../StoredXss/StoredXssTypeTracking.ql | 6 ++-- .../TemplateInjection/TemplateInjection.ql | 20 ++++++------- 9 files changed, 93 insertions(+), 84 deletions(-) diff --git a/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql b/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql index 322cccd5d2b2..92f5dad50c73 100644 --- a/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql +++ b/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql @@ -9,42 +9,42 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * A taint-tracking configuration that tracks user-controlled values into a 'userId' property sent to a backend service. */ -class IdorTaint extends TaintTracking::Configuration { - IdorTaint() { this = "IdorTaint" } +module IdorTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } + predicate isSink(DataFlow::Node node) { exists(ClientRequest req | node = req.getADataNode()) } - override predicate isSink(Node node) { exists(ClientRequest req | node = req.getADataNode()) } - - override predicate isAdditionalTaintStep(Node pred, Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { // Step from x -> { userId: x } - succ.(SourceNode).getAPropertyWrite("userId").getRhs() = pred + succ.(DataFlow::SourceNode).getAPropertyWrite("userId").getRhs() = pred } - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { + predicate isBarrier(DataFlow::Node node) { // After a check like `if (userId === session.user.id)`, the userId is considered safe. - node instanceof EqualityGuard + node = DataFlow::MakeBarrierGuard::getABarrierNode() } } /** * A sanitizer for values that have successfully been compared to another value. */ -class EqualityGuard extends TaintTracking::SanitizerGuardNode, ValueNode { +class EqualityGuard extends DataFlow::ValueNode { override EqualityTest astNode; - override predicate sanitizes(boolean outcome, Expr e) { + predicate blocksExpr(boolean outcome, Expr e) { e = astNode.getAnOperand() and outcome = astNode.getPolarity() } } -from IdorTaint cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module IdorTaintFlow = TaintTracking::Global; + +import IdorTaintFlow::PathGraph + +from IdorTaintFlow::PathNode source, IdorTaintFlow::PathNode sink +where IdorTaintFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Unauthenticated user ID from $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql index d21cc4531fc0..b83ee8aaee9d 100644 --- a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql +++ b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql @@ -9,23 +9,25 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph -class DecodingAfterSanitization extends TaintTracking::Configuration { - DecodingAfterSanitization() { this = "DecodingAfterSanitization" } - - override predicate isSource(Node node) { node.(CallNode).getCalleeName() = "escapeHtml" } +module DecodingAfterSanitizationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + node.(DataFlow::CallNode).getCalleeName() = "escapeHtml" + } - override predicate isSink(Node node) { - exists(CallNode call | + predicate isSink(DataFlow::Node node) { + exists(DataFlow::CallNode call | call.getCalleeName().matches("decodeURI%") and node = call.getArgument(0) ) } } -from DecodingAfterSanitization cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module DecodingAfterSanitizationFlow = TaintTracking::Global; + +import DecodingAfterSanitizationFlow::PathGraph + +from DecodingAfterSanitizationFlow::PathNode source, DecodingAfterSanitizationFlow::PathNode sink +where DecodingAfterSanitizationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "URI decoding invalidates the HTML sanitization performed $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql index 257872c2752f..d10799a8916e 100644 --- a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql +++ b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql @@ -9,16 +9,14 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * A call to a function that may introduce HTML meta-characters by * replacing `%3C` or `\u003C` with `<`. */ -class DecodingCall extends CallNode { +class DecodingCall extends DataFlow::CallNode { string kind; - Node input; + DataFlow::Node input; DecodingCall() { this.getCalleeName().matches("decodeURI%") and @@ -33,20 +31,24 @@ class DecodingCall extends CallNode { string getKind() { result = kind } /** Gets the input being decoded. */ - Node getInput() { result = input } + DataFlow::Node getInput() { result = input } } -class DecodingAfterSanitization extends TaintTracking::Configuration { - DecodingAfterSanitization() { this = "DecodingAfterSanitization" } +module DecodingAfterSanitizationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof HtmlSanitizerCall } - override predicate isSource(Node node) { node instanceof HtmlSanitizerCall } - - override predicate isSink(Node node) { node = any(DecodingCall c).getInput() } + predicate isSink(DataFlow::Node node) { node = any(DecodingCall c).getInput() } } -from DecodingAfterSanitization cfg, PathNode source, PathNode sink, DecodingCall decoder +module DecodingAfterSanitizationFlow = TaintTracking::Global; + +import DecodingAfterSanitizationFlow::PathGraph + +from + DecodingAfterSanitizationFlow::PathNode source, DecodingAfterSanitizationFlow::PathNode sink, + DecodingCall decoder where - cfg.hasFlowPath(source, sink) and + DecodingAfterSanitizationFlow::flowPath(source, sink) and decoder.getInput() = sink.getNode() select sink.getNode(), source, sink, decoder.getKind() + " invalidates $@.", source.getNode(), "this HTML sanitization" diff --git a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql index 722082374453..2990b3dcf8fc 100644 --- a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql +++ b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql @@ -8,16 +8,17 @@ */ import javascript -import DataFlow -class EvalTaint extends TaintTracking::Configuration { - EvalTaint() { this = "EvalTaint" } +module EvalTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } - - override predicate isSink(Node node) { node = globalVarRef("eval").getACall().getArgument(0) } + predicate isSink(DataFlow::Node node) { + node = DataFlow::globalVarRef("eval").getACall().getArgument(0) + } } -from EvalTaint cfg, Node source, Node sink -where cfg.hasFlow(source, sink) +module EvalTaintFlow = TaintTracking::Global; + +from DataFlow::Node source, DataFlow::Node sink +where EvalTaintFlow::flow(source, sink) select sink, "Eval with user-controlled input from $@.", source, "here" diff --git a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql index 1b07ed151bdc..ca49748bd1d4 100644 --- a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql +++ b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql @@ -9,18 +9,20 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph -class EvalTaint extends TaintTracking::Configuration { - EvalTaint() { this = "EvalTaint" } +module EvalTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } - - override predicate isSink(Node node) { node = globalVarRef("eval").getACall().getArgument(0) } + predicate isSink(DataFlow::Node node) { + node = DataFlow::globalVarRef("eval").getACall().getArgument(0) + } } -from EvalTaint cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module EvalTaintFlow = TaintTracking::Global; + +import EvalTaintFlow::PathGraph + +from EvalTaintFlow::PathNode source, EvalTaintFlow::PathNode sink +where EvalTaintFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Eval with user-controlled input from $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql b/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql index 1fe76a178e2f..64a1c6c801f3 100644 --- a/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql +++ b/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql @@ -9,8 +9,6 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * A dataflow configuration that tracks authentication tokens ("authKey") @@ -26,33 +24,37 @@ import DataFlow::PathGraph * }), '*'); * ``` */ -class AuthKeyTracking extends DataFlow::Configuration { - AuthKeyTracking() { this = "AuthKeyTracking" } - - override predicate isSource(Node node) { node.(PropRead).getPropertyName() = "authKey" } +module AuthKeyTrackingConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + node.(DataFlow::PropRead).getPropertyName() = "authKey" + } - override predicate isSink(Node node) { - exists(MethodCallNode call | + predicate isSink(DataFlow::Node node) { + exists(DataFlow::MethodCallNode call | call.getMethodName() = "postMessage" and call.getArgument(1).getStringValue() = "*" and // no restriction on target origin call.getArgument(0) = node ) } - override predicate isAdditionalFlowStep(Node pred, Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { // Step into objects: x -> { f: x } - succ.(SourceNode).getAPropertyWrite().getRhs() = pred + succ.(DataFlow::SourceNode).getAPropertyWrite().getRhs() = pred or // Step through JSON serialization: x -> JSON.stringify(x) // Note: TaintTracking::Configuration includes this step by default, but not DataFlow::Configuration - exists(CallNode call | - call = globalVarRef("JSON").getAMethodCall("stringify") and + exists(DataFlow::CallNode call | + call = DataFlow::globalVarRef("JSON").getAMethodCall("stringify") and pred = call.getArgument(0) and succ = call ) } } -from AuthKeyTracking cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module AuthKeyTracking = DataFlow::Global; + +import AuthKeyTracking::PathGraph + +from AuthKeyTracking::PathNode source, AuthKeyTracking::PathNode sink +where AuthKeyTracking::flowPath(source, sink) select sink.getNode(), source, sink, "Message leaks the authKey from $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql index c31095d4995c..09cbd0492007 100644 --- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql +++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql @@ -9,7 +9,7 @@ import javascript import semmle.javascript.security.dataflow.StoredXssQuery -import DataFlow::PathGraph +import StoredXssFlow::PathGraph /** * The data returned from a MySQL query, such as the `data` parameter in this example: @@ -31,6 +31,6 @@ class MysqlSource extends Source { } } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink +where StoredXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value." diff --git a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql index f10479daf934..e92667a8c0fe 100644 --- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql +++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql @@ -10,7 +10,7 @@ import javascript import semmle.javascript.security.dataflow.StoredXssQuery -import DataFlow::PathGraph +import StoredXssFlow::PathGraph /** * Gets an instance of `mysql.createConnection()`, tracked globally. @@ -45,6 +45,6 @@ class MysqlSource extends Source { MysqlSource() { this = mysqlConnection().getAMethodCall("query").getCallback(1).getParameter(1) } } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink +where StoredXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value." diff --git a/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql b/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql index b146b19e54dd..51aa6c6a7c3c 100644 --- a/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql +++ b/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql @@ -8,8 +8,6 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * Gets the name of an unescaped placeholder in a lodash template. @@ -21,13 +19,11 @@ string getAPlaceholderInString(string s) { result = s.regexpCapture(".*<%=\\s*([a-zA-Z0-9_]+)\\s*%>.*", 1) } -class TemplateInjection extends TaintTracking::Configuration { - TemplateInjection() { this = "TemplateInjection" } +module TemplateInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } - - override predicate isSink(Node node) { - exists(CallNode call, string placeholder | + predicate isSink(DataFlow::Node node) { + exists(DataFlow::CallNode call, string placeholder | call = LodashUnderscore::member("template").getACall() and placeholder = getAPlaceholderInString(call.getArgument(0).getStringValue()) and node = call.getOptionArgument(1, placeholder) @@ -35,7 +31,11 @@ class TemplateInjection extends TaintTracking::Configuration { } } -from TemplateInjection cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module TemplateInjectionFlow = TaintTracking::Global; + +import TemplateInjectionFlow::PathGraph + +from TemplateInjectionFlow::PathNode source, TemplateInjectionFlow::PathNode sink +where TemplateInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "User-controlled value from $@ occurs unescaped in a lodash template.", source.getNode(), "here." From 17233a67493f2fbcf57e90a8a82fccf595e92bc9 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:11:54 +0200 Subject: [PATCH 043/223] JS: Port CommandInjection --- .../dataflow/CommandInjectionQuery.qll | 44 +- .../src/Security/CWE-078/CommandInjection.ql | 12 +- .../CommandInjection.expected | 436 ++++++------------ 3 files changed, 181 insertions(+), 311 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll index c8e11e04477c..bb93c6320f1a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll @@ -11,25 +11,41 @@ import javascript import CommandInjectionCustomizations::CommandInjection import IndirectCommandArgument +/** + * Holds if `sink` is a data flow sink for command-injection vulnerabilities, and + * the alert should be placed at the node `highlight`. + */ +predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { + sink instanceof Sink and highlight = sink + or + isIndirectCommandArgument(sink, highlight) +} + /** * A taint-tracking configuration for reasoning about command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CommandInjection" } +module CommandInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { isSinkWithHighlight(sink, _) } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about command-injection vulnerabilities. + */ +module CommandInjectionFlow = TaintTracking::Global; - override predicate isSource(DataFlow::Node source) { source instanceof Source } +/** + * DEPRECATED. Use the `CommandInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "CommandInjection" } - /** - * Holds if `sink` is a data flow sink for command-injection vulnerabilities, and - * the alert should be placed at the node `highlight`. - */ - predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { - sink instanceof Sink and highlight = sink - or - isIndirectCommandArgument(sink, highlight) - } + override predicate isSource(DataFlow::Node source) { CommandInjectionConfig::isSource(source) } - override predicate isSink(DataFlow::Node sink) { this.isSinkWithHighlight(sink, _) } + override predicate isSink(DataFlow::Node sink) { CommandInjectionConfig::isSink(sink) } - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } + override predicate isSanitizer(DataFlow::Node node) { CommandInjectionConfig::isBarrier(node) } } diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql index f09a93c4d407..b1e14622304c 100644 --- a/javascript/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/CommandInjection.ql @@ -15,16 +15,16 @@ import javascript import semmle.javascript.security.dataflow.CommandInjectionQuery -import DataFlow::PathGraph +import CommandInjectionFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight, - Source sourceNode + CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, + DataFlow::Node highlight, Source sourceNode where - cfg.hasFlowPath(source, sink) and + CommandInjectionFlow::flowPath(source, sink) and ( - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + if isSinkWithHighlight(sink.getNode(), _) + then isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() ) and sourceNode = source.getNode() diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected index fb8bc60e6736..6126cef4888c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected @@ -1,370 +1,224 @@ -nodes -| actions.js:8:9:8:57 | title | -| actions.js:8:17:8:57 | github. ... t.title | -| actions.js:8:17:8:57 | github. ... t.title | -| actions.js:9:8:9:22 | `echo ${title}` | -| actions.js:9:8:9:22 | `echo ${title}` | -| actions.js:9:16:9:20 | title | -| actions.js:18:9:18:63 | head_ref | -| actions.js:18:20:18:63 | github. ... ead.ref | -| actions.js:18:20:18:63 | github. ... ead.ref | -| actions.js:19:14:19:31 | `echo ${head_ref}` | -| actions.js:19:14:19:31 | `echo ${head_ref}` | -| actions.js:19:22:19:29 | head_ref | -| child_process-test.js:6:9:6:49 | cmd | -| child_process-test.js:6:15:6:38 | url.par ... , true) | -| child_process-test.js:6:15:6:44 | url.par ... ).query | -| child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:25:6:31 | req.url | -| child_process-test.js:6:25:6:31 | req.url | -| child_process-test.js:17:13:17:15 | cmd | -| child_process-test.js:17:13:17:15 | cmd | -| child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:19:17:19:19 | cmd | -| child_process-test.js:19:17:19:19 | cmd | -| child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:21:14:21:16 | cmd | -| child_process-test.js:21:14:21:16 | cmd | -| child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:23:13:23:15 | cmd | -| child_process-test.js:23:13:23:15 | cmd | -| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:25:21:25:23 | cmd | -| child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:43:15:43:17 | cmd | -| child_process-test.js:43:15:43:17 | cmd | -| child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:53:15:53:17 | cmd | -| child_process-test.js:53:15:53:17 | cmd | -| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:46:56:57 | ["bar", cmd] | -| child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:57:46:57:48 | cmd | -| child_process-test.js:73:9:73:49 | cmd | -| child_process-test.js:73:15:73:38 | url.par ... , true) | -| child_process-test.js:73:15:73:44 | url.par ... ).query | -| child_process-test.js:73:15:73:49 | url.par ... ry.path | -| child_process-test.js:73:25:73:31 | req.url | -| child_process-test.js:73:25:73:31 | req.url | -| child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| child_process-test.js:94:21:94:30 | ctx.params | -| child_process-test.js:94:21:94:30 | ctx.params | -| child_process-test.js:94:21:94:35 | ctx.params.host | -| exec-sh2.js:9:17:9:23 | command | -| exec-sh2.js:10:40:10:46 | command | -| exec-sh2.js:10:40:10:46 | command | -| exec-sh2.js:14:9:14:49 | cmd | -| exec-sh2.js:14:15:14:38 | url.par ... , true) | -| exec-sh2.js:14:15:14:44 | url.par ... ).query | -| exec-sh2.js:14:15:14:49 | url.par ... ry.path | -| exec-sh2.js:14:25:14:31 | req.url | -| exec-sh2.js:14:25:14:31 | req.url | -| exec-sh2.js:15:12:15:14 | cmd | -| exec-sh.js:13:17:13:23 | command | -| exec-sh.js:15:44:15:50 | command | -| exec-sh.js:15:44:15:50 | command | -| exec-sh.js:19:9:19:49 | cmd | -| exec-sh.js:19:15:19:38 | url.par ... , true) | -| exec-sh.js:19:15:19:44 | url.par ... ).query | -| exec-sh.js:19:15:19:49 | url.par ... ry.path | -| exec-sh.js:19:25:19:31 | req.url | -| exec-sh.js:19:25:19:31 | req.url | -| exec-sh.js:20:12:20:14 | cmd | -| execSeries.js:3:20:3:22 | arr | -| execSeries.js:6:14:6:16 | arr | -| execSeries.js:6:14:6:21 | arr[i++] | -| execSeries.js:13:19:13:26 | commands | -| execSeries.js:14:13:14:20 | commands | -| execSeries.js:14:24:14:30 | command | -| execSeries.js:14:41:14:47 | command | -| execSeries.js:14:41:14:47 | command | -| execSeries.js:18:7:18:58 | cmd | -| execSeries.js:18:13:18:47 | require ... , true) | -| execSeries.js:18:13:18:53 | require ... ).query | -| execSeries.js:18:13:18:58 | require ... ry.path | -| execSeries.js:18:34:18:40 | req.url | -| execSeries.js:18:34:18:40 | req.url | -| execSeries.js:19:12:19:16 | [cmd] | -| execSeries.js:19:13:19:15 | cmd | -| form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:9:19:9:26 | req.file | -| form-parsers.js:9:19:9:26 | req.file | -| form-parsers.js:9:19:9:39 | req.fil ... nalname | -| form-parsers.js:13:3:13:11 | req.files | -| form-parsers.js:13:3:13:11 | req.files | -| form-parsers.js:13:21:13:24 | file | -| form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:14:21:14:24 | file | -| form-parsers.js:14:21:14:37 | file.originalname | -| form-parsers.js:24:48:24:55 | filename | -| form-parsers.js:24:48:24:55 | filename | -| form-parsers.js:25:10:25:28 | "touch " + filename | -| form-parsers.js:25:10:25:28 | "touch " + filename | -| form-parsers.js:25:21:25:28 | filename | -| form-parsers.js:35:25:35:30 | fields | -| form-parsers.js:35:25:35:30 | fields | -| form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:36:21:36:26 | fields | -| form-parsers.js:36:21:36:31 | fields.name | -| form-parsers.js:40:26:40:31 | fields | -| form-parsers.js:40:26:40:31 | fields | -| form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:41:21:41:26 | fields | -| form-parsers.js:41:21:41:31 | fields.name | -| form-parsers.js:52:34:52:39 | fields | -| form-parsers.js:52:34:52:39 | fields | -| form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:53:21:53:26 | fields | -| form-parsers.js:53:21:53:31 | fields.name | -| form-parsers.js:58:30:58:33 | part | -| form-parsers.js:58:30:58:33 | part | -| form-parsers.js:59:10:59:33 | "touch ... ilename | -| form-parsers.js:59:10:59:33 | "touch ... ilename | -| form-parsers.js:59:21:59:24 | part | -| form-parsers.js:59:21:59:33 | part.filename | -| other.js:5:9:5:49 | cmd | -| other.js:5:15:5:38 | url.par ... , true) | -| other.js:5:15:5:44 | url.par ... ).query | -| other.js:5:15:5:49 | url.par ... ry.path | -| other.js:5:25:5:31 | req.url | -| other.js:5:25:5:31 | req.url | -| other.js:7:33:7:35 | cmd | -| other.js:7:33:7:35 | cmd | -| other.js:8:28:8:30 | cmd | -| other.js:8:28:8:30 | cmd | -| other.js:9:32:9:34 | cmd | -| other.js:9:32:9:34 | cmd | -| other.js:10:29:10:31 | cmd | -| other.js:10:29:10:31 | cmd | -| other.js:11:29:11:31 | cmd | -| other.js:11:29:11:31 | cmd | -| other.js:12:27:12:29 | cmd | -| other.js:12:27:12:29 | cmd | -| other.js:14:28:14:30 | cmd | -| other.js:14:28:14:30 | cmd | -| other.js:15:34:15:36 | cmd | -| other.js:15:34:15:36 | cmd | -| other.js:16:21:16:23 | cmd | -| other.js:16:21:16:23 | cmd | -| other.js:17:27:17:29 | cmd | -| other.js:17:27:17:29 | cmd | -| other.js:18:22:18:24 | cmd | -| other.js:18:22:18:24 | cmd | -| other.js:19:36:19:38 | cmd | -| other.js:19:36:19:38 | cmd | -| other.js:22:21:22:23 | cmd | -| other.js:22:21:22:23 | cmd | -| other.js:23:28:23:30 | cmd | -| other.js:23:28:23:30 | cmd | -| other.js:26:34:26:36 | cmd | -| other.js:26:34:26:36 | cmd | -| other.js:28:27:28:29 | cmd | -| other.js:28:27:28:29 | cmd | -| other.js:30:33:30:35 | cmd | -| other.js:30:33:30:35 | cmd | -| other.js:34:44:34:46 | cmd | -| other.js:34:44:34:46 | cmd | -| third-party-command-injection.js:5:20:5:26 | command | -| third-party-command-injection.js:5:20:5:26 | command | -| third-party-command-injection.js:6:21:6:27 | command | -| third-party-command-injection.js:6:21:6:27 | command | edges | actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title | | actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | -| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | -| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | | actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | | actions.js:18:9:18:63 | head_ref | actions.js:19:22:19:29 | head_ref | | actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | -| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | | actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | -| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:25:21:25:23 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:57:46:57:48 | cmd | -| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:44 | url.par ... ).query | -| child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:9:6:49 | cmd | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | | child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd | | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | -| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | | child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | | child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | +| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | +| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | | child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] | +| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | | child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | | child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:15:73:44 | url.par ... ).query | -| child_process-test.js:73:15:73:44 | url.par ... ).query | child_process-test.js:73:15:73:49 | url.par ... ry.path | -| child_process-test.js:73:15:73:49 | url.par ... ry.path | child_process-test.js:73:9:73:49 | cmd | -| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | +| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:9:73:49 | cmd | | child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | -| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:21:94:35 | ctx.params.host | -| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:21:94:35 | ctx.params.host | -| child_process-test.js:94:21:94:35 | ctx.params.host | child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| child_process-test.js:94:21:94:35 | ctx.params.host | child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | +| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | | exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | | exec-sh2.js:14:9:14:49 | cmd | exec-sh2.js:15:12:15:14 | cmd | -| exec-sh2.js:14:15:14:38 | url.par ... , true) | exec-sh2.js:14:15:14:44 | url.par ... ).query | -| exec-sh2.js:14:15:14:44 | url.par ... ).query | exec-sh2.js:14:15:14:49 | url.par ... ry.path | -| exec-sh2.js:14:15:14:49 | url.par ... ry.path | exec-sh2.js:14:9:14:49 | cmd | -| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) | +| exec-sh2.js:14:15:14:38 | url.par ... , true) | exec-sh2.js:14:9:14:49 | cmd | | exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) | | exec-sh2.js:15:12:15:14 | cmd | exec-sh2.js:9:17:9:23 | command | | exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command | -| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command | | exec-sh.js:19:9:19:49 | cmd | exec-sh.js:20:12:20:14 | cmd | -| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:15:19:44 | url.par ... ).query | -| exec-sh.js:19:15:19:44 | url.par ... ).query | exec-sh.js:19:15:19:49 | url.par ... ry.path | -| exec-sh.js:19:15:19:49 | url.par ... ry.path | exec-sh.js:19:9:19:49 | cmd | -| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | +| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:9:19:49 | cmd | | exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | | exec-sh.js:20:12:20:14 | cmd | exec-sh.js:13:17:13:23 | command | +| execSeries.js:3:20:3:22 | arr | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | | execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr | +| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | +| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:6:14:6:16 | arr [0] | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | execSeries.js:6:14:6:16 | arr [0] | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | execSeries.js:6:14:6:16 | arr | | execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] | +| execSeries.js:6:14:6:16 | arr [0] | execSeries.js:6:14:6:21 | arr[i++] | | execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command | | execSeries.js:13:19:13:26 | commands | execSeries.js:14:13:14:20 | commands | +| execSeries.js:13:19:13:26 | commands [0] | execSeries.js:14:13:14:20 | commands [0] | | execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr | -| execSeries.js:14:13:14:20 | commands | execSeries.js:14:24:14:30 | command | -| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | +| execSeries.js:14:13:14:20 | commands [0] | execSeries.js:3:20:3:22 | arr [0] | | execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | | execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd | -| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:13:18:53 | require ... ).query | -| execSeries.js:18:13:18:53 | require ... ).query | execSeries.js:18:13:18:58 | require ... ry.path | -| execSeries.js:18:13:18:58 | require ... ry.path | execSeries.js:18:7:18:58 | cmd | -| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | +| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:7:18:58 | cmd | | execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | | execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands | +| execSeries.js:19:12:19:16 | [cmd] [0] | execSeries.js:13:19:13:26 | commands [0] | | execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] | -| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | -| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | -| form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | +| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] [0] | +| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | | form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | | form-parsers.js:13:21:13:24 | file | form-parsers.js:14:21:14:24 | file | -| form-parsers.js:14:21:14:24 | file | form-parsers.js:14:21:14:37 | file.originalname | -| form-parsers.js:14:21:14:37 | file.originalname | form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:14:21:14:37 | file.originalname | form-parsers.js:14:10:14:37 | "touch ... nalname | +| form-parsers.js:14:21:14:24 | file | form-parsers.js:14:10:14:37 | "touch ... nalname | | form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename | -| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename | -| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | | form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | | form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields | -| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields | -| form-parsers.js:36:21:36:26 | fields | form-parsers.js:36:21:36:31 | fields.name | -| form-parsers.js:36:21:36:31 | fields.name | form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:36:21:36:31 | fields.name | form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields | +| form-parsers.js:36:21:36:26 | fields | form-parsers.js:36:10:36:31 | "touch ... ds.name | | form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields | -| form-parsers.js:41:21:41:26 | fields | form-parsers.js:41:21:41:31 | fields.name | -| form-parsers.js:41:21:41:31 | fields.name | form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:41:21:41:31 | fields.name | form-parsers.js:41:10:41:31 | "touch ... ds.name | +| form-parsers.js:41:21:41:26 | fields | form-parsers.js:41:10:41:31 | "touch ... ds.name | | form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields | -| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields | -| form-parsers.js:53:21:53:26 | fields | form-parsers.js:53:21:53:31 | fields.name | -| form-parsers.js:53:21:53:31 | fields.name | form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:53:21:53:31 | fields.name | form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part | +| form-parsers.js:53:21:53:26 | fields | form-parsers.js:53:10:53:31 | "touch ... ds.name | | form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part | -| form-parsers.js:59:21:59:24 | part | form-parsers.js:59:21:59:33 | part.filename | -| form-parsers.js:59:21:59:33 | part.filename | form-parsers.js:59:10:59:33 | "touch ... ilename | -| form-parsers.js:59:21:59:33 | part.filename | form-parsers.js:59:10:59:33 | "touch ... ilename | +| form-parsers.js:59:21:59:24 | part | form-parsers.js:59:10:59:33 | "touch ... ilename | | other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd | | other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd | | other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd | -| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd | -| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd | | other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd | | other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd | | other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd | | other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd | | other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd | | other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd | -| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd | | other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd | | other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd | | other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd | -| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd | -| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd | | other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd | | other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd | | other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd | | other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd | | other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd | | other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd | -| other.js:5:15:5:38 | url.par ... , true) | other.js:5:15:5:44 | url.par ... ).query | -| other.js:5:15:5:44 | url.par ... ).query | other.js:5:15:5:49 | url.par ... ry.path | -| other.js:5:15:5:49 | url.par ... ry.path | other.js:5:9:5:49 | cmd | +| other.js:5:15:5:38 | url.par ... , true) | other.js:5:9:5:49 | cmd | | other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | -| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | | third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | +nodes +| actions.js:8:9:8:57 | title | semmle.label | title | +| actions.js:8:17:8:57 | github. ... t.title | semmle.label | github. ... t.title | +| actions.js:9:8:9:22 | `echo ${title}` | semmle.label | `echo ${title}` | +| actions.js:9:16:9:20 | title | semmle.label | title | +| actions.js:18:9:18:63 | head_ref | semmle.label | head_ref | +| actions.js:18:20:18:63 | github. ... ead.ref | semmle.label | github. ... ead.ref | +| actions.js:19:14:19:31 | `echo ${head_ref}` | semmle.label | `echo ${head_ref}` | +| actions.js:19:22:19:29 | head_ref | semmle.label | head_ref | +| child_process-test.js:6:9:6:49 | cmd | semmle.label | cmd | +| child_process-test.js:6:15:6:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| child_process-test.js:6:15:6:49 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| child_process-test.js:6:15:6:49 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| child_process-test.js:6:25:6:31 | req.url | semmle.label | req.url | +| child_process-test.js:17:13:17:15 | cmd | semmle.label | cmd | +| child_process-test.js:18:17:18:19 | cmd | semmle.label | cmd | +| child_process-test.js:19:17:19:19 | cmd | semmle.label | cmd | +| child_process-test.js:20:21:20:23 | cmd | semmle.label | cmd | +| child_process-test.js:21:14:21:16 | cmd | semmle.label | cmd | +| child_process-test.js:22:18:22:20 | cmd | semmle.label | cmd | +| child_process-test.js:23:13:23:15 | cmd | semmle.label | cmd | +| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | semmle.label | "foo" + cmd + "bar" | +| child_process-test.js:25:21:25:23 | cmd | semmle.label | cmd | +| child_process-test.js:39:26:39:28 | cmd | semmle.label | cmd | +| child_process-test.js:43:15:43:17 | cmd | semmle.label | cmd | +| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd | +| child_process-test.js:53:15:53:17 | cmd | semmle.label | cmd | +| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | semmle.label | ['/C', ... , cmd]) | +| child_process-test.js:56:46:56:57 | ["bar", cmd] | semmle.label | ["bar", cmd] | +| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | semmle.label | ["bar", cmd] [1] | +| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd | +| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd | +| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | semmle.label | ['/C', ... at(cmd) | +| child_process-test.js:57:46:57:48 | cmd | semmle.label | cmd | +| child_process-test.js:73:9:73:49 | cmd | semmle.label | cmd | +| child_process-test.js:73:15:73:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| child_process-test.js:73:25:73:31 | req.url | semmle.label | req.url | +| child_process-test.js:75:29:75:31 | cmd | semmle.label | cmd | +| child_process-test.js:83:19:83:36 | req.query.fileName | semmle.label | req.query.fileName | +| child_process-test.js:94:11:94:35 | "ping " ... ms.host | semmle.label | "ping " ... ms.host | +| child_process-test.js:94:21:94:30 | ctx.params | semmle.label | ctx.params | +| exec-sh2.js:9:17:9:23 | command | semmle.label | command | +| exec-sh2.js:10:40:10:46 | command | semmle.label | command | +| exec-sh2.js:14:9:14:49 | cmd | semmle.label | cmd | +| exec-sh2.js:14:15:14:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| exec-sh2.js:14:25:14:31 | req.url | semmle.label | req.url | +| exec-sh2.js:15:12:15:14 | cmd | semmle.label | cmd | +| exec-sh.js:13:17:13:23 | command | semmle.label | command | +| exec-sh.js:15:44:15:50 | command | semmle.label | command | +| exec-sh.js:19:9:19:49 | cmd | semmle.label | cmd | +| exec-sh.js:19:15:19:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| exec-sh.js:19:25:19:31 | req.url | semmle.label | req.url | +| exec-sh.js:20:12:20:14 | cmd | semmle.label | cmd | +| execSeries.js:3:20:3:22 | arr | semmle.label | arr | +| execSeries.js:3:20:3:22 | arr [0] | semmle.label | arr [0] | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | semmle.label | (functi ... );\\n }) [arr, 0] | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | semmle.label | (functi ... );\\n }) [arr] | +| execSeries.js:6:14:6:16 | arr | semmle.label | arr | +| execSeries.js:6:14:6:16 | arr [0] | semmle.label | arr [0] | +| execSeries.js:6:14:6:21 | arr[i++] | semmle.label | arr[i++] | +| execSeries.js:13:19:13:26 | commands | semmle.label | commands | +| execSeries.js:13:19:13:26 | commands [0] | semmle.label | commands [0] | +| execSeries.js:14:13:14:20 | commands | semmle.label | commands | +| execSeries.js:14:13:14:20 | commands [0] | semmle.label | commands [0] | +| execSeries.js:14:24:14:30 | command | semmle.label | command | +| execSeries.js:14:41:14:47 | command | semmle.label | command | +| execSeries.js:18:7:18:58 | cmd | semmle.label | cmd | +| execSeries.js:18:13:18:47 | require ... , true) | semmle.label | require ... , true) | +| execSeries.js:18:34:18:40 | req.url | semmle.label | req.url | +| execSeries.js:19:12:19:16 | [cmd] | semmle.label | [cmd] | +| execSeries.js:19:12:19:16 | [cmd] [0] | semmle.label | [cmd] [0] | +| execSeries.js:19:13:19:15 | cmd | semmle.label | cmd | +| form-parsers.js:9:8:9:39 | "touch ... nalname | semmle.label | "touch ... nalname | +| form-parsers.js:9:19:9:26 | req.file | semmle.label | req.file | +| form-parsers.js:13:3:13:11 | req.files | semmle.label | req.files | +| form-parsers.js:13:21:13:24 | file | semmle.label | file | +| form-parsers.js:14:10:14:37 | "touch ... nalname | semmle.label | "touch ... nalname | +| form-parsers.js:14:21:14:24 | file | semmle.label | file | +| form-parsers.js:24:48:24:55 | filename | semmle.label | filename | +| form-parsers.js:25:10:25:28 | "touch " + filename | semmle.label | "touch " + filename | +| form-parsers.js:25:21:25:28 | filename | semmle.label | filename | +| form-parsers.js:35:25:35:30 | fields | semmle.label | fields | +| form-parsers.js:36:10:36:31 | "touch ... ds.name | semmle.label | "touch ... ds.name | +| form-parsers.js:36:21:36:26 | fields | semmle.label | fields | +| form-parsers.js:40:26:40:31 | fields | semmle.label | fields | +| form-parsers.js:41:10:41:31 | "touch ... ds.name | semmle.label | "touch ... ds.name | +| form-parsers.js:41:21:41:26 | fields | semmle.label | fields | +| form-parsers.js:52:34:52:39 | fields | semmle.label | fields | +| form-parsers.js:53:10:53:31 | "touch ... ds.name | semmle.label | "touch ... ds.name | +| form-parsers.js:53:21:53:26 | fields | semmle.label | fields | +| form-parsers.js:58:30:58:33 | part | semmle.label | part | +| form-parsers.js:59:10:59:33 | "touch ... ilename | semmle.label | "touch ... ilename | +| form-parsers.js:59:21:59:24 | part | semmle.label | part | +| other.js:5:9:5:49 | cmd | semmle.label | cmd | +| other.js:5:15:5:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| other.js:5:25:5:31 | req.url | semmle.label | req.url | +| other.js:7:33:7:35 | cmd | semmle.label | cmd | +| other.js:8:28:8:30 | cmd | semmle.label | cmd | +| other.js:9:32:9:34 | cmd | semmle.label | cmd | +| other.js:10:29:10:31 | cmd | semmle.label | cmd | +| other.js:11:29:11:31 | cmd | semmle.label | cmd | +| other.js:12:27:12:29 | cmd | semmle.label | cmd | +| other.js:14:28:14:30 | cmd | semmle.label | cmd | +| other.js:15:34:15:36 | cmd | semmle.label | cmd | +| other.js:16:21:16:23 | cmd | semmle.label | cmd | +| other.js:17:27:17:29 | cmd | semmle.label | cmd | +| other.js:18:22:18:24 | cmd | semmle.label | cmd | +| other.js:19:36:19:38 | cmd | semmle.label | cmd | +| other.js:22:21:22:23 | cmd | semmle.label | cmd | +| other.js:23:28:23:30 | cmd | semmle.label | cmd | +| other.js:26:34:26:36 | cmd | semmle.label | cmd | +| other.js:28:27:28:29 | cmd | semmle.label | cmd | +| other.js:30:33:30:35 | cmd | semmle.label | cmd | +| other.js:34:44:34:46 | cmd | semmle.label | cmd | +| third-party-command-injection.js:5:20:5:26 | command | semmle.label | command | +| third-party-command-injection.js:6:21:6:27 | command | semmle.label | command | +subpaths #select | actions.js:9:8:9:22 | `echo ${title}` | actions.js:8:17:8:57 | github. ... t.title | actions.js:9:8:9:22 | `echo ${title}` | This command line depends on a $@. | actions.js:8:17:8:57 | github. ... t.title | user-provided value | | actions.js:19:14:19:31 | `echo ${head_ref}` | actions.js:18:20:18:63 | github. ... ead.ref | actions.js:19:14:19:31 | `echo ${head_ref}` | This command line depends on a $@. | actions.js:18:20:18:63 | github. ... ead.ref | user-provided value | From fcfab5238e4bcde13202e6dc7aa80a20609f9907 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:21:39 +0200 Subject: [PATCH 044/223] JS: Port CodeInjection --- .../security/dataflow/CodeInjectionQuery.qll | 28 +- .../ql/src/Security/CWE-094/CodeInjection.ql | 6 +- .../Templating/CodeInjection.expected | 151 +++---- .../CodeInjection/CodeInjection.expected | 384 +++++------------- 4 files changed, 165 insertions(+), 404 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll index ea57dd735881..811a9575504f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll @@ -13,7 +13,28 @@ import CodeInjectionCustomizations::CodeInjection /** * A taint-tracking configuration for reasoning about code injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module CodeInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + // HTML sanitizers are insufficient protection against code injection + node1 = node2.(HtmlSanitizerCall).getInput() + } +} + +/** + * Taint-tracking for reasoning about code injection vulnerabilities. + */ +module CodeInjectionFlow = TaintTracking::Global; + +/** + * DEPRRECATED. Use the `CodeInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "CodeInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -25,8 +46,7 @@ class Configuration extends TaintTracking::Configuration { node instanceof Sanitizer } - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - // HTML sanitizers are insufficient protection against code injection - src = trg.(HtmlSanitizerCall).getInput() + override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + CodeInjectionConfig::isAdditionalFlowStep(node1, node2) } } diff --git a/javascript/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/Security/CWE-094/CodeInjection.ql index a4ed71e2949b..c08f75bb673b 100644 --- a/javascript/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/Security/CWE-094/CodeInjection.ql @@ -16,9 +16,9 @@ import javascript import semmle.javascript.security.dataflow.CodeInjectionQuery -import DataFlow::PathGraph +import CodeInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +where CodeInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, sink.getNode().(Sink).getMessagePrefix() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected b/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected index 48b2111a4a2b..de308fdabdfc 100644 --- a/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected +++ b/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected @@ -1,140 +1,83 @@ -nodes -| app.js:15:30:15:58 | req.que ... tedCode | -| app.js:15:30:15:58 | req.que ... tedCode | -| app.js:17:25:17:48 | req.que ... shSink1 | -| app.js:17:25:17:48 | req.que ... shSink1 | -| app.js:19:35:19:68 | req.que ... rString | -| app.js:19:35:19:68 | req.que ... rString | -| app.js:34:30:34:58 | req.que ... tedCode | -| app.js:34:30:34:58 | req.que ... tedCode | -| app.js:36:25:36:48 | req.que ... shSink1 | -| app.js:36:25:36:48 | req.que ... shSink1 | -| app.js:38:35:38:68 | req.que ... rString | -| app.js:38:35:38:68 | req.que ... rString | -| app.js:53:30:53:58 | req.que ... tedCode | -| app.js:53:30:53:58 | req.que ... tedCode | -| app.js:54:33:54:64 | req.que ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | -| app.js:56:25:56:48 | req.que ... shSink1 | -| app.js:56:25:56:48 | req.que ... shSink1 | -| app.js:58:35:58:68 | req.que ... rString | -| app.js:58:35:58:68 | req.que ... rString | -| app.js:59:38:59:74 | req.que ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | -| app.js:65:22:65:42 | req.que ... pedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | -| app.js:66:18:66:34 | req.query.rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | -| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | -| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | -| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | -| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | -| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | -| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | -| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | -| views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | -| views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | -| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | -| views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | -| views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | -| views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | -| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | -| views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | -| views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | -| views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | -| views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | -| views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | -| views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | -| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | edges | app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | -| app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | | app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | -| app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | -| app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | | app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | | app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | -| app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | -| app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | | app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | | app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | -| app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | -| app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | | app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | | app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:22:17:35 | backslashSink1 | | app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:22:17:35 | backslashSink1 | | app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | -| app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | | app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | | app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:9:2:19 | escapedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:9:2:19 | escapedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | | app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | | views/angularjs_include.ejs:2:9:2:19 | escapedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | | views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | | views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | | views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | | views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | | views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | | views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | | views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | | views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | | views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | | views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | | views/njk_sinks.njk:17:22:17:35 | backslashSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | | views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | | views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | -| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | +nodes +| app.js:15:30:15:58 | req.que ... tedCode | semmle.label | req.que ... tedCode | +| app.js:17:25:17:48 | req.que ... shSink1 | semmle.label | req.que ... shSink1 | +| app.js:19:35:19:68 | req.que ... rString | semmle.label | req.que ... rString | +| app.js:34:30:34:58 | req.que ... tedCode | semmle.label | req.que ... tedCode | +| app.js:36:25:36:48 | req.que ... shSink1 | semmle.label | req.que ... shSink1 | +| app.js:38:35:38:68 | req.que ... rString | semmle.label | req.que ... rString | +| app.js:53:30:53:58 | req.que ... tedCode | semmle.label | req.que ... tedCode | +| app.js:54:33:54:64 | req.que ... CodeRaw | semmle.label | req.que ... CodeRaw | +| app.js:56:25:56:48 | req.que ... shSink1 | semmle.label | req.que ... shSink1 | +| app.js:58:35:58:68 | req.que ... rString | semmle.label | req.que ... rString | +| app.js:59:38:59:74 | req.que ... ringRaw | semmle.label | req.que ... ringRaw | +| app.js:65:22:65:42 | req.que ... pedHtml | semmle.label | req.que ... pedHtml | +| app.js:66:18:66:34 | req.query.rawHtml | semmle.label | req.query.rawHtml | +| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | semmle.label | <%= escapedHtml %> | +| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | semmle.label | escapedHtml | +| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | semmle.label | <%- rawHtml %> | +| views/angularjs_include.ejs:3:9:3:15 | rawHtml | semmle.label | rawHtml | +| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | semmle.label | <%= escapedHtml %> | +| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | semmle.label | escapedHtml | +| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | semmle.label | <%- rawHtml %> | +| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | semmle.label | rawHtml | +| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | semmle.label | <%= dataInGeneratedCode %> | +| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | semmle.label | dataInGeneratedCode | +| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | semmle.label | <%= backslashSink1 %> | +| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | semmle.label | backslashSink1 | +| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | semmle.label | <%= dataInEventHandlerString %> | +| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | semmle.label | dataInE ... rString | +| views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | semmle.label | {{ dataInGeneratedCode }} | +| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | semmle.label | dataInGeneratedCode | +| views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | semmle.label | {{ backslashSink1 }} | +| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | semmle.label | backslashSink1 | +| views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | semmle.label | {{ dataInEventHandlerString }} | +| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | semmle.label | dataInE ... rString | +| views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | semmle.label | {{ dataInGeneratedCode }} | +| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | semmle.label | dataInGeneratedCode | +| views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | semmle.label | {{ dataInGeneratedCodeRaw \| safe }} | +| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | semmle.label | dataInG ... CodeRaw | +| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | semmle.label | dataInG ... \| safe | +| views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | semmle.label | {{ backslashSink1 }} | +| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | semmle.label | backslashSink1 | +| views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | semmle.label | {{ dataInEventHandlerString }} | +| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | semmle.label | dataInE ... rString | +| views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | semmle.label | {{ dataInEventHandlerStringRaw \| safe }} | +| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | semmle.label | dataInE ... ringRaw | +| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | semmle.label | dataInE ... \| safe | +subpaths #select | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | This AngularJS template, which may contain code, depends on a $@. | app.js:65:22:65:42 | req.que ... pedHtml | user-provided value | | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | This AngularJS template, which may contain code, depends on a $@. | app.js:66:18:66:34 | req.query.rawHtml | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected index 1193c5e33bce..10d2e8e6f186 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected @@ -1,335 +1,133 @@ -nodes -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:27:34:27:38 | taint | -| express.js:27:34:27:38 | taint | -| express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:43:15:43:19 | taint | -| express.js:43:15:43:19 | taint | -| express.js:49:30:49:32 | msg | -| express.js:49:30:49:32 | msg | -| express.js:50:10:50:12 | msg | -| express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| template-sinks.js:18:9:18:31 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:31:18:31:23 | source | -| tst.js:31:18:31:23 | source | -| tst.js:33:14:33:19 | source | -| tst.js:33:14:33:19 | source | -| tst.js:35:28:35:33 | source | -| tst.js:35:28:35:33 | source | -| tst.js:37:33:37:38 | source | -| tst.js:37:33:37:38 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | edges | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | | express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | | express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | | express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | | express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | | express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | | express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | | express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | | express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | | react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | | react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | | react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | | tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | | tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | | tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | | tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | | tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | | tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | | tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | | tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | | tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | | tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | | tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash | +nodes +| NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query | +| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | semmle.label | req.body | +| actions.js:4:10:4:50 | github. ... message | semmle.label | github. ... message | +| angularjs.js:10:22:10:36 | location.search | semmle.label | location.search | +| angularjs.js:13:23:13:37 | location.search | semmle.label | location.search | +| angularjs.js:16:28:16:42 | location.search | semmle.label | location.search | +| angularjs.js:19:22:19:36 | location.search | semmle.label | location.search | +| angularjs.js:22:27:22:41 | location.search | semmle.label | location.search | +| angularjs.js:25:23:25:37 | location.search | semmle.label | location.search | +| angularjs.js:28:33:28:47 | location.search | semmle.label | location.search | +| angularjs.js:31:28:31:42 | location.search | semmle.label | location.search | +| angularjs.js:34:18:34:32 | location.search | semmle.label | location.search | +| angularjs.js:40:18:40:32 | location.search | semmle.label | location.search | +| angularjs.js:44:17:44:31 | location.search | semmle.label | location.search | +| angularjs.js:47:16:47:30 | location.search | semmle.label | location.search | +| angularjs.js:50:22:50:36 | location.search | semmle.label | location.search | +| angularjs.js:53:32:53:46 | location.search | semmle.label | location.search | +| express.js:7:24:7:69 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:7:44:7:62 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:9:34:9:79 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:9:54:9:72 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:12:8:12:53 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:12:28:12:46 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:15:22:15:54 | req.par ... ction") | semmle.label | req.par ... ction") | +| express.js:17:30:17:53 | req.par ... cript") | semmle.label | req.par ... cript") | +| express.js:19:37:19:70 | req.par ... odule") | semmle.label | req.par ... odule") | +| express.js:21:19:21:48 | req.par ... ntext") | semmle.label | req.par ... ntext") | +| express.js:26:9:26:35 | taint | semmle.label | taint | +| express.js:26:17:26:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:27:34:27:38 | taint | semmle.label | taint | +| express.js:34:9:34:35 | taint | semmle.label | taint | +| express.js:34:17:34:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:43:15:43:19 | taint | semmle.label | taint | +| express.js:49:30:49:32 | msg | semmle.label | msg | +| express.js:50:10:50:12 | msg | semmle.label | msg | +| module.js:9:16:9:29 | req.query.code | semmle.label | req.query.code | +| module.js:11:17:11:30 | req.query.code | semmle.label | req.query.code | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:32:8:38 | tainted | semmle.label | tainted | +| react-native.js:10:23:10:29 | tainted | semmle.label | tainted | +| react.js:10:56:10:77 | documen ... on.hash | semmle.label | documen ... on.hash | +| template-sinks.js:18:9:18:31 | tainted | semmle.label | tainted | +| template-sinks.js:18:19:18:31 | req.query.foo | semmle.label | req.query.foo | +| template-sinks.js:20:17:20:23 | tainted | semmle.label | tainted | +| template-sinks.js:21:16:21:22 | tainted | semmle.label | tainted | +| template-sinks.js:22:18:22:24 | tainted | semmle.label | tainted | +| template-sinks.js:23:17:23:23 | tainted | semmle.label | tainted | +| template-sinks.js:24:18:24:24 | tainted | semmle.label | tainted | +| template-sinks.js:25:16:25:22 | tainted | semmle.label | tainted | +| template-sinks.js:26:27:26:33 | tainted | semmle.label | tainted | +| template-sinks.js:27:21:27:27 | tainted | semmle.label | tainted | +| template-sinks.js:28:17:28:23 | tainted | semmle.label | tainted | +| template-sinks.js:29:24:29:30 | tainted | semmle.label | tainted | +| template-sinks.js:30:21:30:27 | tainted | semmle.label | tainted | +| template-sinks.js:31:19:31:25 | tainted | semmle.label | tainted | +| template-sinks.js:32:16:32:22 | tainted | semmle.label | tainted | +| template-sinks.js:33:17:33:23 | tainted | semmle.label | tainted | +| tst.js:2:6:2:27 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:2:6:2:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:5:12:5:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:14:10:14:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:14:10:14:74 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:17:21:17:42 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:20:30:20:51 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:6:23:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) | +| tst.js:23:11:23:32 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:11:23:45 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst.js:26:26:26:40 | location.search | semmle.label | location.search | +| tst.js:26:26:26:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) | +| tst.js:29:9:29:82 | source | semmle.label | source | +| tst.js:29:18:29:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:29:18:29:82 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:31:18:31:23 | source | semmle.label | source | +| tst.js:33:14:33:19 | source | semmle.label | source | +| tst.js:35:28:35:33 | source | semmle.label | source | +| tst.js:37:33:37:38 | source | semmle.label | source | +| webix/webix.html:3:16:3:37 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:4:26:4:47 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:5:47:5:68 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:4:22:4:43 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:5:43:5:64 | documen ... on.hash | semmle.label | documen ... on.hash | +subpaths #select | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | This code execution depends on a $@. | NoSQLCodeInjection.js:18:24:18:31 | req.body | user-provided value | | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value | From 65e9706c8e6e9e423eb43a1ddb4ac326bbcb8172 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:22:38 +0200 Subject: [PATCH 045/223] JS: Port TaintedPath --- .../dataflow/TaintedPathCustomizations.qll | 57 +- .../security/dataflow/TaintedPathQuery.qll | 41 +- .../ql/src/Security/CWE-022/TaintedPath.ql | 6 +- .../CWE-022/TaintedPath/Consistency.ql | 6 + .../CWE-022/TaintedPath/TaintedPath.expected | 10444 +--------------- .../CWE-022/TaintedPath/other-fs-libraries.js | 4 + .../CWE-022/TaintedPath/sharedlib-repro.js | 35 + .../TaintedPath/tainted-promise-steps.js | 15 + 8 files changed, 667 insertions(+), 9941 deletions(-) create mode 100644 javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js create mode 100644 javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll index cd1bb80fce4c..77227841c42d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll @@ -31,7 +31,28 @@ module TaintedPath { /** * A barrier guard for tainted-path vulnerabilities. */ - abstract class BarrierGuardNode extends DataFlow::LabeledBarrierGuardNode { } + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + + deprecated class BarrierGuardNode = BarrierGuard; module Label { /** @@ -345,10 +366,10 @@ module TaintedPath { * * This is relevant for paths that are known to be normalized. */ - class StartsWithDotDotSanitizer extends BarrierGuardNode instanceof StringOps::StartsWith { + class StartsWithDotDotSanitizer extends BarrierGuard instanceof StringOps::StartsWith { StartsWithDotDotSanitizer() { isDotDotSlashPrefix(super.getSubstring()) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { // Sanitize in the false case for: // .startsWith(".") // .startsWith("..") @@ -365,12 +386,12 @@ module TaintedPath { /** * A check of the form `whitelist.includes(x)` or equivalent, which sanitizes `x` in its "then" branch. */ - class MembershipTestBarrierGuard extends BarrierGuardNode { + class MembershipTestBarrierGuard extends BarrierGuard { MembershipCandidate candidate; MembershipTestBarrierGuard() { this = candidate.getTest() } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { candidate = e.flow() and candidate.getTestPolarity() = outcome } @@ -380,7 +401,7 @@ module TaintedPath { * A check of form `x.startsWith(dir)` that sanitizes normalized absolute paths, since it is then * known to be in a subdirectory of `dir`. */ - class StartsWithDirSanitizer extends BarrierGuardNode { + class StartsWithDirSanitizer extends BarrierGuard { StringOps::StartsWith startsWith; StartsWithDirSanitizer() { @@ -390,7 +411,7 @@ module TaintedPath { not startsWith.getSubstring().getStringValue() = "/" } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { outcome = startsWith.getPolarity() and e = startsWith.getBaseString().asExpr() and exists(Label::PosixPath posixPath | posixPath = label | @@ -404,7 +425,7 @@ module TaintedPath { * A call to `path.isAbsolute` as a sanitizer for relative paths in true branch, * and a sanitizer for absolute paths in the false branch. */ - class IsAbsoluteSanitizer extends BarrierGuardNode { + class IsAbsoluteSanitizer extends BarrierGuard { DataFlow::Node operand; boolean polarity; boolean negatable; @@ -425,7 +446,7 @@ module TaintedPath { ) // !x.startsWith("/home") does not guarantee that x is not absolute } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = operand.asExpr() and exists(Label::PosixPath posixPath | posixPath = label | outcome = polarity and posixPath.isRelative() @@ -440,10 +461,10 @@ module TaintedPath { /** * An expression of form `x.includes("..")` or similar. */ - class ContainsDotDotSanitizer extends BarrierGuardNode instanceof StringOps::Includes { + class ContainsDotDotSanitizer extends BarrierGuard instanceof StringOps::Includes { ContainsDotDotSanitizer() { isDotDotSlashPrefix(super.getSubstring()) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = super.getBaseString().asExpr() and outcome = super.getPolarity().booleanNot() and label.(Label::PosixPath).canContainDotDotSlash() // can still be bypassed by normalized absolute path @@ -453,10 +474,10 @@ module TaintedPath { /** * An expression of form `x.matches(/\.\./)` or similar. */ - class ContainsDotDotRegExpSanitizer extends BarrierGuardNode instanceof StringOps::RegExpTest { + class ContainsDotDotRegExpSanitizer extends BarrierGuard instanceof StringOps::RegExpTest { ContainsDotDotRegExpSanitizer() { super.getRegExp().getAMatchedString() = [".", "..", "../"] } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = super.getStringOperand().asExpr() and outcome = super.getPolarity().booleanNot() and label.(Label::PosixPath).canContainDotDotSlash() // can still be bypassed by normalized absolute path @@ -484,7 +505,7 @@ module TaintedPath { * } * ``` */ - class RelativePathStartsWithSanitizer extends BarrierGuardNode { + class RelativePathStartsWithSanitizer extends BarrierGuard { StringOps::StartsWith startsWith; DataFlow::CallNode pathCall; string member; @@ -506,7 +527,7 @@ module TaintedPath { (not member = "relative" or isDotDotSlashPrefix(startsWith.getSubstring())) } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { member = "relative" and e = this.maybeGetPathSuffix(pathCall.getArgument(1)).asExpr() and outcome = startsWith.getPolarity().booleanNot() @@ -542,7 +563,7 @@ module TaintedPath { * An expression of form `isInside(x, y)` or similar, where `isInside` is * a library check for the relation between `x` and `y`. */ - class IsInsideCheckSanitizer extends BarrierGuardNode { + class IsInsideCheckSanitizer extends BarrierGuard { DataFlow::Node checked; boolean onlyNormalizedAbsolutePaths; @@ -558,7 +579,7 @@ module TaintedPath { ) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { ( onlyNormalizedAbsolutePaths = true and label.(Label::PosixPath).isNormalized() and @@ -750,8 +771,6 @@ module TaintedPath { ) ) or - TaintTracking::promiseStep(src, dst) and srclabel = dstlabel - or TaintTracking::persistentStorageStep(src, dst) and srclabel = dstlabel or exists(DataFlow::PropRead read | read = dst | diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll index 914c63543f56..365a784bd9d8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll @@ -8,7 +8,7 @@ */ import javascript -import TaintedPathCustomizations::TaintedPath +private import TaintedPathCustomizations::TaintedPath // Materialize flow labels private class ConcretePosixPath extends Label::PosixPath { @@ -22,7 +22,44 @@ private class ConcreteSplitPath extends Label::SplitPath { /** * A taint-tracking configuration for reasoning about tainted-path vulnerabilities. */ -class Configuration extends DataFlow::Configuration { +module TaintedPathConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel state) { + state = source.(Source).getAFlowLabel() + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel state) { + state = sink.(Sink).getAFlowLabel() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node instanceof Sanitizer and exists(label) + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) + } + + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 + ) { + isAdditionalTaintedPathFlowStep(node1, node2, state1, state2) + } +} + +/** + * Taint-tracking for reasoning about tainted-path vulnerabilities. + */ +module TaintedPathFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `TaintedPathFlow` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { Configuration() { this = "TaintedPath" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/src/Security/CWE-022/TaintedPath.ql b/javascript/ql/src/Security/CWE-022/TaintedPath.ql index e3ea395c4801..b5864519932f 100644 --- a/javascript/ql/src/Security/CWE-022/TaintedPath.ql +++ b/javascript/ql/src/Security/CWE-022/TaintedPath.ql @@ -17,9 +17,9 @@ import javascript import semmle.javascript.security.dataflow.TaintedPathQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where TaintedPathFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql index d5230981801c..fae97fdf6d02 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql @@ -1,3 +1,9 @@ import javascript import semmle.javascript.security.dataflow.TaintedPathQuery import testUtilities.ConsistencyChecking + +class TaintedPathConsistency extends ConsistencyConfiguration { + TaintedPathConsistency() { this = "TaintedPathConsistency" } + + override DataFlow::Node getAnAlert() { TaintedPathFlow::flowTo(result) } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 2d1692dce00e..66decf408d29 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -1,10305 +1,911 @@ nodes -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:24:6:27 | name | -| torrents.js:6:24:6:27 | name | -| torrents.js:6:24:6:27 | name | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | +| TaintedPath-es6.js:7:7:7:44 | path | semmle.label | path | +| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | semmle.label | parse(req.url, true) | +| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | semmle.label | parse(r ... ).query | +| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | semmle.label | parse(r ... ry.path | +| TaintedPath-es6.js:7:20:7:26 | req.url | semmle.label | req.url | +| TaintedPath-es6.js:10:26:10:45 | join("public", path) | semmle.label | join("public", path) | +| TaintedPath-es6.js:10:41:10:44 | path | semmle.label | path | +| TaintedPath.js:9:7:9:48 | path | semmle.label | path | +| TaintedPath.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:9:24:9:30 | req.url | semmle.label | req.url | +| TaintedPath.js:12:29:12:32 | path | semmle.label | path | +| TaintedPath.js:15:29:15:48 | "/home/user/" + path | semmle.label | "/home/user/" + path | +| TaintedPath.js:15:45:15:48 | path | semmle.label | path | +| TaintedPath.js:18:33:18:36 | path | semmle.label | path | +| TaintedPath.js:21:33:21:36 | path | semmle.label | path | +| TaintedPath.js:24:33:24:36 | path | semmle.label | path | +| TaintedPath.js:33:31:33:34 | path | semmle.label | path | +| TaintedPath.js:38:3:38:44 | path | semmle.label | path | +| TaintedPath.js:38:10:38:33 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:38:10:38:39 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:38:10:38:44 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:38:20:38:26 | req.url | semmle.label | req.url | +| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:42:48:42:51 | path | semmle.label | path | +| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | semmle.label | pathMod ... n(path) | +| TaintedPath.js:46:45:46:48 | path | semmle.label | path | +| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) | +| TaintedPath.js:48:51:48:54 | path | semmle.label | path | +| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:50:50:50:53 | path | semmle.label | path | +| TaintedPath.js:52:29:52:56 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| TaintedPath.js:52:52:52:55 | path | semmle.label | path | +| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | semmle.label | pathMod ... ath, x) | +| TaintedPath.js:54:49:54:52 | path | semmle.label | path | +| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:56:48:56:51 | path | semmle.label | path | +| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) | +| TaintedPath.js:58:54:58:57 | path | semmle.label | path | +| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | semmle.label | pathMod ... h(path) | +| TaintedPath.js:60:57:60:60 | path | semmle.label | path | +| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | semmle.label | Cookie.get("unsafe") | +| TaintedPath.js:77:31:77:70 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:77:31:77:76 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:77:63:77:69 | req.url | semmle.label | req.url | +| TaintedPath.js:78:31:78:68 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:78:31:78:74 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:78:61:78:67 | req.url | semmle.label | req.url | +| TaintedPath.js:79:31:79:67 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:79:31:79:73 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:79:60:79:66 | req.url | semmle.label | req.url | +| TaintedPath.js:87:48:87:60 | req.params[0] | semmle.label | req.params[0] | +| TaintedPath.js:95:30:95:31 | ev | semmle.label | ev | +| TaintedPath.js:96:24:96:25 | ev | semmle.label | ev | +| TaintedPath.js:96:24:96:30 | ev.data | semmle.label | ev.data | +| TaintedPath.js:100:6:100:47 | path | semmle.label | path | +| TaintedPath.js:100:13:100:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:100:13:100:42 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:100:13:100:47 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:100:23:100:29 | req.url | semmle.label | req.url | +| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | semmle.label | fs.real ... c(path) | +| TaintedPath.js:102:44:102:47 | path | semmle.label | path | +| TaintedPath.js:103:14:103:17 | path | semmle.label | path | +| TaintedPath.js:104:32:104:39 | realpath | semmle.label | realpath | +| TaintedPath.js:105:45:105:52 | realpath | semmle.label | realpath | +| TaintedPath.js:136:6:136:47 | path | semmle.label | path | +| TaintedPath.js:136:13:136:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:136:13:136:42 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:136:13:136:47 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:136:23:136:29 | req.url | semmle.label | req.url | +| TaintedPath.js:138:23:138:26 | path | semmle.label | path | +| TaintedPath.js:142:7:142:48 | path | semmle.label | path | +| TaintedPath.js:142:14:142:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:142:14:142:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:142:14:142:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:142:24:142:30 | req.url | semmle.label | req.url | +| TaintedPath.js:144:19:144:22 | path | semmle.label | path | +| TaintedPath.js:146:7:146:29 | split | semmle.label | split | +| TaintedPath.js:146:15:146:18 | path | semmle.label | path | +| TaintedPath.js:146:15:146:29 | path.split("/") | semmle.label | path.split("/") | +| TaintedPath.js:148:19:148:23 | split | semmle.label | split | +| TaintedPath.js:148:19:148:33 | split.join("/") | semmle.label | split.join("/") | +| TaintedPath.js:152:19:152:23 | split | semmle.label | split | +| TaintedPath.js:152:19:152:26 | split[x] | semmle.label | split[x] | +| TaintedPath.js:153:19:153:35 | prefix + split[x] | semmle.label | prefix + split[x] | +| TaintedPath.js:153:28:153:32 | split | semmle.label | split | +| TaintedPath.js:153:28:153:35 | split[x] | semmle.label | split[x] | +| TaintedPath.js:155:7:155:38 | concatted | semmle.label | concatted | +| TaintedPath.js:155:19:155:38 | prefix.concat(split) | semmle.label | prefix.concat(split) | +| TaintedPath.js:155:33:155:37 | split | semmle.label | split | +| TaintedPath.js:156:19:156:27 | concatted | semmle.label | concatted | +| TaintedPath.js:156:19:156:37 | concatted.join("/") | semmle.label | concatted.join("/") | +| TaintedPath.js:158:7:158:39 | concatted2 | semmle.label | concatted2 | +| TaintedPath.js:158:20:158:24 | split | semmle.label | split | +| TaintedPath.js:158:20:158:39 | split.concat(prefix) | semmle.label | split.concat(prefix) | +| TaintedPath.js:159:19:159:28 | concatted2 | semmle.label | concatted2 | +| TaintedPath.js:159:19:159:38 | concatted2.join("/") | semmle.label | concatted2.join("/") | +| TaintedPath.js:161:19:161:23 | split | semmle.label | split | +| TaintedPath.js:161:19:161:29 | split.pop() | semmle.label | split.pop() | +| TaintedPath.js:166:7:166:48 | path | semmle.label | path | +| TaintedPath.js:166:14:166:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:166:14:166:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:166:14:166:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:166:24:166:30 | req.url | semmle.label | req.url | +| TaintedPath.js:170:29:170:32 | path | semmle.label | path | +| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:176:29:176:32 | path | semmle.label | path | +| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:177:29:177:32 | path | semmle.label | path | +| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:178:29:178:32 | path | semmle.label | path | +| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:179:29:179:32 | path | semmle.label | path | +| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | semmle.label | "prefix ... +/, '') | +| TaintedPath.js:194:40:194:43 | path | semmle.label | path | +| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | semmle.label | path.re ... +/, '') | +| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | semmle.label | pathMod ... +/, '') | +| TaintedPath.js:195:50:195:53 | path | semmle.label | path | +| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | semmle.label | qs.parse(req.url) | +| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | semmle.label | qs.pars ... rl).foo | +| TaintedPath.js:203:38:203:44 | req.url | semmle.label | req.url | +| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | semmle.label | qs.pars ... q.url)) | +| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | semmle.label | qs.pars ... l)).foo | +| TaintedPath.js:204:38:204:58 | normali ... eq.url) | semmle.label | normali ... eq.url) | +| TaintedPath.js:204:51:204:57 | req.url | semmle.label | req.url | +| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | semmle.label | parseqs ... eq.url) | +| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | semmle.label | parseqs ... rl).foo | +| TaintedPath.js:206:44:206:50 | req.url | semmle.label | req.url | +| TaintedPath.js:211:7:211:48 | path | semmle.label | path | +| TaintedPath.js:211:14:211:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:211:14:211:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:211:14:211:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:211:24:211:30 | req.url | semmle.label | req.url | +| TaintedPath.js:212:31:212:34 | path | semmle.label | path | +| TaintedPath.js:213:45:213:48 | path | semmle.label | path | +| TaintedPath.js:214:35:214:38 | path | semmle.label | path | +| express.js:8:20:8:32 | req.query.bar | semmle.label | req.query.bar | +| handlebars.js:10:51:10:58 | filePath | semmle.label | filePath | +| handlebars.js:11:32:11:39 | filePath | semmle.label | filePath | +| handlebars.js:13:73:13:80 | filePath | semmle.label | filePath | +| handlebars.js:15:25:15:32 | filePath | semmle.label | filePath | +| handlebars.js:29:46:29:60 | req.params.path | semmle.label | req.params.path | +| handlebars.js:43:15:43:29 | req.params.path | semmle.label | req.params.path | +| normalizedPaths.js:11:7:11:27 | path | semmle.label | path | +| normalizedPaths.js:11:14:11:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:13:19:13:22 | path | semmle.label | path | +| normalizedPaths.js:14:19:14:29 | './' + path | semmle.label | './' + path | +| normalizedPaths.js:14:26:14:29 | path | semmle.label | path | +| normalizedPaths.js:15:19:15:22 | path | semmle.label | path | +| normalizedPaths.js:15:19:15:38 | path + '/index.html' | semmle.label | path + '/index.html' | +| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:16:35:16:38 | path | semmle.label | path | +| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:17:53:17:56 | path | semmle.label | path | +| normalizedPaths.js:21:7:21:49 | path | semmle.label | path | +| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:21:35:21:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:23:19:23:22 | path | semmle.label | path | +| normalizedPaths.js:24:19:24:29 | './' + path | semmle.label | './' + path | +| normalizedPaths.js:24:26:24:29 | path | semmle.label | path | +| normalizedPaths.js:25:19:25:22 | path | semmle.label | path | +| normalizedPaths.js:25:19:25:38 | path + '/index.html' | semmle.label | path + '/index.html' | +| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:26:35:26:38 | path | semmle.label | path | +| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:27:53:27:56 | path | semmle.label | path | +| normalizedPaths.js:31:7:31:49 | path | semmle.label | path | +| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:31:35:31:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:36:19:36:22 | path | semmle.label | path | +| normalizedPaths.js:41:21:41:24 | path | semmle.label | path | +| normalizedPaths.js:54:7:54:49 | path | semmle.label | path | +| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:54:35:54:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:59:19:59:22 | path | semmle.label | path | +| normalizedPaths.js:63:19:63:22 | path | semmle.label | path | +| normalizedPaths.js:63:19:63:38 | path + "/index.html" | semmle.label | path + "/index.html" | +| normalizedPaths.js:68:21:68:24 | path | semmle.label | path | +| normalizedPaths.js:73:7:73:56 | path | semmle.label | path | +| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | semmle.label | './' + ... ry.path | +| normalizedPaths.js:73:42:73:55 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:78:22:78:25 | path | semmle.label | path | +| normalizedPaths.js:82:7:82:27 | path | semmle.label | path | +| normalizedPaths.js:82:14:82:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:87:29:87:32 | path | semmle.label | path | +| normalizedPaths.js:90:31:90:34 | path | semmle.label | path | +| normalizedPaths.js:94:7:94:49 | path | semmle.label | path | +| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:94:35:94:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:99:29:99:32 | path | semmle.label | path | +| normalizedPaths.js:117:7:117:44 | path | semmle.label | path | +| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | semmle.label | fs.real ... y.path) | +| normalizedPaths.js:117:30:117:43 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:119:19:119:22 | path | semmle.label | path | +| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:120:35:120:38 | path | semmle.label | path | +| normalizedPaths.js:130:7:130:49 | path | semmle.label | path | +| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:130:35:130:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:135:21:135:24 | path | semmle.label | path | +| normalizedPaths.js:139:7:139:62 | path | semmle.label | path | +| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:139:48:139:61 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:144:21:144:24 | path | semmle.label | path | +| normalizedPaths.js:148:7:148:58 | path | semmle.label | path | +| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | semmle.label | 'foo/' ... y.path) | +| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:148:44:148:57 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:151:21:151:24 | path | semmle.label | path | +| normalizedPaths.js:153:21:153:24 | path | semmle.label | path | +| normalizedPaths.js:160:7:160:49 | path | semmle.label | path | +| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:160:35:160:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:165:19:165:22 | path | semmle.label | path | +| normalizedPaths.js:170:21:170:24 | path | semmle.label | path | +| normalizedPaths.js:174:7:174:27 | path | semmle.label | path | +| normalizedPaths.js:174:14:174:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:184:19:184:22 | path | semmle.label | path | +| normalizedPaths.js:187:21:187:24 | path | semmle.label | path | +| normalizedPaths.js:189:21:189:24 | path | semmle.label | path | +| normalizedPaths.js:192:21:192:24 | path | semmle.label | path | +| normalizedPaths.js:194:21:194:24 | path | semmle.label | path | +| normalizedPaths.js:199:21:199:24 | path | semmle.label | path | +| normalizedPaths.js:201:7:201:49 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:201:45:201:48 | path | semmle.label | path | +| normalizedPaths.js:205:21:205:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:208:21:208:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:210:21:210:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:214:7:214:49 | path | semmle.label | path | +| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:214:35:214:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:219:3:219:33 | path | semmle.label | path | +| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | semmle.label | decodeU ... t(path) | +| normalizedPaths.js:219:29:219:32 | path | semmle.label | path | +| normalizedPaths.js:222:21:222:24 | path | semmle.label | path | +| normalizedPaths.js:226:7:226:70 | path | semmle.label | path | +| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | semmle.label | pathMod ... g, ' ') | +| normalizedPaths.js:226:35:226:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:228:21:228:24 | path | semmle.label | path | +| normalizedPaths.js:236:7:236:47 | path | semmle.label | path | +| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:236:33:236:46 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:238:19:238:22 | path | semmle.label | path | +| normalizedPaths.js:245:21:245:24 | path | semmle.label | path | +| normalizedPaths.js:250:21:250:24 | path | semmle.label | path | +| normalizedPaths.js:254:7:254:47 | path | semmle.label | path | +| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:254:33:254:46 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:256:19:256:22 | path | semmle.label | path | +| normalizedPaths.js:262:21:262:24 | path | semmle.label | path | +| normalizedPaths.js:267:7:267:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:267:38:267:41 | path | semmle.label | path | +| normalizedPaths.js:270:21:270:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:275:7:275:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:275:38:275:41 | path | semmle.label | path | +| normalizedPaths.js:278:21:278:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:283:7:283:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:283:38:283:41 | path | semmle.label | path | +| normalizedPaths.js:286:21:286:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:291:7:291:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:291:38:291:41 | path | semmle.label | path | +| normalizedPaths.js:296:21:296:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:303:6:303:26 | path | semmle.label | path | +| normalizedPaths.js:303:13:303:26 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:304:18:304:21 | path | semmle.label | path | +| normalizedPaths.js:309:19:309:22 | path | semmle.label | path | +| normalizedPaths.js:313:19:313:22 | path | semmle.label | path | +| normalizedPaths.js:316:19:316:22 | path | semmle.label | path | +| normalizedPaths.js:320:6:320:49 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:320:45:320:48 | path | semmle.label | path | +| normalizedPaths.js:325:19:325:32 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:332:19:332:32 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:339:6:339:46 | path | semmle.label | path | +| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:339:32:339:45 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:341:18:341:21 | path | semmle.label | path | +| normalizedPaths.js:346:19:346:22 | path | semmle.label | path | +| normalizedPaths.js:354:7:354:27 | path | semmle.label | path | +| normalizedPaths.js:354:14:354:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:356:19:356:22 | path | semmle.label | path | +| normalizedPaths.js:358:7:358:51 | requestPath | semmle.label | requestPath | +| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:358:47:358:50 | path | semmle.label | path | +| normalizedPaths.js:363:21:363:31 | requestPath | semmle.label | requestPath | +| normalizedPaths.js:377:7:377:27 | path | semmle.label | path | +| normalizedPaths.js:377:14:377:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:379:19:379:22 | path | semmle.label | path | +| normalizedPaths.js:381:19:381:29 | slash(path) | semmle.label | slash(path) | +| normalizedPaths.js:381:25:381:28 | path | semmle.label | path | +| normalizedPaths.js:385:7:385:46 | path | semmle.label | path | +| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) | +| normalizedPaths.js:385:35:385:45 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:388:19:388:22 | path | semmle.label | path | +| normalizedPaths.js:399:21:399:24 | path | semmle.label | path | +| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) | +| normalizedPaths.js:407:45:407:55 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | semmle.label | req.que ... it('/') | +| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) | +| normalizedPaths.js:408:38:408:48 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | semmle.label | req.que ... it('/') | +| other-fs-libraries.js:9:7:9:48 | path | semmle.label | path | +| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:9:24:9:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:11:19:11:22 | path | semmle.label | path | +| other-fs-libraries.js:12:27:12:30 | path | semmle.label | path | +| other-fs-libraries.js:13:24:13:27 | path | semmle.label | path | +| other-fs-libraries.js:14:27:14:30 | path | semmle.label | path | +| other-fs-libraries.js:16:34:16:37 | path | semmle.label | path | +| other-fs-libraries.js:17:35:17:38 | path | semmle.label | path | +| other-fs-libraries.js:19:56:19:59 | path | semmle.label | path | +| other-fs-libraries.js:24:35:24:38 | path | semmle.label | path | +| other-fs-libraries.js:38:7:38:48 | path | semmle.label | path | +| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:38:24:38:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:40:35:40:38 | path | semmle.label | path | +| other-fs-libraries.js:41:50:41:53 | path | semmle.label | path | +| other-fs-libraries.js:42:53:42:56 | path | semmle.label | path | +| other-fs-libraries.js:49:7:49:48 | path | semmle.label | path | +| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:49:24:49:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:51:19:51:22 | path | semmle.label | path | +| other-fs-libraries.js:52:24:52:27 | path | semmle.label | path | +| other-fs-libraries.js:54:36:54:39 | path | semmle.label | path | +| other-fs-libraries.js:55:36:55:39 | path | semmle.label | path | +| other-fs-libraries.js:57:46:57:49 | path | semmle.label | path | +| other-fs-libraries.js:59:39:59:42 | path | semmle.label | path | +| other-fs-libraries.js:62:43:62:46 | path | semmle.label | path | +| other-fs-libraries.js:63:51:63:54 | path | semmle.label | path | +| other-fs-libraries.js:68:7:68:48 | path | semmle.label | path | +| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:68:24:68:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:70:19:70:22 | path | semmle.label | path | +| other-fs-libraries.js:71:10:71:13 | path | semmle.label | path | +| other-fs-libraries.js:72:15:72:18 | path | semmle.label | path | +| other-fs-libraries.js:73:8:73:11 | path | semmle.label | path | +| other-fs-libraries.js:75:15:75:15 | x | semmle.label | x | +| other-fs-libraries.js:76:19:76:19 | x | semmle.label | x | +| other-fs-libraries.js:81:7:81:48 | path | semmle.label | path | +| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:81:24:81:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:83:16:83:19 | path | semmle.label | path | +| prettier.js:6:11:6:28 | p | semmle.label | p | +| prettier.js:6:13:6:13 | p | semmle.label | p | +| prettier.js:7:28:7:28 | p | semmle.label | p | +| prettier.js:11:44:11:44 | p | semmle.label | p | +| pupeteer.js:5:9:5:71 | tainted | semmle.label | tainted | +| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | semmle.label | "dir/" ... t.data" | +| pupeteer.js:5:28:5:53 | parseTo ... t).name | semmle.label | parseTo ... t).name | +| pupeteer.js:9:28:9:34 | tainted | semmle.label | tainted | +| pupeteer.js:13:37:13:43 | tainted | semmle.label | tainted | +| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | semmle.label | req.par ... spaceId | +| sharedlib-repro.js:21:27:21:34 | filepath | semmle.label | filepath | +| sharedlib-repro.js:22:18:22:25 | filepath | semmle.label | filepath | +| tainted-access-paths.js:6:7:6:48 | path | semmle.label | path | +| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:8:19:8:22 | path | semmle.label | path | +| tainted-access-paths.js:10:7:10:36 | obj | semmle.label | obj | +| tainted-access-paths.js:10:33:10:36 | path | semmle.label | path | +| tainted-access-paths.js:12:19:12:21 | obj | semmle.label | obj | +| tainted-access-paths.js:12:19:12:25 | obj.sub | semmle.label | obj.sub | +| tainted-access-paths.js:26:19:26:21 | obj | semmle.label | obj | +| tainted-access-paths.js:26:19:26:26 | obj.sub3 | semmle.label | obj.sub3 | +| tainted-access-paths.js:29:21:29:23 | obj | semmle.label | obj | +| tainted-access-paths.js:29:21:29:28 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:30:23:30:25 | obj | semmle.label | obj | +| tainted-access-paths.js:30:23:30:30 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:31:23:31:25 | obj | semmle.label | obj | +| tainted-access-paths.js:31:23:31:30 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:39:7:39:48 | path | semmle.label | path | +| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:39:24:39:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:40:23:40:26 | path | semmle.label | path | +| tainted-access-paths.js:48:7:48:48 | path | semmle.label | path | +| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:48:24:48:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:49:10:49:13 | path | semmle.label | path | +| tainted-promise-steps.js:6:7:6:48 | path | semmle.label | path | +| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-promise-steps.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | semmle.label | Promise ... e(path) [PromiseValue] | +| tainted-promise-steps.js:7:26:7:29 | path | semmle.label | path | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:11:19:11:35 | await pathPromise | semmle.label | await pathPromise | +| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:12:20:12:23 | path | semmle.label | path | +| tainted-promise-steps.js:12:44:12:47 | path | semmle.label | path | +| tainted-require.js:7:19:7:37 | req.param("module") | semmle.label | req.param("module") | +| tainted-require.js:12:29:12:47 | req.param("module") | semmle.label | req.param("module") | +| tainted-require.js:14:11:14:29 | req.param("module") | semmle.label | req.param("module") | +| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | semmle.label | req.param("gimme") | +| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | semmle.label | req.param("gimme") | +| tainted-sendFile.js:18:43:18:58 | req.param("dir") | semmle.label | req.param("dir") | +| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | semmle.label | path.re ... rams.x) | +| tainted-sendFile.js:24:37:24:48 | req.params.x | semmle.label | req.params.x | +| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) | +| tainted-sendFile.js:25:34:25:45 | req.params.x | semmle.label | req.params.x | +| tainted-string-steps.js:6:7:6:48 | path | semmle.label | path | +| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-string-steps.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-string-steps.js:8:18:8:21 | path | semmle.label | path | +| tainted-string-steps.js:8:18:8:34 | path.substring(4) | semmle.label | path.substring(4) | +| tainted-string-steps.js:9:18:9:21 | path | semmle.label | path | +| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | semmle.label | path.substring(0, i) | +| tainted-string-steps.js:10:18:10:21 | path | semmle.label | path | +| tainted-string-steps.js:10:18:10:31 | path.substr(4) | semmle.label | path.substr(4) | +| tainted-string-steps.js:11:18:11:21 | path | semmle.label | path | +| tainted-string-steps.js:11:18:11:30 | path.slice(4) | semmle.label | path.slice(4) | +| tainted-string-steps.js:13:18:13:21 | path | semmle.label | path | +| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | semmle.label | path.concat(unknown) | +| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | semmle.label | unknown.concat(path) | +| tainted-string-steps.js:14:33:14:36 | path | semmle.label | path | +| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | semmle.label | unknown ... , path) | +| tainted-string-steps.js:15:42:15:45 | path | semmle.label | path | +| tainted-string-steps.js:17:18:17:21 | path | semmle.label | path | +| tainted-string-steps.js:17:18:17:28 | path.trim() | semmle.label | path.trim() | +| tainted-string-steps.js:18:18:18:21 | path | semmle.label | path | +| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | semmle.label | path.toLowerCase() | +| tainted-string-steps.js:22:18:22:21 | path | semmle.label | path | +| tainted-string-steps.js:22:18:22:32 | path.split('/') | semmle.label | path.split('/') | +| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | semmle.label | path.split('/')[i] | +| tainted-string-steps.js:23:18:23:21 | path | semmle.label | path | +| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | semmle.label | path.split(/\\//) | +| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | semmle.label | path.split(/\\//)[i] | +| tainted-string-steps.js:24:18:24:21 | path | semmle.label | path | +| tainted-string-steps.js:24:18:24:32 | path.split("?") | semmle.label | path.split("?") | +| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | semmle.label | path.split("?")[0] | +| tainted-string-steps.js:26:18:26:21 | path | semmle.label | path | +| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | semmle.label | path.split(unknown) | +| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | semmle.label | path.sp ... hatever | +| tainted-string-steps.js:27:18:27:21 | path | semmle.label | path | +| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | semmle.label | path.split(unknown) | +| torrents.js:5:6:5:38 | name | semmle.label | name | +| torrents.js:5:13:5:38 | parseTo ... t).name | semmle.label | parseTo ... t).name | +| torrents.js:6:6:6:45 | loc | semmle.label | loc | +| torrents.js:6:12:6:45 | dir + " ... t.data" | semmle.label | dir + " ... t.data" | +| torrents.js:6:24:6:27 | name | semmle.label | name | +| torrents.js:7:25:7:27 | loc | semmle.label | loc | +| typescript.ts:9:7:9:48 | path | semmle.label | path | +| typescript.ts:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| typescript.ts:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| typescript.ts:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| typescript.ts:9:24:9:30 | req.url | semmle.label | req.url | +| typescript.ts:12:29:12:32 | path | semmle.label | path | +| typescript.ts:20:7:20:18 | path3 | semmle.label | path3 | +| typescript.ts:20:15:20:18 | path | semmle.label | path | +| typescript.ts:21:39:21:43 | path3 | semmle.label | path3 | +| typescript.ts:23:7:23:18 | path4 | semmle.label | path4 | +| typescript.ts:23:15:23:18 | path | semmle.label | path | +| typescript.ts:24:39:24:43 | path4 | semmle.label | path4 | +| typescript.ts:30:7:30:18 | path6 | semmle.label | path6 | +| typescript.ts:30:15:30:18 | path | semmle.label | path | +| typescript.ts:32:29:32:33 | path6 | semmle.label | path6 | +| views.js:1:43:1:55 | req.params[0] | semmle.label | req.params[0] | edges | TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | | TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | | TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | | TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | | TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | | TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | | TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | | TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | | TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | | TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | | TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | | TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | | TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | | TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | | TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | | TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | | TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | | TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | | TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | | TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | | TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | | TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | | TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | | TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | | TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | | TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | | TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | | TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | | TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | | TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | | TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | | TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | | TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | | TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | | TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | | TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | | TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | | TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | | TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | | TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | | TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | | TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | | TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | | TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | | TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | | TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | | TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | | TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | | TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | | TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | | TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | | TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | | TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | | TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | | TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | | TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | | TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | | TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | | TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | | TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | | TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | | TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | | TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | | TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | | TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | | TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | | TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | | TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | | TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | | TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | | TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | | TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | | TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | | TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | | TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | | TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | | TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | | TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | | TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | | TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | | TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | | TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | | TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | | TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | | TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | | TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | | TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | | TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | | TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | | TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | | TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | | TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | | TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | | TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | | TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | | TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | | TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | | TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | | TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | | TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | | TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | | TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | | TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | | TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | | TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | | TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | | TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | | TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | | TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | | TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | | handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | | handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | | normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | | normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | | normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | | normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | | normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | | normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | | normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | | normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:27:53:27:56 | path | | normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:27:53:27:56 | path | | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | | normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | | normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | | normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | | normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | | normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | | normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | | normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:63:19:63:22 | path | | normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:63:19:63:22 | path | | normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | normalizedPaths.js:54:7:54:49 | path | | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | normalizedPaths.js:54:7:54:49 | path | | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | | normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | | normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | | normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | | normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:90:31:90:34 | path | | normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:90:31:90:34 | path | | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | | normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | | normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | | normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | | normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | | normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | | normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | | normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | | normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | | normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | | normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | | normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | normalizedPaths.js:148:7:148:58 | path | | normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | normalizedPaths.js:148:7:148:58 | path | | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | | normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | | normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | | normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | | normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | | normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | | normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | | normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | | normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | | normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | | normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | | normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | | normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | | normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | | normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | | normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | | normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | | normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | | normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | normalizedPaths.js:226:7:226:70 | path | | normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | normalizedPaths.js:226:7:226:70 | path | | normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | | normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | | normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | | normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | | normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | | normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | | normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | | normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | | normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | | normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | | normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | | normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | | normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | | normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | | normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | | normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | | normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | | normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | | normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | | normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | | normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | | normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | | normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | | normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | | normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | | normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | | normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | | normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | | normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | | normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | | normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | | normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | | normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | | normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | | normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | | normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | | normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | | normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | | normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | | other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | | other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | | other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | | other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | | other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | | other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:73:8:73:11 | path | | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | +| other-fs-libraries.js:73:8:73:11 | path | other-fs-libraries.js:75:15:75:15 | x | +| other-fs-libraries.js:75:15:75:15 | x | other-fs-libraries.js:76:19:76:19 | x | +| other-fs-libraries.js:81:7:81:48 | path | other-fs-libraries.js:83:16:83:19 | path | +| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | other-fs-libraries.js:81:14:81:43 | url.par ... ).query | +| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | +| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | other-fs-libraries.js:81:7:81:48 | path | +| other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:81:14:81:37 | url.par ... , true) | | prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | | prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | | prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | | pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | | pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | +| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:21:27:21:34 | filepath | +| sharedlib-repro.js:21:27:21:34 | filepath | sharedlib-repro.js:22:18:22:25 | filepath | | tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | | tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | | tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | | tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | | tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | | tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | | tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | +| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:7:10:36 | obj | | tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | | tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | | tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | | tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | | tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | | tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | | tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | | tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | | tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | +| tainted-promise-steps.js:6:7:6:48 | path | tainted-promise-steps.js:7:26:7:29 | path | +| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | +| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | +| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | tainted-promise-steps.js:6:7:6:48 | path | +| tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | +| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | +| tainted-promise-steps.js:7:26:7:29 | path | tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | +| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:19:11:35 | await pathPromise | +| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:20:12:23 | path | +| tainted-promise-steps.js:12:20:12:23 | path | tainted-promise-steps.js:12:44:12:47 | path | | tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | | tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | | tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | | tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | | tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | | tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | | tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | | tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | | tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | | tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | | tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | | tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | | tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | | tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | -| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | -| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | -| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | +| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | +| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | +| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | +| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | +| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | +| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | +| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | +| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | +| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | +| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | +| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | +| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | | typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | | typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | | typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | | typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | | typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | | typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | | typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | | typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | | typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | | typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | | typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | | typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | | typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | +subpaths #select | TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:10:26:10:45 | join("public", path) | This path depends on a $@. | TaintedPath-es6.js:7:20:7:26 | req.url | user-provided value | | TaintedPath.js:12:29:12:32 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:12:29:12:32 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | @@ -10433,11 +1039,13 @@ edges | other-fs-libraries.js:70:19:70:22 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:70:19:70:22 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | | other-fs-libraries.js:71:10:71:13 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:71:10:71:13 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | | other-fs-libraries.js:72:15:72:18 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:72:15:72:18 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | -| other-fs-libraries.js:79:16:79:19 | path | other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:79:16:79:19 | path | This path depends on a $@. | other-fs-libraries.js:77:24:77:30 | req.url | user-provided value | +| other-fs-libraries.js:76:19:76:19 | x | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:76:19:76:19 | x | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | +| other-fs-libraries.js:83:16:83:19 | path | other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:83:16:83:19 | path | This path depends on a $@. | other-fs-libraries.js:81:24:81:30 | req.url | user-provided value | | prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | | prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | | pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | | pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | +| sharedlib-repro.js:22:18:22:25 | filepath | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:22:18:22:25 | filepath | This path depends on a $@. | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | user-provided value | | tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | | tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | | tainted-access-paths.js:26:19:26:26 | obj.sub3 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:26:19:26:26 | obj.sub3 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | @@ -10446,6 +1054,8 @@ edges | tainted-access-paths.js:31:23:31:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:31:23:31:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | | tainted-access-paths.js:40:23:40:26 | path | tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:40:23:40:26 | path | This path depends on a $@. | tainted-access-paths.js:39:24:39:30 | req.url | user-provided value | | tainted-access-paths.js:49:10:49:13 | path | tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:49:10:49:13 | path | This path depends on a $@. | tainted-access-paths.js:48:24:48:30 | req.url | user-provided value | +| tainted-promise-steps.js:11:19:11:35 | await pathPromise | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:11:19:11:35 | await pathPromise | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-promise-steps.js:12:44:12:47 | path | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:12:44:12:47 | path | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value | | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on a $@. | tainted-require.js:7:19:7:37 | req.param("module") | user-provided value | | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | This path depends on a $@. | tainted-require.js:12:29:12:47 | req.param("module") | user-provided value | | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | This path depends on a $@. | tainted-require.js:14:11:14:29 | req.param("module") | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js index 1a618105226b..1dac13246c6f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js @@ -70,7 +70,11 @@ http.createServer(function(req, res) { fs.readFileSync(path); // NOT OK mkdirp(path); // NOT OK mkdirp.sync(path); // NOT OK + func(path); }); +function func(x) { + fs.readFileSync(x); // NOT OK +} const fsp = require("fs/promises"); http.createServer(function(req, res) { diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js new file mode 100644 index 000000000000..eebc95348ba6 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js @@ -0,0 +1,35 @@ +const fs = require('fs'); +const express = require('express'); +const app = express(); + +app.get('/', function (req, res) { + getTree(req, res, { workspaceDir: '/tmp' }); +}); + +function getTree(req, res, options) { + var workspaceId = req.params.workspaceId; + var realfileRootPath = workspaceId; // getfileRoot(workspaceId); + var filePath = workspaceId; // path.join(options.workspaceDir,realfileRootPath, req.params["0"]); + withStatsAndETag(req.params.workspaceId, function (err, stats, etag) {}); +} + +function getfileRoot(workspaceId) { + var userId = decodeUserIdFromWorkspaceId(workspaceId); + return path.join(userId.substring(0,2), userId, decodeWorkspaceNameFromWorkspaceId(workspaceId)); +} + +function withStatsAndETag(filepath, callback) { + fs.readFileSync(filepath); // NOT OK +}; + +function decodeUserIdFromWorkspaceId(workspaceId) { + var index = workspaceId.lastIndexOf(SEPARATOR); + if (index === -1) return null; + return workspaceId.substring(0, index); +} + +function decodeWorkspaceNameFromWorkspaceId(workspaceId) { + var index = workspaceId.lastIndexOf(SEPARATOR); + if (index === -1) return null; + return workspaceId.substring(index + 1); +} diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js new file mode 100644 index 000000000000..49c5fa78fe8d --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js @@ -0,0 +1,15 @@ +var fs = require('fs'), + http = require('http'), + url = require('url'); + +var server = http.createServer(function(req, res) { + let path = url.parse(req.url, true).query.path; + doRead(Promise.resolve(path)); +}); + +async function doRead(pathPromise) { + fs.readFileSync(await pathPromise); // NOT OK + pathPromise.then(path => fs.readFileSync(path)); // NO TOK +} + +server.listen(); From 547a8a958aec31beb9ebb8b392f1865e335f4dfc Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:24:57 +0200 Subject: [PATCH 046/223] JS: Port SqlInjection --- .../security/dataflow/NosqlInjectionQuery.qll | 66 +- .../security/dataflow/SqlInjectionQuery.qll | 40 +- .../ql/src/Security/CWE-089/SqlInjection.ql | 26 +- .../CWE-089/typed/SqlInjection.expected | 39 +- .../CWE-089/untyped/SqlInjection.expected | 1062 ++++++----------- 5 files changed, 497 insertions(+), 736 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll index be9b3bdee0a0..a213fa5aa4a1 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll @@ -14,7 +14,57 @@ import NosqlInjectionCustomizations::NosqlInjection /** * A taint-tracking configuration for reasoning about SQL-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module NosqlInjectionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel state) { + source instanceof Source and state.isTaint() + or + TaintedObject::isSource(source, state) + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel state) { + sink.(Sink).getAFlowLabel() = state + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel state) { + node instanceof Sanitizer and state.isTaint() + or + TaintTracking::defaultSanitizer(node) and state.isTaint() + or + node = TaintedObject::SanitizerGuard::getABarrierNode(state) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 + ) { + TaintedObject::step(node1, node2, state1, state2) + or + // additional flow step to track taint through NoSQL query objects + state1 = TaintedObject::label() and + state2 = TaintedObject::label() and + exists(NoSql::Query query, DataFlow::SourceNode queryObj | + queryObj.flowsTo(query) and + queryObj.flowsTo(node2) and + node1 = queryObj.getAPropertyWrite().getRhs() + ) + or + TaintTracking::defaultTaintStep(node1, node2) and + state1.isTaint() and + state2 = state1 + } +} + +/** + * Taint-tracking for reasoning about SQL-injection vulnerabilities. + */ +module NosqlInjectionFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `NosqlInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "NosqlInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -37,17 +87,9 @@ class Configuration extends TaintTracking::Configuration { } override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, + DataFlow::FlowLabel state2 ) { - TaintedObject::step(src, trg, inlbl, outlbl) - or - // additional flow step to track taint through NoSQL query objects - inlbl = TaintedObject::label() and - outlbl = TaintedObject::label() and - exists(NoSql::Query query, DataFlow::SourceNode queryObj | - queryObj.flowsTo(query) and - queryObj.flowsTo(trg) and - src = queryObj.getAPropertyWrite().getRhs() - ) + NosqlInjectionConfig::isAdditionalFlowStep(node1, state1, node2, state2) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll index 43f50e77c77d..3a5f0e41bfaf 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll @@ -13,19 +13,14 @@ import SqlInjectionCustomizations::SqlInjection /** * A taint-tracking configuration for reasoning about string based query injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SqlInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } +module SqlInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { exists(LdapJS::TaintPreservingLdapFilterStep filter | pred = filter.getInput() and succ = filter.getOutput() @@ -37,3 +32,28 @@ class Configuration extends TaintTracking::Configuration { ) } } + +/** + * Taint-tracking for reasoning about string based query injection vulnerabilities. + */ +module SqlInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `SqlInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "SqlInjection" } + + override predicate isSource(DataFlow::Node source) { source instanceof Source } + + override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + override predicate isSanitizer(DataFlow::Node node) { + super.isSanitizer(node) or + node instanceof Sanitizer + } + + override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + SqlInjectionConfig::isAdditionalFlowStep(pred, succ) + } +} diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/Security/CWE-089/SqlInjection.ql index f7a40bb91f9a..7d64fb222ca5 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.ql @@ -14,17 +14,23 @@ */ import javascript -import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection -import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection -import DataFlow::PathGraph +import semmle.javascript.security.dataflow.SqlInjectionQuery as Sql +import semmle.javascript.security.dataflow.NosqlInjectionQuery as Nosql -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string type +module Merged = + DataFlow::MergePathGraph; + +import DataFlow::DeduplicatePathGraph + +from PathNode source, PathNode sink, string type where - ( - cfg instanceof SqlInjection::Configuration and type = "string" - or - cfg instanceof NosqlInjection::Configuration and type = "object" - ) and - cfg.hasFlowPath(source, sink) + Sql::SqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode1(), + sink.getAnOriginalPathNode().asPathNode1()) and + type = "string" + or + Nosql::NosqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode2(), + sink.getAnOriginalPathNode().asPathNode2()) and + type = "object" select sink.getNode(), source, sink, "This query " + type + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected b/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected index acf7e712ee21..174dcaf344a1 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected @@ -1,41 +1,32 @@ nodes -| typedClient.ts:13:7:13:32 | v | -| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | -| typedClient.ts:13:22:13:29 | req.body | -| typedClient.ts:13:22:13:29 | req.body | -| typedClient.ts:13:22:13:31 | req.body.x | -| typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:14:30:14:30 | v | -| typedClient.ts:21:7:21:32 | v | -| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | -| typedClient.ts:21:22:21:29 | req.body | -| typedClient.ts:21:22:21:29 | req.body | -| typedClient.ts:21:22:21:31 | req.body.x | -| typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:22:33:22:33 | v | -| typedClient.ts:23:27:23:35 | { id: v } | -| typedClient.ts:23:27:23:35 | { id: v } | -| typedClient.ts:23:33:23:33 | v | +| typedClient.ts:13:7:13:32 | v | semmle.label | v | +| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) | +| typedClient.ts:13:22:13:29 | req.body | semmle.label | req.body | +| typedClient.ts:13:22:13:31 | req.body.x | semmle.label | req.body.x | +| typedClient.ts:14:24:14:32 | { id: v } | semmle.label | { id: v } | +| typedClient.ts:14:30:14:30 | v | semmle.label | v | +| typedClient.ts:21:7:21:32 | v | semmle.label | v | +| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) | +| typedClient.ts:21:22:21:29 | req.body | semmle.label | req.body | +| typedClient.ts:21:22:21:31 | req.body.x | semmle.label | req.body.x | +| typedClient.ts:22:27:22:35 | { id: v } | semmle.label | { id: v } | +| typedClient.ts:22:33:22:33 | v | semmle.label | v | +| typedClient.ts:23:27:23:35 | { id: v } | semmle.label | { id: v } | +| typedClient.ts:23:33:23:33 | v | semmle.label | v | edges | typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v | | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v | | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x | -| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x | | typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | | typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } | | typedClient.ts:21:7:21:32 | v | typedClient.ts:22:33:22:33 | v | | typedClient.ts:21:7:21:32 | v | typedClient.ts:23:33:23:33 | v | | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | typedClient.ts:21:7:21:32 | v | | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x | -| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x | | typedClient.ts:21:22:21:31 | req.body.x | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | | typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | | typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | +subpaths #select | typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query object depends on a $@. | typedClient.ts:13:22:13:29 | req.body | user-provided value | | typedClient.ts:22:27:22:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:22:27:22:35 | { id: v } | This query object depends on a $@. | typedClient.ts:21:22:21:29 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected b/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected index c241751da3ef..f0b53a2bcc79 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected @@ -1,508 +1,338 @@ nodes -| graphql.js:8:11:8:28 | id | -| graphql.js:8:16:8:28 | req.params.id | -| graphql.js:8:16:8:28 | req.params.id | -| graphql.js:10:34:20:5 | `\\n ... }\\n ` | -| graphql.js:10:34:20:5 | `\\n ... }\\n ` | -| graphql.js:12:46:12:47 | id | -| graphql.js:26:11:26:28 | id | -| graphql.js:26:16:26:28 | req.params.id | -| graphql.js:26:16:26:28 | req.params.id | -| graphql.js:27:30:27:40 | `foo ${id}` | -| graphql.js:27:30:27:40 | `foo ${id}` | -| graphql.js:27:37:27:38 | id | -| graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:30:39:30:40 | id | -| graphql.js:33:18:33:28 | `foo ${id}` | -| graphql.js:33:18:33:28 | `foo ${id}` | -| graphql.js:33:25:33:26 | id | -| graphql.js:39:11:39:28 | id | -| graphql.js:39:16:39:28 | req.params.id | -| graphql.js:39:16:39:28 | req.params.id | -| graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:44:21:44:22 | id | -| graphql.js:48:44:48:54 | `foo ${id}` | -| graphql.js:48:44:48:54 | `foo ${id}` | -| graphql.js:48:51:48:52 | id | -| graphql.js:55:11:55:28 | id | -| graphql.js:55:16:55:28 | req.params.id | -| graphql.js:55:16:55:28 | req.params.id | -| graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:56:46:56:47 | id | -| graphql.js:58:66:58:76 | `foo ${id}` | -| graphql.js:58:66:58:76 | `foo ${id}` | -| graphql.js:58:73:58:74 | id | -| graphql.js:74:9:74:25 | id | -| graphql.js:74:14:74:25 | req.query.id | -| graphql.js:74:14:74:25 | req.query.id | -| graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:75:56:75:57 | id | -| graphql.js:84:14:90:8 | `{\\n ... }` | -| graphql.js:84:14:90:8 | `{\\n ... }` | -| graphql.js:88:13:88:14 | id | -| graphql.js:119:11:119:28 | id | -| graphql.js:119:16:119:28 | req.params.id | -| graphql.js:119:16:119:28 | req.params.id | -| graphql.js:120:38:120:48 | `foo ${id}` | -| graphql.js:120:38:120:48 | `foo ${id}` | -| graphql.js:120:45:120:46 | id | -| html-sanitizer.js:13:39:13:44 | param1 | -| html-sanitizer.js:13:39:13:44 | param1 | -| html-sanitizer.js:14:5:14:24 | param1 | -| html-sanitizer.js:14:14:14:24 | xss(param1) | -| html-sanitizer.js:14:18:14:23 | param1 | -| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| html-sanitizer.js:16:54:16:59 | param1 | -| json-schema-validator.js:25:15:25:48 | query | -| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | -| json-schema-validator.js:25:34:25:47 | req.query.data | -| json-schema-validator.js:25:34:25:47 | req.query.data | -| json-schema-validator.js:33:22:33:26 | query | -| json-schema-validator.js:33:22:33:26 | query | -| json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:50:15:50:48 | query | -| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | -| json-schema-validator.js:50:34:50:47 | req.query.data | -| json-schema-validator.js:50:34:50:47 | req.query.data | -| json-schema-validator.js:55:22:55:26 | query | -| json-schema-validator.js:55:22:55:26 | query | -| json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:61:22:61:26 | query | -| json-schema-validator.js:61:22:61:26 | query | -| ldap.js:20:7:20:34 | q | -| ldap.js:20:11:20:34 | url.par ... , true) | -| ldap.js:20:21:20:27 | req.url | -| ldap.js:20:21:20:27 | req.url | -| ldap.js:22:7:22:33 | username | -| ldap.js:22:18:22:18 | q | -| ldap.js:22:18:22:24 | q.query | -| ldap.js:22:18:22:33 | q.query.username | -| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | -| ldap.js:25:24:25:31 | username | -| ldap.js:25:46:25:53 | username | -| ldap.js:28:30:28:34 | opts1 | -| ldap.js:28:30:28:34 | opts1 | -| ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | -| ldap.js:32:26:32:33 | username | -| ldap.js:32:48:32:55 | username | -| ldap.js:63:9:65:3 | parsedFilter | -| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | -| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | -| ldap.js:64:16:64:23 | username | -| ldap.js:64:38:64:45 | username | -| ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:66:40:66:51 | parsedFilter | -| ldap.js:68:27:68:42 | `cn=${username}` | -| ldap.js:68:27:68:42 | `cn=${username}` | -| ldap.js:68:33:68:40 | username | -| marsdb-flow-to.js:10:9:10:18 | query | -| marsdb-flow-to.js:10:17:10:18 | {} | -| marsdb-flow-to.js:11:17:11:24 | req.body | -| marsdb-flow-to.js:11:17:11:24 | req.body | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | -| marsdb-flow-to.js:14:17:14:21 | query | -| marsdb-flow-to.js:14:17:14:21 | query | -| marsdb.js:12:9:12:18 | query | -| marsdb.js:12:17:12:18 | {} | -| marsdb.js:13:17:13:24 | req.body | -| marsdb.js:13:17:13:24 | req.body | -| marsdb.js:13:17:13:30 | req.body.title | -| marsdb.js:16:12:16:16 | query | -| marsdb.js:16:12:16:16 | query | -| minimongo.js:14:9:14:18 | query | -| minimongo.js:14:17:14:18 | {} | -| minimongo.js:15:17:15:24 | req.body | -| minimongo.js:15:17:15:24 | req.body | -| minimongo.js:15:17:15:30 | req.body.title | -| minimongo.js:18:12:18:16 | query | -| minimongo.js:18:12:18:16 | query | -| mongodb.js:12:11:12:20 | query | -| mongodb.js:12:19:12:20 | {} | -| mongodb.js:13:19:13:26 | req.body | -| mongodb.js:13:19:13:26 | req.body | -| mongodb.js:13:19:13:32 | req.body.title | -| mongodb.js:18:16:18:20 | query | -| mongodb.js:18:16:18:20 | query | -| mongodb.js:26:11:26:32 | title | -| mongodb.js:26:19:26:26 | req.body | -| mongodb.js:26:19:26:26 | req.body | -| mongodb.js:26:19:26:32 | req.body.title | -| mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:27:32:43 | JSON.parse(title) | -| mongodb.js:32:38:32:42 | title | -| mongodb.js:48:11:48:20 | query | -| mongodb.js:48:19:48:20 | {} | -| mongodb.js:49:19:49:33 | req.query.title | -| mongodb.js:49:19:49:33 | req.query.title | -| mongodb.js:54:16:54:20 | query | -| mongodb.js:54:16:54:20 | query | -| mongodb.js:59:8:59:17 | query | -| mongodb.js:59:16:59:17 | {} | -| mongodb.js:60:16:60:30 | req.query.title | -| mongodb.js:60:16:60:30 | req.query.title | -| mongodb.js:65:12:65:16 | query | -| mongodb.js:65:12:65:16 | query | -| mongodb.js:70:7:70:25 | tag | -| mongodb.js:70:13:70:25 | req.query.tag | -| mongodb.js:70:13:70:25 | req.query.tag | -| mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:77:22:77:24 | tag | -| mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:85:20:85:22 | tag | -| mongodb.js:106:9:106:18 | query | -| mongodb.js:106:17:106:18 | {} | -| mongodb.js:107:17:107:29 | queries.title | -| mongodb.js:107:17:107:29 | queries.title | -| mongodb.js:112:14:112:18 | query | -| mongodb.js:112:14:112:18 | query | -| mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:23:19:23:20 | {} | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | -| mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:29:16:29:20 | query | -| mongoose.js:20:8:20:17 | query | -| mongoose.js:20:16:20:17 | {} | -| mongoose.js:21:16:21:23 | req.body | -| mongoose.js:21:16:21:23 | req.body | -| mongoose.js:21:16:21:29 | req.body.title | -| mongoose.js:24:21:24:27 | [query] | -| mongoose.js:24:21:24:27 | [query] | -| mongoose.js:24:22:24:26 | query | -| mongoose.js:27:17:27:21 | query | -| mongoose.js:27:17:27:21 | query | -| mongoose.js:30:22:30:26 | query | -| mongoose.js:30:22:30:26 | query | -| mongoose.js:33:21:33:25 | query | -| mongoose.js:33:21:33:25 | query | -| mongoose.js:36:28:36:32 | query | -| mongoose.js:36:28:36:32 | query | -| mongoose.js:39:16:39:20 | query | -| mongoose.js:39:16:39:20 | query | -| mongoose.js:42:19:42:23 | query | -| mongoose.js:42:19:42:23 | query | -| mongoose.js:45:28:45:32 | query | -| mongoose.js:45:28:45:32 | query | -| mongoose.js:48:28:48:32 | query | -| mongoose.js:48:28:48:32 | query | -| mongoose.js:51:28:51:32 | query | -| mongoose.js:51:28:51:32 | query | -| mongoose.js:54:22:54:26 | query | -| mongoose.js:54:22:54:26 | query | -| mongoose.js:57:18:57:22 | query | -| mongoose.js:57:18:57:22 | query | -| mongoose.js:60:22:60:26 | query | -| mongoose.js:60:22:60:26 | query | -| mongoose.js:63:21:63:25 | query | -| mongoose.js:63:21:63:25 | query | -| mongoose.js:65:32:65:36 | query | -| mongoose.js:65:32:65:36 | query | -| mongoose.js:67:27:67:31 | query | -| mongoose.js:67:27:67:31 | query | -| mongoose.js:68:8:68:12 | query | -| mongoose.js:68:8:68:12 | query | -| mongoose.js:71:17:71:21 | query | -| mongoose.js:71:17:71:21 | query | -| mongoose.js:72:10:72:14 | query | -| mongoose.js:72:10:72:14 | query | -| mongoose.js:73:8:73:12 | query | -| mongoose.js:73:8:73:12 | query | -| mongoose.js:74:7:74:11 | query | -| mongoose.js:74:7:74:11 | query | -| mongoose.js:75:16:75:20 | query | -| mongoose.js:75:16:75:20 | query | -| mongoose.js:77:10:77:14 | query | -| mongoose.js:77:10:77:14 | query | -| mongoose.js:82:46:82:50 | query | -| mongoose.js:82:46:82:50 | query | -| mongoose.js:83:47:83:51 | query | -| mongoose.js:83:47:83:51 | query | -| mongoose.js:85:46:85:50 | query | -| mongoose.js:85:46:85:50 | query | -| mongoose.js:87:51:87:55 | query | -| mongoose.js:87:51:87:55 | query | -| mongoose.js:89:46:89:50 | query | -| mongoose.js:89:46:89:50 | query | -| mongoose.js:92:46:92:50 | query | -| mongoose.js:92:46:92:50 | query | -| mongoose.js:94:51:94:55 | query | -| mongoose.js:94:51:94:55 | query | -| mongoose.js:96:46:96:50 | query | -| mongoose.js:96:46:96:50 | query | -| mongoose.js:111:14:111:18 | query | -| mongoose.js:111:14:111:18 | query | -| mongoose.js:113:31:113:35 | query | -| mongoose.js:113:31:113:35 | query | -| mongoose.js:115:6:115:22 | id | -| mongoose.js:115:11:115:22 | req.query.id | -| mongoose.js:115:11:115:22 | req.query.id | -| mongoose.js:115:25:115:45 | cond | -| mongoose.js:115:32:115:45 | req.query.cond | -| mongoose.js:115:32:115:45 | req.query.cond | -| mongoose.js:116:22:116:25 | cond | -| mongoose.js:116:22:116:25 | cond | -| mongoose.js:117:21:117:24 | cond | -| mongoose.js:117:21:117:24 | cond | -| mongoose.js:118:21:118:24 | cond | -| mongoose.js:118:21:118:24 | cond | -| mongoose.js:119:18:119:21 | cond | -| mongoose.js:119:18:119:21 | cond | -| mongoose.js:120:22:120:25 | cond | -| mongoose.js:120:22:120:25 | cond | -| mongoose.js:121:16:121:19 | cond | -| mongoose.js:121:16:121:19 | cond | -| mongoose.js:122:19:122:22 | cond | -| mongoose.js:122:19:122:22 | cond | -| mongoose.js:123:20:123:21 | id | -| mongoose.js:123:20:123:21 | id | -| mongoose.js:124:28:124:31 | cond | -| mongoose.js:124:28:124:31 | cond | -| mongoose.js:125:28:125:31 | cond | -| mongoose.js:125:28:125:31 | cond | -| mongoose.js:126:28:126:31 | cond | -| mongoose.js:126:28:126:31 | cond | -| mongoose.js:127:18:127:21 | cond | -| mongoose.js:127:18:127:21 | cond | -| mongoose.js:128:22:128:25 | cond | -| mongoose.js:128:22:128:25 | cond | -| mongoose.js:129:21:129:24 | cond | -| mongoose.js:129:21:129:24 | cond | -| mongoose.js:130:16:130:26 | { _id: id } | -| mongoose.js:130:16:130:26 | { _id: id } | -| mongoose.js:130:23:130:24 | id | -| mongoose.js:136:30:136:34 | query | -| mongoose.js:136:30:136:34 | query | -| mongooseJsonParse.js:19:11:19:20 | query | -| mongooseJsonParse.js:19:19:19:20 | {} | -| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | -| mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:23:19:23:23 | query | -| mongooseModelClient.js:10:7:10:32 | v | -| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | -| mongooseModelClient.js:10:22:10:29 | req.body | -| mongooseModelClient.js:10:22:10:29 | req.body | -| mongooseModelClient.js:10:22:10:31 | req.body.x | -| mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:11:22:11:22 | v | -| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mongooseModelClient.js:12:22:12:29 | req.body | -| mongooseModelClient.js:12:22:12:29 | req.body | -| mongooseModelClient.js:12:22:12:32 | req.body.id | -| mysql.js:6:9:6:31 | temp | -| mysql.js:6:16:6:31 | req.params.value | -| mysql.js:6:16:6:31 | req.params.value | -| mysql.js:15:18:15:65 | 'SELECT ... + temp | -| mysql.js:15:18:15:65 | 'SELECT ... + temp | -| mysql.js:15:62:15:65 | temp | -| mysql.js:19:26:19:73 | 'SELECT ... + temp | -| mysql.js:19:26:19:73 | 'SELECT ... + temp | -| mysql.js:19:70:19:73 | temp | -| pg-promise-types.ts:7:9:7:28 | taint | -| pg-promise-types.ts:7:17:7:28 | req.params.x | -| pg-promise-types.ts:7:17:7:28 | req.params.x | -| pg-promise-types.ts:8:17:8:21 | taint | -| pg-promise-types.ts:8:17:8:21 | taint | -| pg-promise.js:6:7:7:55 | query | -| pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | -| pg-promise.js:7:16:7:34 | req.params.category | -| pg-promise.js:7:16:7:34 | req.params.category | -| pg-promise.js:9:10:9:14 | query | -| pg-promise.js:9:10:9:14 | query | -| pg-promise.js:10:11:10:15 | query | -| pg-promise.js:10:11:10:15 | query | -| pg-promise.js:11:17:11:21 | query | -| pg-promise.js:11:17:11:21 | query | -| pg-promise.js:12:10:12:14 | query | -| pg-promise.js:12:10:12:14 | query | -| pg-promise.js:13:12:13:16 | query | -| pg-promise.js:13:12:13:16 | query | -| pg-promise.js:14:18:14:22 | query | -| pg-promise.js:14:18:14:22 | query | -| pg-promise.js:15:11:15:15 | query | -| pg-promise.js:15:11:15:15 | query | -| pg-promise.js:16:10:16:14 | query | -| pg-promise.js:16:10:16:14 | query | -| pg-promise.js:17:16:17:20 | query | -| pg-promise.js:17:16:17:20 | query | -| pg-promise.js:18:12:18:16 | query | -| pg-promise.js:18:12:18:16 | query | -| pg-promise.js:19:13:19:17 | query | -| pg-promise.js:19:13:19:17 | query | -| pg-promise.js:22:11:22:15 | query | -| pg-promise.js:22:11:22:15 | query | -| pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:41:7:41:20 | req.params.foo | -| pg-promise.js:41:7:41:20 | req.params.foo | -| pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:56:14:56:29 | req.params.title | -| pg-promise.js:56:14:56:29 | req.params.title | -| pg-promise.js:56:14:56:29 | req.params.title | -| pg-promise.js:60:20:60:24 | query | -| pg-promise.js:60:20:60:24 | query | -| pg-promise.js:63:23:63:27 | query | -| pg-promise.js:63:23:63:27 | query | -| pg-promise.js:64:16:64:20 | query | -| pg-promise.js:64:16:64:20 | query | -| redis.js:10:16:10:23 | req.body | -| redis.js:10:16:10:23 | req.body | -| redis.js:10:16:10:27 | req.body.key | -| redis.js:10:16:10:27 | req.body.key | -| redis.js:12:9:12:26 | key | -| redis.js:12:15:12:22 | req.body | -| redis.js:12:15:12:22 | req.body | -| redis.js:12:15:12:26 | req.body.key | -| redis.js:18:16:18:18 | key | -| redis.js:18:16:18:18 | key | -| redis.js:19:43:19:45 | key | -| redis.js:19:43:19:45 | key | -| redis.js:25:14:25:16 | key | -| redis.js:25:14:25:16 | key | -| redis.js:30:23:30:25 | key | -| redis.js:30:23:30:25 | key | -| redis.js:32:28:32:30 | key | -| redis.js:32:28:32:30 | key | -| redis.js:38:11:38:28 | key | -| redis.js:38:17:38:24 | req.body | -| redis.js:38:17:38:24 | req.body | -| redis.js:38:17:38:28 | req.body.key | -| redis.js:39:16:39:18 | key | -| redis.js:39:16:39:18 | key | -| redis.js:43:27:43:29 | key | -| redis.js:43:27:43:29 | key | -| redis.js:46:34:46:36 | key | -| redis.js:46:34:46:36 | key | -| socketio.js:10:25:10:30 | handle | -| socketio.js:10:25:10:30 | handle | -| socketio.js:11:12:11:53 | `INSERT ... andle}` | -| socketio.js:11:12:11:53 | `INSERT ... andle}` | -| socketio.js:11:46:11:51 | handle | -| tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | -| tst2.js:9:66:9:78 | req.params.id | -| tst3.js:7:7:8:55 | query1 | -| tst3.js:7:16:8:55 | "SELECT ... PRICE" | -| tst3.js:8:16:8:34 | req.params.category | -| tst3.js:8:16:8:34 | req.params.category | -| tst3.js:9:14:9:19 | query1 | -| tst3.js:9:14:9:19 | query1 | -| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | -| tst4.js:8:46:8:60 | $routeParams.id | -| tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | -| tst.js:10:46:10:58 | req.params.id | +| graphql.js:8:11:8:28 | id | semmle.label | id | +| graphql.js:8:16:8:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:10:34:20:5 | `\\n ... }\\n ` | semmle.label | `\\n ... }\\n ` | +| graphql.js:12:46:12:47 | id | semmle.label | id | +| graphql.js:26:11:26:28 | id | semmle.label | id | +| graphql.js:26:16:26:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:27:30:27:40 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:27:37:27:38 | id | semmle.label | id | +| graphql.js:30:32:30:42 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:30:39:30:40 | id | semmle.label | id | +| graphql.js:33:18:33:28 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:33:25:33:26 | id | semmle.label | id | +| graphql.js:39:11:39:28 | id | semmle.label | id | +| graphql.js:39:16:39:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:44:14:44:24 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:44:21:44:22 | id | semmle.label | id | +| graphql.js:48:44:48:54 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:48:51:48:52 | id | semmle.label | id | +| graphql.js:55:11:55:28 | id | semmle.label | id | +| graphql.js:55:16:55:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:56:39:56:49 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:56:46:56:47 | id | semmle.label | id | +| graphql.js:58:66:58:76 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:58:73:58:74 | id | semmle.label | id | +| graphql.js:74:9:74:25 | id | semmle.label | id | +| graphql.js:74:14:74:25 | req.query.id | semmle.label | req.query.id | +| graphql.js:75:46:75:64 | "{ foo" + id + " }" | semmle.label | "{ foo" + id + " }" | +| graphql.js:75:56:75:57 | id | semmle.label | id | +| graphql.js:84:14:90:8 | `{\\n ... }` | semmle.label | `{\\n ... }` | +| graphql.js:88:13:88:14 | id | semmle.label | id | +| graphql.js:119:11:119:28 | id | semmle.label | id | +| graphql.js:119:16:119:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:120:38:120:48 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:120:45:120:46 | id | semmle.label | id | +| html-sanitizer.js:13:39:13:44 | param1 | semmle.label | param1 | +| html-sanitizer.js:14:5:14:24 | param1 | semmle.label | param1 | +| html-sanitizer.js:14:14:14:24 | xss(param1) | semmle.label | xss(param1) | +| html-sanitizer.js:14:18:14:23 | param1 | semmle.label | param1 | +| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | semmle.label | `SELECT ... param1 | +| html-sanitizer.js:16:54:16:59 | param1 | semmle.label | param1 | +| json-schema-validator.js:25:15:25:48 | query | semmle.label | query | +| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | semmle.label | JSON.pa ... y.data) | +| json-schema-validator.js:25:34:25:47 | req.query.data | semmle.label | req.query.data | +| json-schema-validator.js:33:22:33:26 | query | semmle.label | query | +| json-schema-validator.js:35:18:35:22 | query | semmle.label | query | +| json-schema-validator.js:50:15:50:48 | query | semmle.label | query | +| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | semmle.label | JSON.pa ... y.data) | +| json-schema-validator.js:50:34:50:47 | req.query.data | semmle.label | req.query.data | +| json-schema-validator.js:55:22:55:26 | query | semmle.label | query | +| json-schema-validator.js:59:22:59:26 | query | semmle.label | query | +| json-schema-validator.js:61:22:61:26 | query | semmle.label | query | +| koarouter.js:5:11:5:33 | version | semmle.label | version | +| koarouter.js:5:13:5:19 | version | semmle.label | version | +| koarouter.js:11:11:11:28 | conditions | semmle.label | conditions | +| koarouter.js:14:9:14:18 | [post update] conditions | semmle.label | [post update] conditions | +| koarouter.js:14:25:14:46 | `versio ... rsion}` | semmle.label | `versio ... rsion}` | +| koarouter.js:14:38:14:44 | version | semmle.label | version | +| koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | semmle.label | `SELECT ... nd ')}` | +| koarouter.js:17:52:17:61 | conditions | semmle.label | conditions | +| koarouter.js:17:52:17:75 | conditi ... and ') | semmle.label | conditi ... and ') | +| ldap.js:20:7:20:34 | q | semmle.label | q | +| ldap.js:20:11:20:34 | url.par ... , true) | semmle.label | url.par ... , true) | +| ldap.js:20:21:20:27 | req.url | semmle.label | req.url | +| ldap.js:22:7:22:33 | username | semmle.label | username | +| ldap.js:22:18:22:18 | q | semmle.label | q | +| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | semmle.label | `(\|(nam ... ame}))` | +| ldap.js:25:24:25:31 | username | semmle.label | username | +| ldap.js:25:46:25:53 | username | semmle.label | username | +| ldap.js:28:30:28:34 | opts1 | semmle.label | opts1 | +| ldap.js:32:5:32:61 | { filte ... e}))` } | semmle.label | { filte ... e}))` } | +| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | semmle.label | `(\|(nam ... ame}))` | +| ldap.js:32:26:32:33 | username | semmle.label | username | +| ldap.js:32:48:32:55 | username | semmle.label | username | +| ldap.js:63:9:65:3 | parsedFilter | semmle.label | parsedFilter | +| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | semmle.label | ldap.pa ... ))`\\n ) | +| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | semmle.label | `(\|(nam ... ame}))` | +| ldap.js:64:16:64:23 | username | semmle.label | username | +| ldap.js:64:38:64:45 | username | semmle.label | username | +| ldap.js:66:30:66:53 | { filte ... ilter } | semmle.label | { filte ... ilter } | +| ldap.js:66:40:66:51 | parsedFilter | semmle.label | parsedFilter | +| ldap.js:68:27:68:42 | `cn=${username}` | semmle.label | `cn=${username}` | +| ldap.js:68:33:68:40 | username | semmle.label | username | +| marsdb-flow-to.js:10:9:10:18 | query | semmle.label | query | +| marsdb-flow-to.js:10:17:10:18 | {} | semmle.label | {} | +| marsdb-flow-to.js:11:17:11:24 | req.body | semmle.label | req.body | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | semmle.label | req.body.title | +| marsdb-flow-to.js:14:17:14:21 | query | semmle.label | query | +| marsdb.js:12:9:12:18 | query | semmle.label | query | +| marsdb.js:12:17:12:18 | {} | semmle.label | {} | +| marsdb.js:13:17:13:24 | req.body | semmle.label | req.body | +| marsdb.js:13:17:13:30 | req.body.title | semmle.label | req.body.title | +| marsdb.js:16:12:16:16 | query | semmle.label | query | +| minimongo.js:14:9:14:18 | query | semmle.label | query | +| minimongo.js:14:17:14:18 | {} | semmle.label | {} | +| minimongo.js:15:17:15:24 | req.body | semmle.label | req.body | +| minimongo.js:15:17:15:30 | req.body.title | semmle.label | req.body.title | +| minimongo.js:18:12:18:16 | query | semmle.label | query | +| mongodb.js:12:11:12:20 | query | semmle.label | query | +| mongodb.js:12:19:12:20 | {} | semmle.label | {} | +| mongodb.js:13:5:13:9 | query | semmle.label | query | +| mongodb.js:13:19:13:26 | req.body | semmle.label | req.body | +| mongodb.js:13:19:13:32 | req.body.title | semmle.label | req.body.title | +| mongodb.js:18:16:18:20 | query | semmle.label | query | +| mongodb.js:26:11:26:32 | title | semmle.label | title | +| mongodb.js:26:19:26:26 | req.body | semmle.label | req.body | +| mongodb.js:26:19:26:32 | req.body.title | semmle.label | req.body.title | +| mongodb.js:32:18:32:45 | { title ... itle) } | semmle.label | { title ... itle) } | +| mongodb.js:32:27:32:43 | JSON.parse(title) | semmle.label | JSON.parse(title) | +| mongodb.js:32:38:32:42 | title | semmle.label | title | +| mongodb.js:48:11:48:20 | query | semmle.label | query | +| mongodb.js:48:19:48:20 | {} | semmle.label | {} | +| mongodb.js:49:5:49:9 | query | semmle.label | query | +| mongodb.js:49:19:49:33 | req.query.title | semmle.label | req.query.title | +| mongodb.js:54:16:54:20 | query | semmle.label | query | +| mongodb.js:59:8:59:17 | query | semmle.label | query | +| mongodb.js:59:16:59:17 | {} | semmle.label | {} | +| mongodb.js:60:2:60:6 | query | semmle.label | query | +| mongodb.js:60:16:60:30 | req.query.title | semmle.label | req.query.title | +| mongodb.js:65:12:65:16 | query | semmle.label | query | +| mongodb.js:70:7:70:25 | tag | semmle.label | tag | +| mongodb.js:70:13:70:25 | req.query.tag | semmle.label | req.query.tag | +| mongodb.js:77:14:77:26 | { tags: tag } | semmle.label | { tags: tag } | +| mongodb.js:77:22:77:24 | tag | semmle.label | tag | +| mongodb.js:85:12:85:24 | { tags: tag } | semmle.label | { tags: tag } | +| mongodb.js:85:20:85:22 | tag | semmle.label | tag | +| mongodb.js:106:9:106:18 | query | semmle.label | query | +| mongodb.js:106:17:106:18 | {} | semmle.label | {} | +| mongodb.js:107:3:107:7 | query | semmle.label | query | +| mongodb.js:107:17:107:29 | queries.title | semmle.label | queries.title | +| mongodb.js:112:14:112:18 | query | semmle.label | query | +| mongodb_bodySafe.js:23:11:23:20 | query | semmle.label | query | +| mongodb_bodySafe.js:23:19:23:20 | {} | semmle.label | {} | +| mongodb_bodySafe.js:24:5:24:9 | query | semmle.label | query | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | semmle.label | req.query.title | +| mongodb_bodySafe.js:29:16:29:20 | query | semmle.label | query | +| mongoose.js:20:8:20:17 | query | semmle.label | query | +| mongoose.js:20:16:20:17 | {} | semmle.label | {} | +| mongoose.js:21:2:21:6 | query | semmle.label | query | +| mongoose.js:21:16:21:23 | req.body | semmle.label | req.body | +| mongoose.js:21:16:21:29 | req.body.title | semmle.label | req.body.title | +| mongoose.js:24:21:24:27 | [query] | semmle.label | [query] | +| mongoose.js:24:22:24:26 | query | semmle.label | query | +| mongoose.js:27:17:27:21 | query | semmle.label | query | +| mongoose.js:30:22:30:26 | query | semmle.label | query | +| mongoose.js:33:21:33:25 | query | semmle.label | query | +| mongoose.js:36:28:36:32 | query | semmle.label | query | +| mongoose.js:39:16:39:20 | query | semmle.label | query | +| mongoose.js:42:19:42:23 | query | semmle.label | query | +| mongoose.js:45:28:45:32 | query | semmle.label | query | +| mongoose.js:48:28:48:32 | query | semmle.label | query | +| mongoose.js:51:28:51:32 | query | semmle.label | query | +| mongoose.js:54:22:54:26 | query | semmle.label | query | +| mongoose.js:57:18:57:22 | query | semmle.label | query | +| mongoose.js:60:22:60:26 | query | semmle.label | query | +| mongoose.js:63:21:63:25 | query | semmle.label | query | +| mongoose.js:65:32:65:36 | query | semmle.label | query | +| mongoose.js:67:27:67:31 | query | semmle.label | query | +| mongoose.js:68:8:68:12 | query | semmle.label | query | +| mongoose.js:71:17:71:21 | query | semmle.label | query | +| mongoose.js:72:10:72:14 | query | semmle.label | query | +| mongoose.js:73:8:73:12 | query | semmle.label | query | +| mongoose.js:74:7:74:11 | query | semmle.label | query | +| mongoose.js:75:16:75:20 | query | semmle.label | query | +| mongoose.js:76:12:76:16 | query | semmle.label | query | +| mongoose.js:77:10:77:14 | query | semmle.label | query | +| mongoose.js:81:37:81:41 | query | semmle.label | query | +| mongoose.js:82:46:82:50 | query | semmle.label | query | +| mongoose.js:83:47:83:51 | query | semmle.label | query | +| mongoose.js:85:46:85:50 | query | semmle.label | query | +| mongoose.js:87:51:87:55 | query | semmle.label | query | +| mongoose.js:89:46:89:50 | query | semmle.label | query | +| mongoose.js:92:46:92:50 | query | semmle.label | query | +| mongoose.js:94:51:94:55 | query | semmle.label | query | +| mongoose.js:96:46:96:50 | query | semmle.label | query | +| mongoose.js:104:21:104:25 | query | semmle.label | query | +| mongoose.js:111:14:111:18 | query | semmle.label | query | +| mongoose.js:113:31:113:35 | query | semmle.label | query | +| mongoose.js:115:6:115:22 | id | semmle.label | id | +| mongoose.js:115:11:115:22 | req.query.id | semmle.label | req.query.id | +| mongoose.js:115:25:115:45 | cond | semmle.label | cond | +| mongoose.js:115:32:115:45 | req.query.cond | semmle.label | req.query.cond | +| mongoose.js:116:22:116:25 | cond | semmle.label | cond | +| mongoose.js:117:21:117:24 | cond | semmle.label | cond | +| mongoose.js:118:21:118:24 | cond | semmle.label | cond | +| mongoose.js:119:18:119:21 | cond | semmle.label | cond | +| mongoose.js:120:22:120:25 | cond | semmle.label | cond | +| mongoose.js:121:16:121:19 | cond | semmle.label | cond | +| mongoose.js:122:19:122:22 | cond | semmle.label | cond | +| mongoose.js:123:20:123:21 | id | semmle.label | id | +| mongoose.js:124:28:124:31 | cond | semmle.label | cond | +| mongoose.js:125:28:125:31 | cond | semmle.label | cond | +| mongoose.js:126:28:126:31 | cond | semmle.label | cond | +| mongoose.js:127:18:127:21 | cond | semmle.label | cond | +| mongoose.js:128:22:128:25 | cond | semmle.label | cond | +| mongoose.js:129:21:129:24 | cond | semmle.label | cond | +| mongoose.js:130:16:130:26 | { _id: id } | semmle.label | { _id: id } | +| mongoose.js:130:23:130:24 | id | semmle.label | id | +| mongoose.js:133:38:133:42 | query | semmle.label | query | +| mongoose.js:134:30:134:34 | query | semmle.label | query | +| mongoose.js:136:30:136:34 | query | semmle.label | query | +| mongooseJsonParse.js:19:11:19:20 | query | semmle.label | query | +| mongooseJsonParse.js:19:19:19:20 | {} | semmle.label | {} | +| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | semmle.label | JSON.pa ... y.data) | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | semmle.label | JSON.pa ... ).title | +| mongooseJsonParse.js:20:30:20:43 | req.query.data | semmle.label | req.query.data | +| mongooseJsonParse.js:23:19:23:23 | query | semmle.label | query | +| mongooseModelClient.js:10:7:10:32 | v | semmle.label | v | +| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) | +| mongooseModelClient.js:10:22:10:29 | req.body | semmle.label | req.body | +| mongooseModelClient.js:10:22:10:31 | req.body.x | semmle.label | req.body.x | +| mongooseModelClient.js:11:16:11:24 | { id: v } | semmle.label | { id: v } | +| mongooseModelClient.js:11:22:11:22 | v | semmle.label | v | +| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | semmle.label | { id: req.body.id } | +| mongooseModelClient.js:12:22:12:29 | req.body | semmle.label | req.body | +| mongooseModelClient.js:12:22:12:32 | req.body.id | semmle.label | req.body.id | +| mysql.js:6:9:6:31 | temp | semmle.label | temp | +| mysql.js:6:16:6:31 | req.params.value | semmle.label | req.params.value | +| mysql.js:15:18:15:65 | 'SELECT ... + temp | semmle.label | 'SELECT ... + temp | +| mysql.js:15:62:15:65 | temp | semmle.label | temp | +| mysql.js:19:26:19:73 | 'SELECT ... + temp | semmle.label | 'SELECT ... + temp | +| mysql.js:19:70:19:73 | temp | semmle.label | temp | +| pg-promise-types.ts:7:9:7:28 | taint | semmle.label | taint | +| pg-promise-types.ts:7:17:7:28 | req.params.x | semmle.label | req.params.x | +| pg-promise-types.ts:8:17:8:21 | taint | semmle.label | taint | +| pg-promise.js:6:7:7:55 | query | semmle.label | query | +| pg-promise.js:7:16:7:34 | req.params.category | semmle.label | req.params.category | +| pg-promise.js:9:10:9:14 | query | semmle.label | query | +| pg-promise.js:10:11:10:15 | query | semmle.label | query | +| pg-promise.js:11:17:11:21 | query | semmle.label | query | +| pg-promise.js:12:10:12:14 | query | semmle.label | query | +| pg-promise.js:13:12:13:16 | query | semmle.label | query | +| pg-promise.js:14:18:14:22 | query | semmle.label | query | +| pg-promise.js:15:11:15:15 | query | semmle.label | query | +| pg-promise.js:16:10:16:14 | query | semmle.label | query | +| pg-promise.js:17:16:17:20 | query | semmle.label | query | +| pg-promise.js:18:12:18:16 | query | semmle.label | query | +| pg-promise.js:19:13:19:17 | query | semmle.label | query | +| pg-promise.js:22:11:22:15 | query | semmle.label | query | +| pg-promise.js:30:13:30:25 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:34:13:34:25 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | semmle.label | [\\n ... n\\n ] | +| pg-promise.js:39:7:39:19 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:40:7:40:21 | req.params.name | semmle.label | req.params.name | +| pg-promise.js:41:7:41:20 | req.params.foo | semmle.label | req.params.foo | +| pg-promise.js:47:11:47:23 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:54:11:54:23 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:56:14:56:29 | req.params.title | semmle.label | req.params.title | +| pg-promise.js:60:20:60:24 | query | semmle.label | query | +| pg-promise.js:63:23:63:27 | query | semmle.label | query | +| pg-promise.js:64:16:64:20 | query | semmle.label | query | +| redis.js:10:16:10:23 | req.body | semmle.label | req.body | +| redis.js:10:16:10:27 | req.body.key | semmle.label | req.body.key | +| redis.js:12:9:12:26 | key | semmle.label | key | +| redis.js:12:15:12:22 | req.body | semmle.label | req.body | +| redis.js:12:15:12:26 | req.body.key | semmle.label | req.body.key | +| redis.js:13:16:13:18 | key | semmle.label | key | +| redis.js:18:16:18:18 | key | semmle.label | key | +| redis.js:19:43:19:45 | key | semmle.label | key | +| redis.js:25:14:25:16 | key | semmle.label | key | +| redis.js:26:14:26:16 | key | semmle.label | key | +| redis.js:30:23:30:25 | key | semmle.label | key | +| redis.js:32:28:32:30 | key | semmle.label | key | +| redis.js:38:11:38:28 | key | semmle.label | key | +| redis.js:38:17:38:24 | req.body | semmle.label | req.body | +| redis.js:38:17:38:28 | req.body.key | semmle.label | req.body.key | +| redis.js:39:16:39:18 | key | semmle.label | key | +| redis.js:43:27:43:29 | key | semmle.label | key | +| redis.js:46:34:46:36 | key | semmle.label | key | +| socketio.js:10:25:10:30 | handle | semmle.label | handle | +| socketio.js:11:12:11:53 | `INSERT ... andle}` | semmle.label | `INSERT ... andle}` | +| socketio.js:11:46:11:51 | handle | semmle.label | handle | +| tst2.js:9:27:9:84 | "select ... d + "'" | semmle.label | "select ... d + "'" | +| tst2.js:9:66:9:78 | req.params.id | semmle.label | req.params.id | +| tst3.js:7:7:8:55 | query1 | semmle.label | query1 | +| tst3.js:8:16:8:34 | req.params.category | semmle.label | req.params.category | +| tst3.js:9:14:9:19 | query1 | semmle.label | query1 | +| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | semmle.label | 'SELECT ... d + '"' | +| tst4.js:8:46:8:60 | $routeParams.id | semmle.label | $routeParams.id | +| tst.js:10:10:10:64 | 'SELECT ... d + '"' | semmle.label | 'SELECT ... d + '"' | +| tst.js:10:46:10:58 | req.params.id | semmle.label | req.params.id | edges | graphql.js:8:11:8:28 | id | graphql.js:12:46:12:47 | id | | graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | -| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | -| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | | graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | | graphql.js:26:11:26:28 | id | graphql.js:27:37:27:38 | id | | graphql.js:26:11:26:28 | id | graphql.js:30:39:30:40 | id | | graphql.js:26:11:26:28 | id | graphql.js:33:25:33:26 | id | | graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | -| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | -| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | | graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | | graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | | graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | | graphql.js:39:11:39:28 | id | graphql.js:44:21:44:22 | id | | graphql.js:39:11:39:28 | id | graphql.js:48:51:48:52 | id | | graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | -| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | | graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | | graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | | graphql.js:55:11:55:28 | id | graphql.js:56:46:56:47 | id | | graphql.js:55:11:55:28 | id | graphql.js:58:73:58:74 | id | | graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | -| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | | graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | | graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | | graphql.js:74:9:74:25 | id | graphql.js:75:56:75:57 | id | | graphql.js:74:9:74:25 | id | graphql.js:88:13:88:14 | id | | graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | -| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | | graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | | graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | | graphql.js:119:11:119:28 | id | graphql.js:120:45:120:46 | id | | graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | -| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | -| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | | graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | | html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | -| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | | html-sanitizer.js:14:5:14:24 | param1 | html-sanitizer.js:16:54:16:59 | param1 | | html-sanitizer.js:14:14:14:24 | xss(param1) | html-sanitizer.js:14:5:14:24 | param1 | | html-sanitizer.js:14:18:14:23 | param1 | html-sanitizer.js:14:14:14:24 | xss(param1) | | html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query | | json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query | | json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query | | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | json-schema-validator.js:25:15:25:48 | query | | json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | -| json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query | | json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query | | json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query | | json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query | | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | json-schema-validator.js:50:15:50:48 | query | | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | -| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | +| koarouter.js:5:11:5:33 | version | koarouter.js:14:38:14:44 | version | +| koarouter.js:5:13:5:19 | version | koarouter.js:5:11:5:33 | version | +| koarouter.js:11:11:11:28 | conditions | koarouter.js:17:52:17:61 | conditions | +| koarouter.js:14:9:14:18 | [post update] conditions | koarouter.js:11:11:11:28 | conditions | +| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions | +| koarouter.js:14:38:14:44 | version | koarouter.js:14:25:14:46 | `versio ... rsion}` | +| koarouter.js:17:52:17:61 | conditions | koarouter.js:17:52:17:75 | conditi ... and ') | +| koarouter.js:17:52:17:75 | conditi ... and ') | koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | | ldap.js:20:7:20:34 | q | ldap.js:22:18:22:18 | q | | ldap.js:20:11:20:34 | url.par ... , true) | ldap.js:20:7:20:34 | q | | ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) | -| ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) | | ldap.js:22:7:22:33 | username | ldap.js:25:24:25:31 | username | | ldap.js:22:7:22:33 | username | ldap.js:25:46:25:53 | username | | ldap.js:22:7:22:33 | username | ldap.js:32:26:32:33 | username | @@ -510,15 +340,11 @@ edges | ldap.js:22:7:22:33 | username | ldap.js:64:16:64:23 | username | | ldap.js:22:7:22:33 | username | ldap.js:64:38:64:45 | username | | ldap.js:22:7:22:33 | username | ldap.js:68:33:68:40 | username | -| ldap.js:22:18:22:18 | q | ldap.js:22:18:22:24 | q.query | -| ldap.js:22:18:22:24 | q.query | ldap.js:22:18:22:33 | q.query.username | -| ldap.js:22:18:22:33 | q.query.username | ldap.js:22:7:22:33 | username | -| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 | +| ldap.js:22:18:22:18 | q | ldap.js:22:7:22:33 | username | | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 | | ldap.js:25:24:25:31 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | | ldap.js:25:46:25:53 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } | | ldap.js:32:26:32:33 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | | ldap.js:32:48:32:55 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | | ldap.js:63:9:65:3 | parsedFilter | ldap.js:66:40:66:51 | parsedFilter | @@ -527,412 +353,286 @@ edges | ldap.js:64:16:64:23 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | | ldap.js:64:38:64:45 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | | ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | | ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | -| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | -| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | | marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | | marsdb-flow-to.js:10:17:10:18 | {} | marsdb-flow-to.js:10:9:10:18 | query | | marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | -| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | | marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:9:10:18 | query | | marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:17:10:18 | {} | | marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | | marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | | marsdb.js:12:17:12:18 | {} | marsdb.js:12:9:12:18 | query | | marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | -| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | | marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:9:12:18 | query | | marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:17:12:18 | {} | | marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | -| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | | minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | | minimongo.js:14:17:14:18 | {} | minimongo.js:14:9:14:18 | query | | minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | -| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | | minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:9:14:18 | query | | minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:17:14:18 | {} | | minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | -| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query | -| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query | +| mongodb.js:12:11:12:20 | query | mongodb.js:13:5:13:9 | query | | mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query | -| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | +| mongodb.js:13:5:13:9 | query | mongodb.js:18:16:18:20 | query | | mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | | mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query | | mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:13:5:13:9 | query | | mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | | mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title | | mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | -| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | | mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title | | mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | | mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) | -| mongodb.js:48:11:48:20 | query | mongodb.js:54:16:54:20 | query | -| mongodb.js:48:11:48:20 | query | mongodb.js:54:16:54:20 | query | +| mongodb.js:48:11:48:20 | query | mongodb.js:49:5:49:9 | query | | mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | +| mongodb.js:49:5:49:9 | query | mongodb.js:54:16:54:20 | query | | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:49:5:49:9 | query | | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:59:8:59:17 | query | mongodb.js:65:12:65:16 | query | -| mongodb.js:59:8:59:17 | query | mongodb.js:65:12:65:16 | query | +| mongodb.js:59:8:59:17 | query | mongodb.js:60:2:60:6 | query | | mongodb.js:59:16:59:17 | {} | mongodb.js:59:8:59:17 | query | +| mongodb.js:60:2:60:6 | query | mongodb.js:65:12:65:16 | query | | mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | | mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:60:2:60:6 | query | | mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | | mongodb.js:70:7:70:25 | tag | mongodb.js:77:22:77:24 | tag | | mongodb.js:70:7:70:25 | tag | mongodb.js:85:20:85:22 | tag | | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | -| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | | mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | | mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:106:9:106:18 | query | mongodb.js:112:14:112:18 | query | -| mongodb.js:106:9:106:18 | query | mongodb.js:112:14:112:18 | query | +| mongodb.js:106:9:106:18 | query | mongodb.js:107:3:107:7 | query | | mongodb.js:106:17:106:18 | {} | mongodb.js:106:9:106:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | +| mongodb.js:107:3:107:7 | query | mongodb.js:112:14:112:18 | query | | mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | | mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:107:3:107:7 | query | | mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:29:16:29:20 | query | +| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:24:5:24:9 | query | | mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query | +| mongodb_bodySafe.js:24:5:24:9 | query | mongodb_bodySafe.js:29:16:29:20 | query | | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:24:5:24:9 | query | | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | +| mongoose.js:20:8:20:17 | query | mongoose.js:21:2:21:6 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:24:22:24:26 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | +| mongoose.js:20:8:20:17 | query | mongoose.js:76:12:76:16 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | +| mongoose.js:20:8:20:17 | query | mongoose.js:81:37:81:41 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:85:46:85:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:85:46:85:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:87:51:87:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:87:51:87:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:89:46:89:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:89:46:89:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:92:46:92:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:92:46:92:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:94:51:94:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:94:51:94:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:96:46:96:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:96:46:96:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | +| mongoose.js:20:8:20:17 | query | mongoose.js:104:21:104:25 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | +| mongoose.js:20:8:20:17 | query | mongoose.js:133:38:133:42 | query | +| mongoose.js:20:8:20:17 | query | mongoose.js:134:30:134:34 | query | | mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | | mongoose.js:20:16:20:17 | {} | mongoose.js:20:8:20:17 | query | -| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | +| mongoose.js:21:2:21:6 | query | mongoose.js:24:22:24:26 | query | | mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:8:20:17 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:16:20:17 | {} | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:21:2:21:6 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:24:22:24:26 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:76:12:76:16 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:81:37:81:41 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:104:21:104:25 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:133:38:133:42 | query | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:134:30:134:34 | query | | mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | | mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | -| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | -| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | +| mongoose.js:24:22:24:26 | query | mongoose.js:27:17:27:21 | query | +| mongoose.js:27:17:27:21 | query | mongoose.js:30:22:30:26 | query | +| mongoose.js:30:22:30:26 | query | mongoose.js:33:21:33:25 | query | +| mongoose.js:33:21:33:25 | query | mongoose.js:36:28:36:32 | query | +| mongoose.js:36:28:36:32 | query | mongoose.js:39:16:39:20 | query | +| mongoose.js:39:16:39:20 | query | mongoose.js:42:19:42:23 | query | +| mongoose.js:42:19:42:23 | query | mongoose.js:45:28:45:32 | query | +| mongoose.js:45:28:45:32 | query | mongoose.js:48:28:48:32 | query | +| mongoose.js:48:28:48:32 | query | mongoose.js:51:28:51:32 | query | +| mongoose.js:51:28:51:32 | query | mongoose.js:54:22:54:26 | query | +| mongoose.js:54:22:54:26 | query | mongoose.js:57:18:57:22 | query | +| mongoose.js:57:18:57:22 | query | mongoose.js:60:22:60:26 | query | +| mongoose.js:60:22:60:26 | query | mongoose.js:63:21:63:25 | query | +| mongoose.js:63:21:63:25 | query | mongoose.js:65:32:65:36 | query | +| mongoose.js:65:32:65:36 | query | mongoose.js:67:27:67:31 | query | +| mongoose.js:67:27:67:31 | query | mongoose.js:68:8:68:12 | query | +| mongoose.js:68:8:68:12 | query | mongoose.js:71:17:71:21 | query | +| mongoose.js:71:17:71:21 | query | mongoose.js:72:10:72:14 | query | +| mongoose.js:72:10:72:14 | query | mongoose.js:73:8:73:12 | query | +| mongoose.js:73:8:73:12 | query | mongoose.js:74:7:74:11 | query | +| mongoose.js:74:7:74:11 | query | mongoose.js:75:16:75:20 | query | +| mongoose.js:75:16:75:20 | query | mongoose.js:76:12:76:16 | query | +| mongoose.js:76:12:76:16 | query | mongoose.js:77:10:77:14 | query | +| mongoose.js:77:10:77:14 | query | mongoose.js:81:37:81:41 | query | +| mongoose.js:81:37:81:41 | query | mongoose.js:82:46:82:50 | query | +| mongoose.js:82:46:82:50 | query | mongoose.js:83:47:83:51 | query | +| mongoose.js:83:47:83:51 | query | mongoose.js:85:46:85:50 | query | +| mongoose.js:83:47:83:51 | query | mongoose.js:87:51:87:55 | query | +| mongoose.js:83:47:83:51 | query | mongoose.js:89:46:89:50 | query | +| mongoose.js:83:47:83:51 | query | mongoose.js:92:46:92:50 | query | +| mongoose.js:83:47:83:51 | query | mongoose.js:94:51:94:55 | query | +| mongoose.js:83:47:83:51 | query | mongoose.js:96:46:96:50 | query | +| mongoose.js:83:47:83:51 | query | mongoose.js:104:21:104:25 | query | +| mongoose.js:104:21:104:25 | query | mongoose.js:111:14:111:18 | query | +| mongoose.js:111:14:111:18 | query | mongoose.js:113:31:113:35 | query | +| mongoose.js:113:31:113:35 | query | mongoose.js:133:38:133:42 | query | | mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | | mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id | | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | -| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | -| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | | mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | -| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | -| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | | mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | -| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | +| mongoose.js:133:38:133:42 | query | mongoose.js:134:30:134:34 | query | +| mongoose.js:133:38:133:42 | query | mongoose.js:136:30:136:34 | query | | mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | | mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query | | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query | | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} | | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | | mongooseModelClient.js:10:7:10:32 | v | mongooseModelClient.js:11:22:11:22 | v | | mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | mongooseModelClient.js:10:7:10:32 | v | | mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x | -| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x | | mongooseModelClient.js:10:22:10:31 | req.body.x | mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | | mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id | | mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id | | mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | | mysql.js:6:9:6:31 | temp | mysql.js:15:62:15:65 | temp | | mysql.js:6:9:6:31 | temp | mysql.js:19:70:19:73 | temp | | mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp | -| mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp | -| mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp | | mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp | | mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp | -| mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp | -| pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint | | pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint | | pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint | -| pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query | | pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:60:20:60:24 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:60:20:60:24 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:63:23:63:27 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:63:23:63:27 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:64:16:64:20 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:64:16:64:20 | query | -| pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | pg-promise.js:6:7:7:55 | query | -| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | -| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | -| pg-promise.js:30:13:30:25 | req.params.id | pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | +| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:7:7:55 | query | +| pg-promise.js:9:10:9:14 | query | pg-promise.js:10:11:10:15 | query | +| pg-promise.js:10:11:10:15 | query | pg-promise.js:11:17:11:21 | query | +| pg-promise.js:11:17:11:21 | query | pg-promise.js:12:10:12:14 | query | +| pg-promise.js:12:10:12:14 | query | pg-promise.js:13:12:13:16 | query | +| pg-promise.js:13:12:13:16 | query | pg-promise.js:14:18:14:22 | query | +| pg-promise.js:14:18:14:22 | query | pg-promise.js:15:11:15:15 | query | +| pg-promise.js:15:11:15:15 | query | pg-promise.js:16:10:16:14 | query | +| pg-promise.js:16:10:16:14 | query | pg-promise.js:17:16:17:20 | query | +| pg-promise.js:17:16:17:20 | query | pg-promise.js:18:12:18:16 | query | +| pg-promise.js:18:12:18:16 | query | pg-promise.js:19:13:19:17 | query | +| pg-promise.js:19:13:19:17 | query | pg-promise.js:22:11:22:15 | query | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:60:20:60:24 | query | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:63:23:63:27 | query | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:64:16:64:20 | query | | pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | | pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | | pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:47:11:47:23 | req.params.id | pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:56:14:56:29 | req.params.title | pg-promise.js:56:14:56:29 | req.params.title | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | | redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | +| redis.js:12:9:12:26 | key | redis.js:13:16:13:18 | key | | redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | -| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | -| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key | | redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key | | redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key | -| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key | -| redis.js:12:9:12:26 | key | redis.js:30:23:30:25 | key | -| redis.js:12:9:12:26 | key | redis.js:30:23:30:25 | key | +| redis.js:12:9:12:26 | key | redis.js:26:14:26:16 | key | | redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key | -| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key | -| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key | | redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key | | redis.js:12:15:12:26 | req.body.key | redis.js:12:9:12:26 | key | -| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key | +| redis.js:13:16:13:18 | key | redis.js:18:16:18:18 | key | +| redis.js:18:16:18:18 | key | redis.js:19:43:19:45 | key | +| redis.js:19:43:19:45 | key | redis.js:25:14:25:16 | key | +| redis.js:25:14:25:16 | key | redis.js:26:14:26:16 | key | +| redis.js:26:14:26:16 | key | redis.js:30:23:30:25 | key | +| redis.js:26:14:26:16 | key | redis.js:32:28:32:30 | key | | redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key | | redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key | -| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key | -| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key | | redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key | | redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key | -| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key | | redis.js:38:17:38:28 | req.body.key | redis.js:38:11:38:28 | key | | socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | -| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | -| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | | socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | | tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | | tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | -| tst3.js:7:16:8:55 | "SELECT ... PRICE" | tst3.js:7:7:8:55 | query1 | -| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:16:8:55 | "SELECT ... PRICE" | -| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:16:8:55 | "SELECT ... PRICE" | +| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:7:8:55 | query1 | | tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | +subpaths #select | graphql.js:10:34:20:5 | `\\n ... }\\n ` | graphql.js:8:16:8:28 | req.params.id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | This query string depends on a $@. | graphql.js:8:16:8:28 | req.params.id | user-provided value | | graphql.js:27:30:27:40 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:27:30:27:40 | `foo ${id}` | This query string depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value | @@ -951,6 +651,7 @@ edges | json-schema-validator.js:55:22:55:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:55:22:55:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | | json-schema-validator.js:59:22:59:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:59:22:59:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | | json-schema-validator.js:61:22:61:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:61:22:61:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | +| koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | koarouter.js:5:13:5:19 | version | koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | This query string depends on a $@. | koarouter.js:5:13:5:19 | version | user-provided value | | ldap.js:28:30:28:34 | opts1 | ldap.js:20:21:20:27 | req.url | ldap.js:28:30:28:34 | opts1 | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | | ldap.js:32:5:32:61 | { filte ... e}))` } | ldap.js:20:21:20:27 | req.url | ldap.js:32:5:32:61 | { filte ... e}))` } | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | | ldap.js:66:30:66:53 | { filte ... ilter } | ldap.js:20:21:20:27 | req.url | ldap.js:66:30:66:53 | { filte ... ilter } | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | @@ -1014,6 +715,7 @@ edges | mongoose.js:128:22:128:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:128:22:128:25 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | | mongoose.js:129:21:129:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:129:21:129:24 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | | mongoose.js:130:16:130:26 | { _id: id } | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:130:16:130:26 | { _id: id } | This query object depends on a $@. | mongoose.js:115:11:115:22 | req.query.id | user-provided value | +| mongoose.js:134:30:134:34 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:134:30:134:34 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value | | mongoose.js:136:30:136:34 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:136:30:136:34 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value | | mongooseJsonParse.js:23:19:23:23 | query | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:23:19:23:23 | query | This query object depends on a $@. | mongooseJsonParse.js:20:30:20:43 | req.query.data | user-provided value | | mongooseModelClient.js:11:16:11:24 | { id: v } | mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:11:16:11:24 | { id: v } | This query object depends on a $@. | mongooseModelClient.js:10:22:10:29 | req.body | user-provided value | From 2818fa62d609225a1009fff34be42e89ae8a240f Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:28:27 +0200 Subject: [PATCH 047/223] JS: Updates to shared Xss.qll --- .../javascript/security/dataflow/Xss.qll | 42 +++++++++++++++---- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll index fc2db8e9f873..93a9fa7fc402 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll @@ -72,38 +72,62 @@ module Shared { private import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHtml /** - * A guard that checks if a string can contain quotes, which is a guard for strings that are inside an HTML attribute. + * A barrier guard that applies to multiple XSS queries. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** + * A barrier guard that applies to multiple XSS queries. */ - abstract class QuoteGuard extends TaintTracking::SanitizerGuardNode, StringOps::Includes { - QuoteGuard() { + module BarrierGuard = DataFlow::MakeBarrierGuard; + + private class QuoteGuard2 extends BarrierGuard, StringOps::Includes { + QuoteGuard2() { this.getSubstring().mayHaveStringValue("\"") and this.getBaseString() .getALocalSource() .flowsTo(any(IncompleteHtml::HtmlAttributeConcatenation attributeConcat)) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = this.getBaseString().getEnclosingExpr() and outcome = this.getPolarity().booleanNot() } } /** - * A sanitizer guard that checks for the existence of HTML chars in a string. - * E.g. `/["'&<>]/.exec(str)`. + * A guard that checks if a string can contain quotes, which is a guard for strings that are inside an HTML attribute. */ - abstract class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, StringOps::RegExpTest { - ContainsHtmlGuard() { + abstract class QuoteGuard extends TaintTracking::SanitizerGuardNode instanceof QuoteGuard2 { + override predicate sanitizes(boolean outcome, Expr e) { super.blocksExpr(outcome, e) } + } + + private class ContainsHtmlGuard2 extends BarrierGuard, StringOps::RegExpTest { + ContainsHtmlGuard2() { exists(RegExpCharacterClass regExp | regExp = this.getRegExp() and forall(string s | s = ["\"", "&", "<", ">"] | regExp.getAMatchedString() = s) ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = this.getPolarity().booleanNot() and e = this.getStringOperand().asExpr() } } + /** + * A sanitizer guard that checks for the existence of HTML chars in a string. + * E.g. `/["'&<>]/.exec(str)`. + */ + abstract class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode instanceof ContainsHtmlGuard2 + { + override predicate sanitizes(boolean outcome, Expr e) { super.blocksExpr(outcome, e) } + } + /** * Holds if `str` is used in a switch-case that has cases matching HTML escaping. */ From e091fdefa4e40827ac4afc9be9a3b66e21da77c6 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:29:11 +0200 Subject: [PATCH 048/223] JS: Port DomBasedXss --- .../dataflow/DomBasedXssCustomizations.qll | 29 +- .../security/dataflow/DomBasedXssQuery.qll | 113 +- javascript/ql/src/Security/CWE-079/Xss.ql | 6 +- .../ConsistencyDomBasedXss.expected | 3 + .../DomBasedXss/ConsistencyDomBasedXss.ql | 8 +- .../Security/CWE-079/DomBasedXss/Xss.expected | 2644 +++++----------- .../XssWithAdditionalSources.expected | 2744 +++++------------ .../DomBasedXss/XssWithAdditionalSources.ql | 8 +- 8 files changed, 1536 insertions(+), 4019 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll index b3ab20583ef8..190181fdebde 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll @@ -18,6 +18,30 @@ module DomBasedXss { /** A sanitizer for DOM-based XSS vulnerabilities. */ abstract class Sanitizer extends Shared::Sanitizer { } + /** + * A barrier guard for any tainted value. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** * An expression whose value is interpreted as HTML * and may be inserted into the DOM through a library. @@ -347,9 +371,8 @@ module DomBasedXss { /** * A sanitizer that blocks the `PrefixString` label when the start of the string is being tested as being of a particular prefix. */ - abstract class PrefixStringSanitizer extends TaintTracking::LabeledSanitizerGuardNode instanceof StringOps::StartsWith - { - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + abstract class PrefixStringSanitizer extends BarrierGuardLegacy instanceof StringOps::StartsWith { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = super.getBaseString().asExpr() and label = prefixLabel() and outcome = super.getPolarity() diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll index cc4fc0c47eaa..67993ddfa01a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll @@ -23,7 +23,8 @@ class HtmlSink extends DataFlow::Node instanceof Sink { deprecated class HTMLSink = HtmlSink; /** - * A taint-tracking configuration for reasoning about XSS. + * A taint-tracking configuration for reasoning about XSS by DOM manipulation. + * * Both ordinary HTML sinks, URL sinks, and JQuery selector based sinks. * - HTML sinks are sinks for any tainted value * - URL sinks are only sinks when the scheme is user controlled @@ -34,10 +35,10 @@ deprecated class HTMLSink = HtmlSink; * - Taint: a tainted value where the attacker controls part of the value. * - PrefixLabel: a tainted value where the attacker controls the prefix */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "HtmlInjection" } +module DomBasedXssConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { source instanceof Source and (label.isTaint() or label = prefixLabel()) and not source = TaintedUrlSuffix::source() @@ -46,7 +47,7 @@ class Configuration extends TaintTracking::Configuration { label = TaintedUrlSuffix::label() } - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { sink instanceof HtmlSink and label = [TaintedUrlSuffix::label(), prefixLabel(), DataFlow::FlowLabel::taint()] or @@ -57,23 +58,11 @@ class Configuration extends TaintTracking::Configuration { label = prefixLabel() } - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - node instanceof Sanitizer - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof PrefixStringSanitizerActivated or - guard instanceof QuoteGuard or - guard instanceof ContainsHtmlGuard - } + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { - super.isLabeledBarrier(node, lbl) - or - // copy all taint barriers to the TaintedUrlSuffix/PrefixLabel label. This copies both the ordinary sanitizers and the sanitizer-guards. - super.isLabeledBarrier(node, DataFlow::FlowLabel::taint()) and + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + // copy all taint barrier guards to the TaintedUrlSuffix/PrefixLabel label + TaintTracking::defaultSanitizer(node) and lbl = [TaintedUrlSuffix::label(), prefixLabel()] or // any non-first string-concatenation leaf is a barrier for the prefix label. @@ -89,43 +78,78 @@ class Configuration extends TaintTracking::Configuration { or isOptionallySanitizedNode(node) and lbl = [DataFlow::FlowLabel::taint(), prefixLabel(), TaintedUrlSuffix::label()] + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(lbl) } - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 ) { - TaintedUrlSuffix::step(src, trg, inlbl, outlbl) + TaintedUrlSuffix::step(node1, node2, state1, state2) or exists(DataFlow::Node operator | - StringConcatenation::taintStep(src, trg, operator, _) and + StringConcatenation::taintStep(node1, node2, operator, _) and StringConcatenation::getOperand(operator, 0).getStringValue() = "<" + any(string s) and - inlbl = TaintedUrlSuffix::label() and - outlbl.isTaint() + state1 = TaintedUrlSuffix::label() and + state2.isTaint() ) or - // inherit all ordinary taint steps for prefixLabel - inlbl = prefixLabel() and - outlbl = prefixLabel() and - TaintTracking::sharedTaintStep(src, trg) - or - // steps out of taintedSuffixlabel to taint-label are also a steps to prefixLabel. - TaintedUrlSuffix::step(src, trg, TaintedUrlSuffix::label(), DataFlow::FlowLabel::taint()) and - inlbl = TaintedUrlSuffix::label() and - outlbl = prefixLabel() + // steps out of taintedSuffixlabel to taint-label are also steps to prefixLabel. + TaintedUrlSuffix::step(node1, node2, TaintedUrlSuffix::label(), DataFlow::FlowLabel::taint()) and + state1 = TaintedUrlSuffix::label() and + state2 = prefixLabel() or + // FIXME: this fails to work in the test case at jquery.js:37 exists(DataFlow::FunctionNode callback, DataFlow::Node arg | any(JQuery::MethodCall c).interpretsArgumentAsHtml(arg) and callback = arg.getABoundFunctionValue(_) and - src = callback.getReturnNode() and - trg = callback and - inlbl = outlbl + node1 = callback.getReturnNode() and + node2 = callback and + state1 = state2 ) } } -private class PrefixStringSanitizerActivated extends TaintTracking::SanitizerGuardNode, - PrefixStringSanitizer -{ +/** + * Taint-tracking for reasoning about XSS by DOM manipulation. + */ +module DomBasedXssFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `DomBasedXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "HtmlInjection" } + + override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + DomBasedXssConfig::isSource(source, label) + } + + override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + DomBasedXssConfig::isSink(sink, label) + } + + override predicate isSanitizer(DataFlow::Node node) { DomBasedXssConfig::isBarrier(node) } + + override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + DomBasedXssConfig::isBarrier(node, lbl) + } + + override predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, + DataFlow::FlowLabel state2 + ) { + DomBasedXssConfig::isAdditionalFlowStep(node1, state1, node2, state2) + or + // inherit all ordinary taint steps for the prefix label + state1 = prefixLabel() and + state2 = prefixLabel() and + TaintTracking::sharedTaintStep(node1, node2) + } +} + +private class PrefixStringSanitizerActivated extends PrefixStringSanitizer { PrefixStringSanitizerActivated() { this = this } } @@ -133,11 +157,10 @@ private class PrefixStringActivated extends DataFlow::FlowLabel, PrefixString { PrefixStringActivated() { this = this } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/Security/CWE-079/Xss.ql index 63a56b2a3b3f..a94710cc49ae 100644 --- a/javascript/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/Security/CWE-079/Xss.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXssQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where DomBasedXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected index e69de29bb2d1..3ea47160e92b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected @@ -0,0 +1,3 @@ +| query-tests/Security/CWE-079/DomBasedXss/sanitiser.js:25 | did not expect an alert, but found an alert for HtmlInjection | OK | ConsistencyConfig | +| query-tests/Security/CWE-079/DomBasedXss/sanitiser.js:28 | did not expect an alert, but found an alert for HtmlInjection | OK | ConsistencyConfig | +| query-tests/Security/CWE-079/DomBasedXss/sanitiser.js:35 | did not expect an alert, but found an alert for HtmlInjection | OK | ConsistencyConfig | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql index 639a895263a0..cb88a7a2a260 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql @@ -1,3 +1,9 @@ import javascript import testUtilities.ConsistencyChecking -import semmle.javascript.security.dataflow.DomBasedXssQuery as DomXss +import semmle.javascript.security.dataflow.DomBasedXssQuery + +class ConsistencyConfig extends ConsistencyConfiguration { + ConsistencyConfig() { this = "ConsistencyConfig" } + + override DataFlow::Node getAnAlert() { DomBasedXssFlow::flow(_, result) } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected index f0ac4a5ec87f..8617a3ee7dfb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected @@ -1,1581 +1,743 @@ nodes -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | -| classnames.js:17:53:17:63 | window.name | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | -| dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | -| dates.js:11:63:11:67 | taint | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | -| dates.js:12:66:12:70 | taint | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | -| dates.js:13:59:13:63 | taint | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | -| dates.js:16:62:16:66 | taint | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | -| dates.js:18:59:18:63 | taint | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | -| dates.js:21:61:21:65 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | -| dates.js:37:77:37:81 | taint | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | -| dates.js:38:77:38:81 | taint | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | -| dates.js:39:79:39:83 | taint | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | -| dates.js:40:77:40:81 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | -| dates.js:48:83:48:87 | taint | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | -| dates.js:49:82:49:86 | taint | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | -| dates.js:50:97:50:101 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | -| dates.js:57:94:57:98 | taint | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | -| dates.js:59:80:59:84 | taint | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | -| dates.js:61:81:61:85 | taint | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | -| event-handler-receiver.js:2:49:2:61 | location.href | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:31 | location.toString() | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:21:5:21:8 | hash | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | -| nodemailer.js:13:50:13:66 | req.query.message | -| optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:45:51:45:56 | target | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | -| react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:8:21:8:26 | router | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:11:24:11:29 | router | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | -| react-use-router.js:22:17:22:22 | router | -| react-use-router.js:23:43:23:48 | router | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:29:9:29:30 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-router.js:33:21:33:26 | router | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:7:7:7:61 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:47 | target | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:9:27:9:38 | searchParams | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:4:25:4:28 | data | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | -| tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:5:18:5:23 | target | -| tst.js:5:18:5:23 | target | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | -| tst.js:17:7:17:56 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | -| tst.js:17:25:17:41 | document.location | -| tst.js:18:18:18:23 | params | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:47 | target | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:21:18:21:29 | searchParams | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | -| tst.js:26:18:26:23 | target | -| tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:34:16:34:20 | bar() | -| tst.js:34:16:34:20 | bar() | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | -| tst.js:60:34:60:34 | s | -| tst.js:62:18:62:18 | s | -| tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:68:16:68:20 | bar() | -| tst.js:68:16:68:20 | bar() | -| tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:46:70:46 | x | -| tst.js:73:20:73:20 | x | -| tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:151:29:151:29 | v | -| tst.js:151:49:151:49 | v | -| tst.js:151:49:151:49 | v | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:180:28:180:33 | target | -| tst.js:180:28:180:33 | target | -| tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:186:31:186:37 | tainted | -| tst.js:186:31:186:37 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:199:67:199:73 | tainted | -| tst.js:199:67:199:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:204:35:204:41 | tainted | -| tst.js:206:46:206:52 | tainted | -| tst.js:207:38:207:44 | tainted | -| tst.js:208:35:208:41 | tainted | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:236:35:236:41 | tainted | -| tst.js:238:20:238:26 | tainted | -| tst.js:240:23:240:29 | tainted | -| tst.js:241:23:241:29 | tainted | -| tst.js:247:39:247:55 | props.propTainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:301:9:301:16 | location | -| tst.js:301:9:301:16 | location | -| tst.js:302:10:302:10 | e | -| tst.js:303:20:303:20 | e | -| tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | -| tst.js:308:10:308:17 | location | -| tst.js:310:10:310:10 | e | -| tst.js:311:20:311:20 | e | -| tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | -| tst.js:327:18:327:34 | document.location | -| tst.js:331:7:331:43 | params | -| tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:332:18:332:23 | params | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | -| tst.js:341:20:341:36 | document.location | -| tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:349:12:349:17 | target | -| tst.js:349:12:349:17 | target | -| tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:356:16:356:21 | target | -| tst.js:356:16:356:21 | target | -| tst.js:360:21:360:26 | target | -| tst.js:360:21:360:26 | target | -| tst.js:363:18:363:23 | target | -| tst.js:363:18:363:23 | target | -| tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:374:18:374:23 | target | -| tst.js:374:18:374:23 | target | -| tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:384:18:384:23 | target | -| tst.js:384:18:384:23 | target | -| tst.js:386:18:386:23 | target | -| tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | -| tst.js:408:19:408:31 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:419:7:419:55 | match | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:421:20:421:24 | match | -| tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:430:18:430:23 | target | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:440:28:440:33 | source | -| tst.js:440:28:440:33 | source | -| tst.js:441:33:441:38 | source | -| tst.js:441:33:441:38 | source | -| tst.js:442:34:442:39 | source | -| tst.js:442:34:442:39 | source | -| tst.js:443:41:443:46 | source | -| tst.js:443:41:443:46 | source | -| tst.js:444:44:444:49 | source | -| tst.js:444:44:444:49 | source | -| tst.js:445:32:445:37 | source | -| tst.js:445:32:445:37 | source | -| tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:455:18:455:23 | source | -| tst.js:455:18:455:23 | source | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | -| tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:463:21:463:26 | source | -| tst.js:463:21:463:26 | source | -| tst.js:465:19:465:24 | source | -| tst.js:465:19:465:24 | source | -| tst.js:467:20:467:25 | source | -| tst.js:467:20:467:25 | source | -| tst.js:471:7:471:46 | url | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:473:19:473:21 | url | -| tst.js:473:19:473:21 | url | -| tst.js:474:26:474:28 | url | -| tst.js:474:26:474:28 | url | -| tst.js:475:25:475:27 | url | -| tst.js:475:25:475:27 | url | -| tst.js:476:20:476:22 | url | -| tst.js:476:20:476:22 | url | -| tst.js:486:22:486:24 | url | -| tst.js:486:22:486:24 | url | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | -| tst.js:501:43:501:62 | window.location.hash | -| typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:21:12:21:17 | target | -| typeahead.js:24:30:24:32 | val | -| typeahead.js:25:18:25:20 | val | -| typeahead.js:25:18:25:20 | val | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | -| v-html.vue:6:42:6:58 | document.location | -| various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:44 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:12:4:12:34 | ["
"] | -| various-concat-obfuscations.js:12:4:12:41 | ["
` | semmle.label | `` | +| classnames.js:7:47:7:69 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:7:58:7:68 | window.name | semmle.label | window.name | +| classnames.js:8:31:8:85 | `` | semmle.label | `` | +| classnames.js:8:47:8:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:8:59:8:69 | window.name | semmle.label | window.name | +| classnames.js:9:31:9:85 | `` | semmle.label | `` | +| classnames.js:9:47:9:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:9:59:9:69 | window.name | semmle.label | window.name | +| classnames.js:10:45:10:55 | window.name | semmle.label | window.name | +| classnames.js:11:31:11:79 | `` | semmle.label | `` | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | semmle.label | unsafeStyle('foo') | +| classnames.js:13:31:13:83 | `` | semmle.label | `` | +| classnames.js:13:47:13:68 | safeSty ... w.name) | semmle.label | safeSty ... w.name) | +| classnames.js:13:57:13:67 | window.name | semmle.label | window.name | +| classnames.js:15:31:15:78 | `` | semmle.label | `` | +| classnames.js:15:47:15:63 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:15:52:15:62 | window.name | semmle.label | window.name | +| classnames.js:17:32:17:79 | `` | semmle.label | `` | +| classnames.js:17:48:17:64 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:17:53:17:63 | window.name | semmle.label | window.name | +| clipboard.ts:8:11:8:51 | html | semmle.label | html | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:15:25:15:28 | html | semmle.label | html | +| clipboard.ts:24:23:24:58 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:29:19:29:54 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:33:19:33:68 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| clipboard.ts:43:15:43:55 | html | semmle.label | html | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:50:29:50:32 | html | semmle.label | html | +| clipboard.ts:71:13:71:62 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:98:15:98:54 | html | semmle.label | html | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| clipboard.ts:99:23:99:26 | html | semmle.label | html | +| custom-element.js:5:26:5:36 | window.name | semmle.label | window.name | +| d3.js:4:12:4:22 | window.name | semmle.label | window.name | +| d3.js:11:15:11:24 | getTaint() | semmle.label | getTaint() | +| d3.js:12:20:12:29 | getTaint() | semmle.label | getTaint() | +| d3.js:14:20:14:29 | getTaint() | semmle.label | getTaint() | +| d3.js:21:15:21:24 | getTaint() | semmle.label | getTaint() | +| dates.js:9:9:9:69 | taint | semmle.label | taint | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:9:36:9:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:9:36:9:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:11:31:11:70 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:11:42:11:68 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:11:63:11:67 | taint | semmle.label | taint | +| dates.js:12:31:12:73 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:12:42:12:71 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:12:66:12:70 | taint | semmle.label | taint | +| dates.js:13:31:13:72 | `Time i ... time)}` | semmle.label | `Time i ... time)}` | +| dates.js:13:42:13:70 | dateFns ... )(time) | semmle.label | dateFns ... )(time) | +| dates.js:13:59:13:63 | taint | semmle.label | taint | +| dates.js:16:31:16:69 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:16:42:16:67 | moment( ... (taint) | semmle.label | moment( ... (taint) | +| dates.js:16:62:16:66 | taint | semmle.label | taint | +| dates.js:18:31:18:66 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:18:42:18:64 | datefor ... taint) | semmle.label | datefor ... taint) | +| dates.js:18:59:18:63 | taint | semmle.label | taint | +| dates.js:21:31:21:68 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | semmle.label | dayjs(t ... (taint) | +| dates.js:21:61:21:65 | taint | semmle.label | taint | +| dates.js:30:9:30:69 | taint | semmle.label | taint | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:30:36:30:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:30:36:30:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:37:31:37:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:37:42:37:82 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:37:77:37:81 | taint | semmle.label | taint | +| dates.js:38:31:38:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:38:42:38:82 | luxon.f ... taint) | semmle.label | luxon.f ... taint) | +| dates.js:38:77:38:81 | taint | semmle.label | taint | +| dates.js:39:31:39:86 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:39:42:39:84 | moment. ... taint) | semmle.label | moment. ... taint) | +| dates.js:39:79:39:83 | taint | semmle.label | taint | +| dates.js:40:31:40:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:40:42:40:82 | dayjs.f ... taint) | semmle.label | dayjs.f ... taint) | +| dates.js:40:77:40:81 | taint | semmle.label | taint | +| dates.js:46:9:46:69 | taint | semmle.label | taint | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:46:36:46:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:46:36:46:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:48:31:48:90 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:48:42:48:88 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:48:83:48:87 | taint | semmle.label | taint | +| dates.js:49:31:49:89 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:49:42:49:87 | new Dat ... (taint) | semmle.label | new Dat ... (taint) | +| dates.js:49:82:49:86 | taint | semmle.label | taint | +| dates.js:50:31:50:104 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:50:42:50:102 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:50:97:50:101 | taint | semmle.label | taint | +| dates.js:54:9:54:69 | taint | semmle.label | taint | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:54:36:54:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:54:36:54:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:57:31:57:101 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:57:42:57:99 | moment. ... (taint) | semmle.label | moment. ... (taint) | +| dates.js:57:94:57:98 | taint | semmle.label | taint | +| dates.js:59:31:59:87 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:59:42:59:85 | luxon.e ... (taint) | semmle.label | luxon.e ... (taint) | +| dates.js:59:80:59:84 | taint | semmle.label | taint | +| dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | +| dates.js:61:81:61:85 | taint | semmle.label | taint | +| dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | +| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| dragAndDrop.ts:43:15:43:54 | html | semmle.label | html | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:50:29:50:32 | html | semmle.label | html | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | semmle.label | droppedHtml | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| event-handler-receiver.js:2:31:2:83 | '

' | semmle.label | '

' | +| event-handler-receiver.js:2:49:2:61 | location.href | semmle.label | location.href | +| express.js:7:15:7:33 | req.param("wobble") | semmle.label | req.param("wobble") | +| jquery.js:2:7:2:40 | tainted | semmle.label | tainted | +| jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| jquery.js:7:5:7:34 | "
" | semmle.label | "
" | +| jquery.js:7:20:7:26 | tainted | semmle.label | tainted | +| jquery.js:8:18:8:34 | "XSS: " + tainted | semmle.label | "XSS: " + tainted | +| jquery.js:8:28:8:34 | tainted | semmle.label | tainted | +| jquery.js:10:5:10:40 | "" + ... "" | semmle.label | "" + ... "" | +| jquery.js:10:13:10:20 | location | semmle.label | location | +| jquery.js:10:13:10:31 | location.toString() | semmle.label | location.toString() | +| jquery.js:14:19:14:58 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| jquery.js:14:38:14:57 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:15:19:15:60 | decodeU ... search) | semmle.label | decodeU ... search) | +| jquery.js:15:38:15:59 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:16:19:16:64 | decodeU ... ring()) | semmle.label | decodeU ... ring()) | +| jquery.js:16:38:16:52 | window.location | semmle.label | window.location | +| jquery.js:16:38:16:63 | window. ... tring() | semmle.label | window. ... tring() | +| jquery.js:18:7:18:33 | hash | semmle.label | hash | +| jquery.js:18:14:18:33 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:21:5:21:8 | hash | semmle.label | hash | +| jquery.js:21:5:21:21 | hash.substring(1) | semmle.label | hash.substring(1) | +| jquery.js:22:5:22:8 | hash | semmle.label | hash | +| jquery.js:22:5:22:25 | hash.su ... (1, 10) | semmle.label | hash.su ... (1, 10) | +| jquery.js:23:5:23:8 | hash | semmle.label | hash | +| jquery.js:23:5:23:18 | hash.substr(1) | semmle.label | hash.substr(1) | +| jquery.js:24:5:24:8 | hash | semmle.label | hash | +| jquery.js:24:5:24:17 | hash.slice(1) | semmle.label | hash.slice(1) | +| jquery.js:27:5:27:8 | hash | semmle.label | hash | +| jquery.js:27:5:27:25 | hash.re ... #', '') | semmle.label | hash.re ... #', '') | +| jquery.js:28:5:28:26 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:28:5:28:43 | window. ... ?', '') | semmle.label | window. ... ?', '') | +| jquery.js:34:5:34:25 | '' + ... '' | semmle.label | '' + ... '' | +| jquery.js:34:13:34:16 | hash | semmle.label | hash | +| jquery.js:36:25:36:31 | tainted | semmle.label | tainted | +| jquery.js:37:25:37:37 | () => tainted | semmle.label | () => tainted | +| jquery.js:37:31:37:37 | tainted | semmle.label | tainted | +| json-stringify.jsx:5:9:5:36 | locale | semmle.label | locale | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | semmle.label | req.param("locale") | +| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | semmle.label | `https: ... ocale}` | +| json-stringify.jsx:11:51:11:56 | locale | semmle.label | locale | +| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | semmle.label | `https: ... ocale}` | +| json-stringify.jsx:19:56:19:61 | locale | semmle.label | locale | +| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | semmle.label | JSON.st ... locale) | +| json-stringify.jsx:31:55:31:60 | locale | semmle.label | locale | +| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | semmle.label | JSON.st ... jsonLD) | +| jwt-server.js:7:9:7:35 | taint | semmle.label | taint | +| jwt-server.js:7:17:7:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| jwt-server.js:9:16:9:20 | taint | semmle.label | taint | +| jwt-server.js:9:55:9:61 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:25 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:29 | decoded.foo | semmle.label | decoded.foo | +| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | semmle.label | `Hi, yo ... sage}.` | +| nodemailer.js:13:50:13:66 | req.query.message | semmle.label | req.query.message | +| optionalSanitizer.js:2:7:2:39 | target | semmle.label | target | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:6:18:6:23 | target | semmle.label | target | +| optionalSanitizer.js:8:7:8:22 | tainted | semmle.label | tainted | +| optionalSanitizer.js:8:17:8:22 | target | semmle.label | target | +| optionalSanitizer.js:9:18:9:24 | tainted | semmle.label | tainted | +| optionalSanitizer.js:15:9:15:14 | target | semmle.label | target | +| optionalSanitizer.js:16:18:16:18 | x | semmle.label | x | +| optionalSanitizer.js:17:20:17:20 | x | semmle.label | x | +| optionalSanitizer.js:26:7:26:39 | target | semmle.label | target | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:28:24:28:24 | x | semmle.label | x | +| optionalSanitizer.js:29:12:29:12 | x | semmle.label | x | +| optionalSanitizer.js:31:7:31:23 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:31:18:31:23 | target | semmle.label | target | +| optionalSanitizer.js:32:18:32:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:5:34:36 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | semmle.label | sanitiz ... inted2) | +| optionalSanitizer.js:34:28:34:35 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:36:18:36:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:38:7:38:23 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:38:18:38:23 | target | semmle.label | target | +| optionalSanitizer.js:39:18:39:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:5:41:36 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | semmle.label | sanitiz ... inted3) | +| optionalSanitizer.js:41:28:41:35 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:43:18:43:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | semmle.label | sanitiz ... target | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | semmle.label | sanitizeBad(target) | +| optionalSanitizer.js:45:41:45:46 | target | semmle.label | target | +| optionalSanitizer.js:45:51:45:56 | target | semmle.label | target | +| pages/[id].jsx:3:30:3:35 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:3:30:3:35 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:5:9:5:14 | { id } | semmle.label | { id } | +| pages/[id].jsx:5:9:5:29 | id | semmle.label | id | +| pages/[id].jsx:5:11:5:12 | id | semmle.label | id | +| pages/[id].jsx:5:18:5:29 | router.query | semmle.label | router.query | +| pages/[id].jsx:10:44:10:45 | id | semmle.label | id | +| pages/[id].jsx:13:44:13:49 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:13:44:13:52 | params.id | semmle.label | params.id | +| pages/[id].jsx:16:44:16:49 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:16:44:16:51 | params.q | semmle.label | params.q | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | semmle.label | {\\n ... ,\\n } [id] | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | semmle.label | {\\n ... ,\\n } [q] | +| pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params | +| pages/[id].jsx:25:11:25:27 | context.params.id | semmle.label | context.params.id | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" | +| pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query | +| pages/[id].jsx:26:10:26:30 | context ... .foobar | semmle.label | context ... .foobar | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | semmle.label | context ... r \|\| "" | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:18:8:24 | tainted | semmle.label | tainted | +| react-native.js:9:27:9:33 | tainted | semmle.label | tainted | +| react-use-context.js:10:22:10:32 | window.name | semmle.label | window.name | +| react-use-context.js:16:26:16:36 | window.name | semmle.label | window.name | +| react-use-router.js:8:21:8:32 | router.query | semmle.label | router.query | +| react-use-router.js:8:21:8:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:11:24:11:35 | router.query | semmle.label | router.query | +| react-use-router.js:11:24:11:42 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:23:31:23:36 | [post update] router | semmle.label | [post update] router | +| react-use-router.js:23:43:23:48 | router | semmle.label | router | +| react-use-router.js:23:43:23:54 | router.query | semmle.label | router.query | +| react-use-router.js:23:43:23:61 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query | +| react-use-router.js:33:21:33:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-state.js:4:9:4:49 | state | semmle.label | state | +| react-use-state.js:4:10:4:14 | state | semmle.label | state | +| react-use-state.js:4:38:4:48 | window.name | semmle.label | window.name | +| react-use-state.js:5:51:5:55 | state | semmle.label | state | +| react-use-state.js:9:9:9:43 | state | semmle.label | state | +| react-use-state.js:9:10:9:14 | state | semmle.label | state | +| react-use-state.js:10:14:10:24 | window.name | semmle.label | window.name | +| react-use-state.js:11:51:11:55 | state | semmle.label | state | +| react-use-state.js:15:9:15:43 | state | semmle.label | state | +| react-use-state.js:15:10:15:14 | state | semmle.label | state | +| react-use-state.js:16:20:16:30 | window.name | semmle.label | window.name | +| react-use-state.js:17:51:17:55 | state | semmle.label | state | +| react-use-state.js:21:10:21:14 | state | semmle.label | state | +| react-use-state.js:22:14:22:17 | prev | semmle.label | prev | +| react-use-state.js:23:35:23:38 | prev | semmle.label | prev | +| react-use-state.js:25:20:25:30 | window.name | semmle.label | window.name | +| sanitiser.js:16:7:16:27 | tainted | semmle.label | tainted | +| sanitiser.js:16:17:16:27 | window.name | semmle.label | window.name | +| sanitiser.js:23:21:23:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:23:29:23:35 | tainted | semmle.label | tainted | +| sanitiser.js:25:21:25:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:25:29:25:35 | tainted | semmle.label | tainted | +| sanitiser.js:28:21:28:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:28:29:28:35 | tainted | semmle.label | tainted | +| sanitiser.js:30:21:30:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:30:29:30:35 | tainted | semmle.label | tainted | +| sanitiser.js:33:21:33:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:33:29:33:35 | tainted | semmle.label | tainted | +| sanitiser.js:35:21:35:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:35:29:35:35 | tainted | semmle.label | tainted | +| sanitiser.js:38:21:38:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:38:29:38:35 | tainted | semmle.label | tainted | +| sanitiser.js:45:21:45:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:45:29:45:35 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:25 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:46 | tainted ... /g, '') | semmle.label | tainted ... /g, '') | +| stored-xss.js:2:39:2:62 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:3:35:3:58 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:5:20:5:52 | session ... ssion') | semmle.label | session ... ssion') | +| stored-xss.js:8:20:8:48 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:10:9:10:44 | href | semmle.label | href | +| stored-xss.js:10:16:10:44 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:12:20:12:54 | "" | semmle.label | "" | +| stored-xss.js:12:35:12:38 | href | semmle.label | href | +| string-manipulations.js:3:16:3:32 | document.location | semmle.label | document.location | +| string-manipulations.js:4:16:4:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:47 | documen ... lueOf() | semmle.label | documen ... lueOf() | +| string-manipulations.js:6:16:6:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:6:16:6:43 | documen ... f.sup() | semmle.label | documen ... f.sup() | +| string-manipulations.js:7:16:7:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:7:16:7:51 | documen ... rCase() | semmle.label | documen ... rCase() | +| string-manipulations.js:8:16:8:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:8:16:8:48 | documen ... mLeft() | semmle.label | documen ... mLeft() | +| string-manipulations.js:9:16:9:58 | String. ... n.href) | semmle.label | String. ... n.href) | +| string-manipulations.js:9:36:9:57 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:10:16:10:45 | String( ... n.href) | semmle.label | String( ... n.href) | +| string-manipulations.js:10:23:10:44 | documen ... on.href | semmle.label | documen ... on.href | +| tooltip.jsx:6:11:6:30 | source | semmle.label | source | +| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name | +| tooltip.jsx:10:25:10:30 | source | semmle.label | source | +| tooltip.jsx:11:25:11:30 | source | semmle.label | source | +| translate.js:6:7:6:39 | target | semmle.label | target | +| translate.js:6:16:6:39 | documen ... .search | semmle.label | documen ... .search | +| translate.js:7:7:7:61 | searchParams | semmle.label | searchParams | +| translate.js:7:22:7:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| translate.js:7:42:7:47 | target | semmle.label | target | +| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | +| translate.js:9:27:9:38 | searchParams | semmle.label | searchParams | +| translate.js:9:27:9:50 | searchP ... 'term') | semmle.label | searchP ... 'term') | +| trusted-types-lib.js:1:28:1:28 | x | semmle.label | x | +| trusted-types-lib.js:2:12:2:12 | x | semmle.label | x | +| trusted-types.js:3:62:3:62 | x | semmle.label | x | +| trusted-types.js:3:67:3:67 | x | semmle.label | x | +| trusted-types.js:4:20:4:30 | window.name | semmle.label | window.name | +| trusted-types.js:13:20:13:30 | window.name | semmle.label | window.name | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | semmle.label | JSON.pa ... tr(1))) | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | semmle.label | decodeU ... str(1)) | +| tst3.js:2:42:2:63 | window. ... .search | semmle.label | window. ... .search | +| tst3.js:2:42:2:73 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst3.js:4:25:4:28 | data | semmle.label | data | +| tst3.js:4:25:4:32 | data.src | semmle.label | data.src | +| tst3.js:5:26:5:29 | data | semmle.label | data | +| tst3.js:5:26:5:31 | data.p | semmle.label | data.p | +| tst3.js:7:32:7:35 | data | semmle.label | data | +| tst3.js:7:32:7:37 | data.p | semmle.label | data.p | +| tst3.js:9:37:9:40 | data | semmle.label | data | +| tst3.js:9:37:9:42 | data.p | semmle.label | data.p | +| tst3.js:10:38:10:41 | data | semmle.label | data | +| tst3.js:10:38:10:43 | data.p | semmle.label | data.p | +| tst.js:2:7:2:39 | target | semmle.label | target | +| tst.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:5:18:5:23 | target | semmle.label | target | +| tst.js:8:18:8:126 | "" | semmle.label | "" | +| tst.js:8:37:8:58 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:12:5:12:42 | '
' | semmle.label | '
' | +| tst.js:12:28:12:33 | target | semmle.label | target | +| tst.js:17:7:17:56 | params | semmle.label | params | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] | +| tst.js:17:16:17:56 | (new UR ... hParams | semmle.label | (new UR ... hParams | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:17:25:17:41 | document.location | semmle.label | document.location | +| tst.js:18:18:18:23 | params | semmle.label | params | +| tst.js:18:18:18:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:20:7:20:61 | searchParams | semmle.label | searchParams | +| tst.js:20:22:20:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| tst.js:20:42:20:47 | target | semmle.label | target | +| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:21:18:21:29 | searchParams | semmle.label | searchParams | +| tst.js:21:18:21:41 | searchP ... 'name') | semmle.label | searchP ... 'name') | +| tst.js:24:14:24:19 | target | semmle.label | target | +| tst.js:26:18:26:23 | target | semmle.label | target | +| tst.js:28:5:28:28 | documen ... .search | semmle.label | documen ... .search | +| tst.js:31:10:31:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:34:16:34:20 | bar() | semmle.label | bar() | +| tst.js:36:14:36:14 | x | semmle.label | x | +| tst.js:37:10:37:10 | x | semmle.label | x | +| tst.js:40:16:40:44 | baz(doc ... search) | semmle.label | baz(doc ... search) | +| tst.js:40:20:40:43 | documen ... .search | semmle.label | documen ... .search | +| tst.js:42:15:42:15 | s | semmle.label | s | +| tst.js:43:10:43:31 | "
" ...
" | semmle.label | "
" ...
" | +| tst.js:43:20:43:20 | s | semmle.label | s | +| tst.js:46:16:46:45 | wrap(do ... search) | semmle.label | wrap(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:48:15:48:15 | s | semmle.label | s | +| tst.js:50:12:50:12 | s | semmle.label | s | +| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:54:16:54:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:56:16:56:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:58:16:58:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) | +| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:58:26:58:30 | bar() | semmle.label | bar() | +| tst.js:60:34:60:34 | s | semmle.label | s | +| tst.js:62:18:62:18 | s | semmle.label | s | +| tst.js:64:25:64:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:65:25:65:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:68:16:68:20 | bar() | semmle.label | bar() | +| tst.js:70:1:70:27 | [,docum ... search] | semmle.label | [,docum ... search] | +| tst.js:70:1:70:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] | +| tst.js:70:3:70:26 | documen ... .search | semmle.label | documen ... .search | +| tst.js:70:46:70:46 | x | semmle.label | x | +| tst.js:73:20:73:20 | x | semmle.label | x | +| tst.js:77:49:77:72 | documen ... .search | semmle.label | documen ... .search | +| tst.js:81:26:81:49 | documen ... .search | semmle.label | documen ... .search | +| tst.js:82:25:82:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:84:33:84:56 | documen ... .search | semmle.label | documen ... .search | +| tst.js:85:32:85:55 | documen ... .search | semmle.label | documen ... .search | +| tst.js:90:39:90:62 | documen ... .search | semmle.label | documen ... .search | +| tst.js:96:30:96:53 | documen ... .search | semmle.label | documen ... .search | +| tst.js:102:25:102:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:7:107:44 | v | semmle.label | v | +| tst.js:107:11:107:34 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:11:107:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:110:18:110:18 | v | semmle.label | v | +| tst.js:136:18:136:18 | v | semmle.label | v | +| tst.js:148:29:148:50 | window. ... .search | semmle.label | window. ... .search | +| tst.js:151:29:151:29 | v | semmle.label | v | +| tst.js:151:49:151:49 | v | semmle.label | v | +| tst.js:155:29:155:46 | xssSourceService() | semmle.label | xssSourceService() | +| tst.js:158:40:158:61 | window. ... .search | semmle.label | window. ... .search | +| tst.js:177:9:177:41 | target | semmle.label | target | +| tst.js:177:18:177:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:180:28:180:33 | target | semmle.label | target | +| tst.js:184:9:184:42 | tainted | semmle.label | tainted | +| tst.js:184:19:184:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:186:31:186:37 | tainted | semmle.label | tainted | +| tst.js:188:42:188:48 | tainted | semmle.label | tainted | +| tst.js:189:33:189:39 | tainted | semmle.label | tainted | +| tst.js:191:54:191:60 | tainted | semmle.label | tainted | +| tst.js:192:45:192:51 | tainted | semmle.label | tainted | +| tst.js:193:49:193:55 | tainted | semmle.label | tainted | +| tst.js:197:9:197:42 | tainted | semmle.label | tainted | +| tst.js:197:19:197:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:199:67:199:73 | tainted | semmle.label | tainted | +| tst.js:200:67:200:73 | tainted | semmle.label | tainted | +| tst.js:204:35:204:41 | tainted | semmle.label | tainted | +| tst.js:206:46:206:52 | tainted | semmle.label | tainted | +| tst.js:207:38:207:44 | tainted | semmle.label | tainted | +| tst.js:208:35:208:41 | tainted | semmle.label | tainted | +| tst.js:212:28:212:46 | this.state.tainted1 | semmle.label | this.state.tainted1 | +| tst.js:213:28:213:46 | this.state.tainted2 | semmle.label | this.state.tainted2 | +| tst.js:214:28:214:46 | this.state.tainted3 | semmle.label | this.state.tainted3 | +| tst.js:218:32:218:49 | prevState.tainted4 | semmle.label | prevState.tainted4 | +| tst.js:225:28:225:46 | this.props.tainted1 | semmle.label | this.props.tainted1 | +| tst.js:226:28:226:46 | this.props.tainted2 | semmle.label | this.props.tainted2 | +| tst.js:227:28:227:46 | this.props.tainted3 | semmle.label | this.props.tainted3 | +| tst.js:231:32:231:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 | +| tst.js:236:35:236:41 | tainted | semmle.label | tainted | +| tst.js:238:20:238:26 | tainted | semmle.label | tainted | +| tst.js:240:23:240:29 | tainted | semmle.label | tainted | +| tst.js:241:23:241:29 | tainted | semmle.label | tainted | +| tst.js:247:39:247:55 | props.propTainted | semmle.label | props.propTainted | +| tst.js:251:60:251:82 | this.st ... Tainted | semmle.label | this.st ... Tainted | +| tst.js:255:23:255:29 | tainted | semmle.label | tainted | +| tst.js:259:7:259:17 | window.name | semmle.label | window.name | +| tst.js:260:7:260:10 | name | semmle.label | name | +| tst.js:264:11:264:21 | window.name | semmle.label | window.name | +| tst.js:280:22:280:29 | location | semmle.label | location | +| tst.js:285:9:285:29 | tainted | semmle.label | tainted | +| tst.js:285:19:285:29 | window.name | semmle.label | window.name | +| tst.js:288:59:288:65 | tainted | semmle.label | tainted | +| tst.js:301:9:301:16 | location | semmle.label | location | +| tst.js:302:10:302:10 | e | semmle.label | e | +| tst.js:303:20:303:20 | e | semmle.label | e | +| tst.js:308:10:308:17 | location | semmle.label | location | +| tst.js:310:10:310:10 | e | semmle.label | e | +| tst.js:311:20:311:20 | e | semmle.label | e | +| tst.js:316:35:316:42 | location | semmle.label | location | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:327:18:327:34 | document.location | semmle.label | document.location | +| tst.js:331:7:331:43 | params | semmle.label | params | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] | +| tst.js:331:16:331:43 | getTain ... hParams | semmle.label | getTain ... hParams | +| tst.js:332:18:332:23 | params | semmle.label | params | +| tst.js:332:18:332:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] | +| tst.js:341:20:341:36 | document.location | semmle.label | document.location | +| tst.js:343:5:343:12 | getUrl() [hash] | semmle.label | getUrl() [hash] | +| tst.js:343:5:343:17 | getUrl().hash | semmle.label | getUrl().hash | +| tst.js:343:5:343:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) | +| tst.js:348:7:348:39 | target | semmle.label | target | +| tst.js:348:16:348:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:349:12:349:17 | target | semmle.label | target | +| tst.js:355:10:355:42 | target | semmle.label | target | +| tst.js:355:19:355:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:356:16:356:21 | target | semmle.label | target | +| tst.js:360:21:360:26 | target | semmle.label | target | +| tst.js:363:18:363:23 | target | semmle.label | target | +| tst.js:371:7:371:39 | target | semmle.label | target | +| tst.js:371:16:371:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:374:18:374:23 | target | semmle.label | target | +| tst.js:381:7:381:39 | target | semmle.label | target | +| tst.js:381:7:381:39 | target [taint3] | semmle.label | target [taint3] | +| tst.js:381:7:381:39 | target [taint8] | semmle.label | target [taint8] | +| tst.js:381:16:381:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:384:18:384:23 | target | semmle.label | target | +| tst.js:386:18:386:23 | target | semmle.label | target | +| tst.js:386:18:386:29 | target.taint | semmle.label | target.taint | +| tst.js:391:3:391:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] | +| tst.js:391:19:391:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:392:18:392:23 | target [taint3] | semmle.label | target [taint3] | +| tst.js:392:18:392:30 | target.taint3 | semmle.label | target.taint3 | +| tst.js:397:18:397:23 | target | semmle.label | target | +| tst.js:397:18:397:30 | target.taint5 | semmle.label | target.taint5 | +| tst.js:406:18:406:23 | target | semmle.label | target | +| tst.js:406:18:406:30 | target.taint7 | semmle.label | target.taint7 | +| tst.js:408:3:408:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] | +| tst.js:408:19:408:24 | target | semmle.label | target | +| tst.js:408:19:408:24 | target [taint8] | semmle.label | target [taint8] | +| tst.js:408:19:408:31 | target.taint8 | semmle.label | target.taint8 | +| tst.js:409:18:409:23 | target [taint8] | semmle.label | target [taint8] | +| tst.js:409:18:409:30 | target.taint8 | semmle.label | target.taint8 | +| tst.js:416:7:416:46 | payload | semmle.label | payload | +| tst.js:416:17:416:36 | window.location.hash | semmle.label | window.location.hash | +| tst.js:416:17:416:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst.js:417:18:417:24 | payload | semmle.label | payload | +| tst.js:419:7:419:55 | match | semmle.label | match | +| tst.js:419:15:419:34 | window.location.hash | semmle.label | window.location.hash | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) | +| tst.js:421:20:421:24 | match | semmle.label | match | +| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] | +| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash | +| tst.js:424:18:424:48 | window. ... it('#') | semmle.label | window. ... it('#') | +| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] | +| tst.js:428:7:428:39 | target | semmle.label | target | +| tst.js:428:16:428:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:430:18:430:23 | target | semmle.label | target | +| tst.js:430:18:430:89 | target. ... data>') | semmle.label | target. ... data>') | +| tst.js:436:6:436:38 | source | semmle.label | source | +| tst.js:436:15:436:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:440:28:440:33 | source | semmle.label | source | +| tst.js:441:33:441:38 | source | semmle.label | source | +| tst.js:442:34:442:39 | source | semmle.label | source | +| tst.js:443:41:443:46 | source | semmle.label | source | +| tst.js:444:44:444:49 | source | semmle.label | source | +| tst.js:445:32:445:37 | source | semmle.label | source | +| tst.js:453:7:453:39 | source | semmle.label | source | +| tst.js:453:16:453:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:455:18:455:23 | source | semmle.label | source | +| tst.js:456:18:456:42 | ansiToH ... source) | semmle.label | ansiToH ... source) | +| tst.js:456:36:456:41 | source | semmle.label | source | +| tst.js:460:6:460:38 | source | semmle.label | source | +| tst.js:460:15:460:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:463:21:463:26 | source | semmle.label | source | +| tst.js:465:19:465:24 | source | semmle.label | source | +| tst.js:467:20:467:25 | source | semmle.label | source | +| tst.js:471:7:471:46 | url | semmle.label | url | +| tst.js:471:13:471:36 | documen ... .search | semmle.label | documen ... .search | +| tst.js:471:13:471:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:473:19:473:21 | url | semmle.label | url | +| tst.js:474:26:474:28 | url | semmle.label | url | +| tst.js:475:25:475:27 | url | semmle.label | url | +| tst.js:476:20:476:22 | url | semmle.label | url | +| tst.js:486:22:486:24 | url | semmle.label | url | +| tst.js:491:23:491:35 | location.hash | semmle.label | location.hash | +| tst.js:491:23:491:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:494:18:494:30 | location.hash | semmle.label | location.hash | +| tst.js:494:18:494:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:501:33:501:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| tst.js:501:43:501:62 | window.location.hash | semmle.label | window.location.hash | +| typeahead.js:20:13:20:45 | target | semmle.label | target | +| typeahead.js:20:22:20:45 | documen ... .search | semmle.label | documen ... .search | +| typeahead.js:21:12:21:17 | target | semmle.label | target | +| typeahead.js:24:30:24:32 | val | semmle.label | val | +| typeahead.js:25:18:25:20 | val | semmle.label | val | +| various-concat-obfuscations.js:2:6:2:39 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | semmle.label | "
" ...
" | +| various-concat-obfuscations.js:4:14:4:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | semmle.label | `
$ ...
` | +| various-concat-obfuscations.js:5:12:5:18 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | semmle.label | "
" ... ainted) | +| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | semmle.label | "
" ... /div>") | +| various-concat-obfuscations.js:6:19:6:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | semmle.label | ["
... /div>"] | +| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | semmle.label | ["
... .join() | +| various-concat-obfuscations.js:7:14:7:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:9:4:9:34 | "
" | semmle.label | "
" | +| various-concat-obfuscations.js:9:19:9:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:10:4:10:27 | `
` | semmle.label | `
` | +| various-concat-obfuscations.js:10:16:10:22 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:11:4:11:31 | "
") | semmle.label | "
") | +| various-concat-obfuscations.js:11:24:11:30 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:12:4:12:34 | ["
"] | semmle.label | ["
"] | +| various-concat-obfuscations.js:12:4:12:41 | ["
' | semmle.label | '
' | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | semmle.label | (attrs. ... 'left') | +| various-concat-obfuscations.js:15:28:15:32 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | semmle.label | attrs.defaultattr | +| various-concat-obfuscations.js:17:24:17:28 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:10:18:59 | '
') | semmle.label | '
') | +| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | semmle.label | attrs.defaultattr | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' | +| various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| winjs.js:2:7:2:53 | tainted | semmle.label | tainted | +| winjs.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| winjs.js:2:17:2:53 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| winjs.js:3:43:3:49 | tainted | semmle.label | tainted | +| winjs.js:4:43:4:49 | tainted | semmle.label | tainted | edges | addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | | addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | | addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | | addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | | addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | | addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | | angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | | angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | | angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | | angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | | classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | | classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | | classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | | classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | | classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | | classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | | classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | | classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | | classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | | classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | | classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | | classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | | classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | | classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | | clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | | clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | | clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | | clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | | clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | | clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | | clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | | clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| custom-element.js:5:26:5:36 | window.name | custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | | d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | | d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | | d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | | d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | | dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | | dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | | dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | | dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | | dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | | dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | | dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | | dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | | dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | | dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | | dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | | dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | | dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | | dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | | dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | | dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | | dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | | dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | | dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | | dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | | dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | | dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | | dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | | dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | | dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | | dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | | dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | | dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | | dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | | dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | | dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | | dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | | dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | | dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | | dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | | dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | | dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | | dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | | dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | | dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | | dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | | dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | | dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | | dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | | dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | | dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | | dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | | dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | | dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | | dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | | dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | | dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | | dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | | dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | | dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | | dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | | dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | | dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | | dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | | dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | | dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | | dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | | dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | | dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | | dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | | event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") | | jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | | jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | | jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | | jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | | jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | | jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | | jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | | jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | | jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | | jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | | jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | | jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | | jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | | jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | | jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | | jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | @@ -1583,338 +745,145 @@ edges | jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | | jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | | jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | | jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | | jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | | jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | | jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | | jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | | jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | | jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | | jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | | json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | | json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | | json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | | json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | | json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | | json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | | jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | | jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | | jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | | jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | | jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | | optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | | optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | | optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | | optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | | optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | | optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | | optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | | optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | | optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | | optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | | optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | | optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | +| optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | | optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | | optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | | optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | | optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | | optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | | optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | | optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | | optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | | optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | | optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | | optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | | optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | | optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | | optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | +| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | +| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | | pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | | pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | | pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | | pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | +| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | +| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | | pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | | pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | | pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | | pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | | react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | | react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | | react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:8:21:8:26 | router | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:11:24:11:29 | router | -| react-use-router.js:4:18:4:28 | useRouter() | react-use-router.js:4:9:4:28 | router | -| react-use-router.js:8:21:8:26 | router | react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | | react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:11:24:11:29 | router | react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | | react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | react-use-router.js:23:43:23:48 | router | -| react-use-router.js:22:17:22:22 | router | react-use-router.js:22:15:22:24 | router | +| react-use-router.js:23:31:23:36 | [post update] router | react-use-router.js:23:43:23:48 | router | | react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | | react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:22:17:22:22 | router | -| react-use-router.js:29:9:29:30 | router | react-use-router.js:33:21:33:26 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | react-use-router.js:29:9:29:30 | router | -| react-use-router.js:33:21:33:26 | router | react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | +| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router | | react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | | react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | | react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | | react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | | react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | | react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | | react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | | react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | | react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | | react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | | react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | | react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | | react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:25:29:25:35 | tainted | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:28:29:28:35 | tainted | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:35:29:35:35 | tainted | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | | sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | +| sanitiser.js:25:29:25:35 | tainted | sanitiser.js:25:21:25:44 | '' + ... '' | +| sanitiser.js:28:29:28:35 | tainted | sanitiser.js:28:21:28:44 | '' + ... '' | | sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | | sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | +| sanitiser.js:35:29:35:35 | tainted | sanitiser.js:35:21:35:44 | '' + ... '' | | sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | | sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | | sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | | stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | | stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | | stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | | stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | | stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | | stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | | string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | +| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | | string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | | string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | | string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | | tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | | tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | | translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | | translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | | translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | | translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | | translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | | translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | | translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | | trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | | trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | | trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | | trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | @@ -1923,179 +892,77 @@ edges | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | | tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | | tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | | tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | | tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | | tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | | tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | | tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | | tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | | tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | | tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | | tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | | tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | | tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | | tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | | tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | | tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | | tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | +| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | | tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | | tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | | tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | | tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | | tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | | tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | | tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | | tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | | tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | | tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | | tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | +| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | +| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | | tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | +| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | +| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | | tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | | tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | | tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | | tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | | tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | | tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | | tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | | tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | | tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | +| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | | tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | | tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | | tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | | tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | | tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | | tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | | tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | | tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | | tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | | tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | | tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | | tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | | tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | | tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | | tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | | tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | @@ -2107,203 +974,101 @@ edges | tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | | tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | | tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | | tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | | tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | | tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | | tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | | tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | | tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | | tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | | tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | | tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | | tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | -| tst.js:259:7:259:17 | window.name | tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | | tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | | tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | | tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | | tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | | tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | | tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | +| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | | tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | | tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | | tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | +| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | +| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | | tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | | tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | | tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | | tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | | tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | | tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | | tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | | tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | | tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | | tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | | tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | | tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | | tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | | tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | +| tst.js:381:7:381:39 | target [taint3] | tst.js:392:18:392:23 | target [taint3] | +| tst.js:381:7:381:39 | target [taint8] | tst.js:408:19:408:24 | target [taint8] | +| tst.js:381:7:381:39 | target [taint8] | tst.js:409:18:409:23 | target [taint8] | | tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | | tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | +| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:381:7:381:39 | target [taint3] | +| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | +| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | | tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | | tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | +| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:381:7:381:39 | target [taint8] | | tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | +| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | +| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | +| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | | tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | | tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | | tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | | tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | | tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | | tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | | tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | | tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | | tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | | tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | | tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | | tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | | tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | | tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | | tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | | tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | | tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | | tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | | tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | | tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | | tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | | tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | | tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | | tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | | tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | | tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | | tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | | tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | | tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | | tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | | tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | | tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | | tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | | tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | | tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | | tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | | tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | | typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | | typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | | typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | @@ -2313,56 +1078,52 @@ edges | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | | various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | | various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | | various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | | various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | | various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | | various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:11:4:11:31 | "
") | | various-concat-obfuscations.js:11:4:11:31 | "
") | | various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | +| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '
' | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | +| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | +| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | +| various-concat-obfuscations.js:18:10:18:59 | '
') | +| various-concat-obfuscations.js:18:10:18:88 | '
') | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | +| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '
" ...
" | tst.js:46:16:46:45 | wrap(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
" ...
" | tst.js:58:16:58:32 | wrap(chop(bar())) | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '
' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | #select | addEventListener.js:2:20:2:29 | event.data | addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:29 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:1:43:1:47 | event | user-provided value | | addEventListener.js:6:20:6:23 | data | addEventListener.js:5:43:5:48 | {data} | addEventListener.js:6:20:6:23 | data | Cross-site scripting vulnerability due to $@. | addEventListener.js:5:43:5:48 | {data} | user-provided value | @@ -2459,7 +1220,6 @@ edges | react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:10:22:10:32 | window.name | user-provided value | | react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:16:26:16:36 | window.name | user-provided value | | react-use-router.js:8:21:8:39 | router.query.foobar | react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:8:21:8:32 | router.query | user-provided value | -| react-use-router.js:11:24:11:42 | router.query.foobar | react-use-router.js:8:21:8:32 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:8:21:8:32 | router.query | user-provided value | | react-use-router.js:11:24:11:42 | router.query.foobar | react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:11:24:11:35 | router.query | user-provided value | | react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:23:43:23:54 | router.query | user-provided value | | react-use-router.js:33:21:33:39 | router.query.foobar | react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:33:21:33:32 | router.query | user-provided value | @@ -2468,8 +1228,11 @@ edges | react-use-state.js:17:51:17:55 | state | react-use-state.js:16:20:16:30 | window.name | react-use-state.js:17:51:17:55 | state | Cross-site scripting vulnerability due to $@. | react-use-state.js:16:20:16:30 | window.name | user-provided value | | react-use-state.js:23:35:23:38 | prev | react-use-state.js:25:20:25:30 | window.name | react-use-state.js:23:35:23:38 | prev | Cross-site scripting vulnerability due to $@. | react-use-state.js:25:20:25:30 | window.name | user-provided value | | sanitiser.js:23:21:23:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:23:21:23:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| sanitiser.js:25:21:25:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:25:21:25:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| sanitiser.js:28:21:28:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:28:21:28:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | | sanitiser.js:30:21:30:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:30:21:30:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | | sanitiser.js:33:21:33:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:33:21:33:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| sanitiser.js:35:21:35:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:35:21:35:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | | sanitiser.js:38:21:38:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:38:21:38:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | | sanitiser.js:45:21:45:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:45:21:45:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | | sanitiser.js:48:19:48:46 | tainted ... /g, '') | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:48:19:48:46 | tainted ... /g, '') | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | @@ -2585,7 +1348,6 @@ edges | tst.js:494:18:494:40 | locatio ... bstr(1) | tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | Cross-site scripting vulnerability due to $@. | tst.js:494:18:494:30 | location.hash | user-provided value | | tst.js:501:33:501:63 | decodeU ... n.hash) | tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | Cross-site scripting vulnerability due to $@. | tst.js:501:43:501:62 | window.location.hash | user-provided value | | typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:45 | documen ... .search | user-provided value | -| v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value | | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected index 3edc5412c5ba..f2ffc7384517 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected @@ -1,1631 +1,764 @@ nodes -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | -| classnames.js:17:53:17:63 | window.name | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | -| dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | -| dates.js:11:63:11:67 | taint | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | -| dates.js:12:66:12:70 | taint | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | -| dates.js:13:59:13:63 | taint | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | -| dates.js:16:62:16:66 | taint | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | -| dates.js:18:59:18:63 | taint | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | -| dates.js:21:61:21:65 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | -| dates.js:37:77:37:81 | taint | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | -| dates.js:38:77:38:81 | taint | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | -| dates.js:39:79:39:83 | taint | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | -| dates.js:40:77:40:81 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | -| dates.js:48:83:48:87 | taint | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | -| dates.js:49:82:49:86 | taint | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | -| dates.js:50:97:50:101 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | -| dates.js:57:94:57:98 | taint | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | -| dates.js:59:80:59:84 | taint | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | -| dates.js:61:81:61:85 | taint | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | -| event-handler-receiver.js:2:49:2:61 | location.href | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:31 | location.toString() | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:21:5:21:8 | hash | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt.js:4:36:4:39 | data | -| jwt.js:4:36:4:39 | data | -| jwt.js:4:36:4:39 | data | -| jwt.js:5:9:5:34 | decoded | -| jwt.js:5:9:5:34 | decoded | -| jwt.js:5:19:5:34 | jwt_decode(data) | -| jwt.js:5:19:5:34 | jwt_decode(data) | -| jwt.js:5:30:5:33 | data | -| jwt.js:5:30:5:33 | data | -| jwt.js:6:14:6:20 | decoded | -| jwt.js:6:14:6:20 | decoded | -| jwt.js:6:14:6:20 | decoded | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | -| nodemailer.js:13:50:13:66 | req.query.message | -| optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:45:51:45:56 | target | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | -| react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:8:21:8:26 | router | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:11:24:11:29 | router | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | -| react-use-router.js:22:17:22:22 | router | -| react-use-router.js:23:43:23:48 | router | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:29:9:29:30 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-router.js:33:21:33:26 | router | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:7:7:7:61 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:47 | target | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:9:27:9:38 | searchParams | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:4:25:4:28 | data | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | -| tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:5:18:5:23 | target | -| tst.js:5:18:5:23 | target | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | -| tst.js:17:7:17:56 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | -| tst.js:17:25:17:41 | document.location | -| tst.js:18:18:18:23 | params | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:47 | target | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:21:18:21:29 | searchParams | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | -| tst.js:26:18:26:23 | target | -| tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:34:16:34:20 | bar() | -| tst.js:34:16:34:20 | bar() | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | -| tst.js:60:34:60:34 | s | -| tst.js:62:18:62:18 | s | -| tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:68:16:68:20 | bar() | -| tst.js:68:16:68:20 | bar() | -| tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:46:70:46 | x | -| tst.js:73:20:73:20 | x | -| tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:151:29:151:29 | v | -| tst.js:151:49:151:49 | v | -| tst.js:151:49:151:49 | v | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:180:28:180:33 | target | -| tst.js:180:28:180:33 | target | -| tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:186:31:186:37 | tainted | -| tst.js:186:31:186:37 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:199:67:199:73 | tainted | -| tst.js:199:67:199:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:204:35:204:41 | tainted | -| tst.js:206:46:206:52 | tainted | -| tst.js:207:38:207:44 | tainted | -| tst.js:208:35:208:41 | tainted | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:236:35:236:41 | tainted | -| tst.js:238:20:238:26 | tainted | -| tst.js:240:23:240:29 | tainted | -| tst.js:241:23:241:29 | tainted | -| tst.js:247:39:247:55 | props.propTainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:301:9:301:16 | location | -| tst.js:301:9:301:16 | location | -| tst.js:302:10:302:10 | e | -| tst.js:303:20:303:20 | e | -| tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | -| tst.js:308:10:308:17 | location | -| tst.js:310:10:310:10 | e | -| tst.js:311:20:311:20 | e | -| tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | -| tst.js:327:18:327:34 | document.location | -| tst.js:331:7:331:43 | params | -| tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:332:18:332:23 | params | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | -| tst.js:341:20:341:36 | document.location | -| tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:349:12:349:17 | target | -| tst.js:349:12:349:17 | target | -| tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:356:16:356:21 | target | -| tst.js:356:16:356:21 | target | -| tst.js:360:21:360:26 | target | -| tst.js:360:21:360:26 | target | -| tst.js:363:18:363:23 | target | -| tst.js:363:18:363:23 | target | -| tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:374:18:374:23 | target | -| tst.js:374:18:374:23 | target | -| tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:384:18:384:23 | target | -| tst.js:384:18:384:23 | target | -| tst.js:386:18:386:23 | target | -| tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | -| tst.js:408:19:408:31 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:419:7:419:55 | match | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:421:20:421:24 | match | -| tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:430:18:430:23 | target | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:440:28:440:33 | source | -| tst.js:440:28:440:33 | source | -| tst.js:441:33:441:38 | source | -| tst.js:441:33:441:38 | source | -| tst.js:442:34:442:39 | source | -| tst.js:442:34:442:39 | source | -| tst.js:443:41:443:46 | source | -| tst.js:443:41:443:46 | source | -| tst.js:444:44:444:49 | source | -| tst.js:444:44:444:49 | source | -| tst.js:445:32:445:37 | source | -| tst.js:445:32:445:37 | source | -| tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:455:18:455:23 | source | -| tst.js:455:18:455:23 | source | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | -| tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:463:21:463:26 | source | -| tst.js:463:21:463:26 | source | -| tst.js:465:19:465:24 | source | -| tst.js:465:19:465:24 | source | -| tst.js:467:20:467:25 | source | -| tst.js:467:20:467:25 | source | -| tst.js:471:7:471:46 | url | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:473:19:473:21 | url | -| tst.js:473:19:473:21 | url | -| tst.js:474:26:474:28 | url | -| tst.js:474:26:474:28 | url | -| tst.js:475:25:475:27 | url | -| tst.js:475:25:475:27 | url | -| tst.js:476:20:476:22 | url | -| tst.js:476:20:476:22 | url | -| tst.js:486:22:486:24 | url | -| tst.js:486:22:486:24 | url | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | -| tst.js:501:43:501:62 | window.location.hash | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:21:12:21:17 | target | -| typeahead.js:24:30:24:32 | val | -| typeahead.js:25:18:25:20 | val | -| typeahead.js:25:18:25:20 | val | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | -| v-html.vue:6:42:6:58 | document.location | -| various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:44 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:12:4:12:34 | ["
"] | -| various-concat-obfuscations.js:12:4:12:41 | ["
` | semmle.label | `` | +| classnames.js:7:47:7:69 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:7:58:7:68 | window.name | semmle.label | window.name | +| classnames.js:8:31:8:85 | `` | semmle.label | `` | +| classnames.js:8:47:8:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:8:59:8:69 | window.name | semmle.label | window.name | +| classnames.js:9:31:9:85 | `` | semmle.label | `` | +| classnames.js:9:47:9:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:9:59:9:69 | window.name | semmle.label | window.name | +| classnames.js:10:45:10:55 | window.name | semmle.label | window.name | +| classnames.js:11:31:11:79 | `` | semmle.label | `` | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | semmle.label | unsafeStyle('foo') | +| classnames.js:13:31:13:83 | `` | semmle.label | `` | +| classnames.js:13:47:13:68 | safeSty ... w.name) | semmle.label | safeSty ... w.name) | +| classnames.js:13:57:13:67 | window.name | semmle.label | window.name | +| classnames.js:15:31:15:78 | `` | semmle.label | `` | +| classnames.js:15:47:15:63 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:15:52:15:62 | window.name | semmle.label | window.name | +| classnames.js:17:32:17:79 | `` | semmle.label | `` | +| classnames.js:17:48:17:64 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:17:53:17:63 | window.name | semmle.label | window.name | +| clipboard.ts:8:11:8:51 | html | semmle.label | html | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:15:25:15:28 | html | semmle.label | html | +| clipboard.ts:24:23:24:58 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:29:19:29:54 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:33:19:33:68 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| clipboard.ts:43:15:43:55 | html | semmle.label | html | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:50:29:50:32 | html | semmle.label | html | +| clipboard.ts:71:13:71:62 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:98:15:98:54 | html | semmle.label | html | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| clipboard.ts:99:23:99:26 | html | semmle.label | html | +| custom-element.js:5:26:5:36 | window.name | semmle.label | window.name | +| d3.js:4:12:4:22 | window.name | semmle.label | window.name | +| d3.js:11:15:11:24 | getTaint() | semmle.label | getTaint() | +| d3.js:12:20:12:29 | getTaint() | semmle.label | getTaint() | +| d3.js:14:20:14:29 | getTaint() | semmle.label | getTaint() | +| d3.js:21:15:21:24 | getTaint() | semmle.label | getTaint() | +| dates.js:9:9:9:69 | taint | semmle.label | taint | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:9:36:9:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:9:36:9:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:11:31:11:70 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:11:42:11:68 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:11:63:11:67 | taint | semmle.label | taint | +| dates.js:12:31:12:73 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:12:42:12:71 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:12:66:12:70 | taint | semmle.label | taint | +| dates.js:13:31:13:72 | `Time i ... time)}` | semmle.label | `Time i ... time)}` | +| dates.js:13:42:13:70 | dateFns ... )(time) | semmle.label | dateFns ... )(time) | +| dates.js:13:59:13:63 | taint | semmle.label | taint | +| dates.js:16:31:16:69 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:16:42:16:67 | moment( ... (taint) | semmle.label | moment( ... (taint) | +| dates.js:16:62:16:66 | taint | semmle.label | taint | +| dates.js:18:31:18:66 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:18:42:18:64 | datefor ... taint) | semmle.label | datefor ... taint) | +| dates.js:18:59:18:63 | taint | semmle.label | taint | +| dates.js:21:31:21:68 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | semmle.label | dayjs(t ... (taint) | +| dates.js:21:61:21:65 | taint | semmle.label | taint | +| dates.js:30:9:30:69 | taint | semmle.label | taint | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:30:36:30:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:30:36:30:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:37:31:37:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:37:42:37:82 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:37:77:37:81 | taint | semmle.label | taint | +| dates.js:38:31:38:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:38:42:38:82 | luxon.f ... taint) | semmle.label | luxon.f ... taint) | +| dates.js:38:77:38:81 | taint | semmle.label | taint | +| dates.js:39:31:39:86 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:39:42:39:84 | moment. ... taint) | semmle.label | moment. ... taint) | +| dates.js:39:79:39:83 | taint | semmle.label | taint | +| dates.js:40:31:40:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:40:42:40:82 | dayjs.f ... taint) | semmle.label | dayjs.f ... taint) | +| dates.js:40:77:40:81 | taint | semmle.label | taint | +| dates.js:46:9:46:69 | taint | semmle.label | taint | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:46:36:46:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:46:36:46:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:48:31:48:90 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:48:42:48:88 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:48:83:48:87 | taint | semmle.label | taint | +| dates.js:49:31:49:89 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:49:42:49:87 | new Dat ... (taint) | semmle.label | new Dat ... (taint) | +| dates.js:49:82:49:86 | taint | semmle.label | taint | +| dates.js:50:31:50:104 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:50:42:50:102 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:50:97:50:101 | taint | semmle.label | taint | +| dates.js:54:9:54:69 | taint | semmle.label | taint | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:54:36:54:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:54:36:54:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:57:31:57:101 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:57:42:57:99 | moment. ... (taint) | semmle.label | moment. ... (taint) | +| dates.js:57:94:57:98 | taint | semmle.label | taint | +| dates.js:59:31:59:87 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:59:42:59:85 | luxon.e ... (taint) | semmle.label | luxon.e ... (taint) | +| dates.js:59:80:59:84 | taint | semmle.label | taint | +| dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | +| dates.js:61:81:61:85 | taint | semmle.label | taint | +| dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | +| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| dragAndDrop.ts:43:15:43:54 | html | semmle.label | html | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:50:29:50:32 | html | semmle.label | html | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | semmle.label | droppedHtml | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| event-handler-receiver.js:2:31:2:83 | '

' | semmle.label | '

' | +| event-handler-receiver.js:2:49:2:61 | location.href | semmle.label | location.href | +| express.js:7:15:7:33 | req.param("wobble") | semmle.label | req.param("wobble") | +| jquery.js:2:7:2:40 | tainted | semmle.label | tainted | +| jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| jquery.js:7:5:7:34 | "
" | semmle.label | "
" | +| jquery.js:7:20:7:26 | tainted | semmle.label | tainted | +| jquery.js:8:18:8:34 | "XSS: " + tainted | semmle.label | "XSS: " + tainted | +| jquery.js:8:28:8:34 | tainted | semmle.label | tainted | +| jquery.js:10:5:10:40 | "" + ... "" | semmle.label | "" + ... "" | +| jquery.js:10:13:10:20 | location | semmle.label | location | +| jquery.js:10:13:10:31 | location.toString() | semmle.label | location.toString() | +| jquery.js:14:19:14:58 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| jquery.js:14:38:14:57 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:15:19:15:60 | decodeU ... search) | semmle.label | decodeU ... search) | +| jquery.js:15:38:15:59 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:16:19:16:64 | decodeU ... ring()) | semmle.label | decodeU ... ring()) | +| jquery.js:16:38:16:52 | window.location | semmle.label | window.location | +| jquery.js:16:38:16:63 | window. ... tring() | semmle.label | window. ... tring() | +| jquery.js:18:7:18:33 | hash | semmle.label | hash | +| jquery.js:18:14:18:33 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:21:5:21:8 | hash | semmle.label | hash | +| jquery.js:21:5:21:21 | hash.substring(1) | semmle.label | hash.substring(1) | +| jquery.js:22:5:22:8 | hash | semmle.label | hash | +| jquery.js:22:5:22:25 | hash.su ... (1, 10) | semmle.label | hash.su ... (1, 10) | +| jquery.js:23:5:23:8 | hash | semmle.label | hash | +| jquery.js:23:5:23:18 | hash.substr(1) | semmle.label | hash.substr(1) | +| jquery.js:24:5:24:8 | hash | semmle.label | hash | +| jquery.js:24:5:24:17 | hash.slice(1) | semmle.label | hash.slice(1) | +| jquery.js:27:5:27:8 | hash | semmle.label | hash | +| jquery.js:27:5:27:25 | hash.re ... #', '') | semmle.label | hash.re ... #', '') | +| jquery.js:28:5:28:26 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:28:5:28:43 | window. ... ?', '') | semmle.label | window. ... ?', '') | +| jquery.js:34:5:34:25 | '' + ... '' | semmle.label | '' + ... '' | +| jquery.js:34:13:34:16 | hash | semmle.label | hash | +| jquery.js:36:25:36:31 | tainted | semmle.label | tainted | +| jquery.js:37:25:37:37 | () => tainted | semmle.label | () => tainted | +| jquery.js:37:31:37:37 | tainted | semmle.label | tainted | +| json-stringify.jsx:5:9:5:36 | locale | semmle.label | locale | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | semmle.label | req.param("locale") | +| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | semmle.label | `https: ... ocale}` | +| json-stringify.jsx:11:51:11:56 | locale | semmle.label | locale | +| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | semmle.label | `https: ... ocale}` | +| json-stringify.jsx:19:56:19:61 | locale | semmle.label | locale | +| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | semmle.label | JSON.st ... locale) | +| json-stringify.jsx:31:55:31:60 | locale | semmle.label | locale | +| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | semmle.label | JSON.st ... jsonLD) | +| jwt-server.js:7:9:7:35 | taint | semmle.label | taint | +| jwt-server.js:7:17:7:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| jwt-server.js:9:16:9:20 | taint | semmle.label | taint | +| jwt-server.js:9:55:9:61 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:25 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:29 | decoded.foo | semmle.label | decoded.foo | +| jwt.js:4:36:4:39 | data | semmle.label | data | +| jwt.js:5:9:5:34 | decoded | semmle.label | decoded | +| jwt.js:5:19:5:34 | jwt_decode(data) | semmle.label | jwt_decode(data) | +| jwt.js:5:30:5:33 | data | semmle.label | data | +| jwt.js:6:14:6:20 | decoded | semmle.label | decoded | +| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | semmle.label | `Hi, yo ... sage}.` | +| nodemailer.js:13:50:13:66 | req.query.message | semmle.label | req.query.message | +| optionalSanitizer.js:2:7:2:39 | target | semmle.label | target | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:6:18:6:23 | target | semmle.label | target | +| optionalSanitizer.js:8:7:8:22 | tainted | semmle.label | tainted | +| optionalSanitizer.js:8:17:8:22 | target | semmle.label | target | +| optionalSanitizer.js:9:18:9:24 | tainted | semmle.label | tainted | +| optionalSanitizer.js:15:9:15:14 | target | semmle.label | target | +| optionalSanitizer.js:16:18:16:18 | x | semmle.label | x | +| optionalSanitizer.js:17:20:17:20 | x | semmle.label | x | +| optionalSanitizer.js:26:7:26:39 | target | semmle.label | target | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:28:24:28:24 | x | semmle.label | x | +| optionalSanitizer.js:29:12:29:12 | x | semmle.label | x | +| optionalSanitizer.js:31:7:31:23 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:31:18:31:23 | target | semmle.label | target | +| optionalSanitizer.js:32:18:32:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:5:34:36 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | semmle.label | sanitiz ... inted2) | +| optionalSanitizer.js:34:28:34:35 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:36:18:36:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:38:7:38:23 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:38:18:38:23 | target | semmle.label | target | +| optionalSanitizer.js:39:18:39:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:5:41:36 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | semmle.label | sanitiz ... inted3) | +| optionalSanitizer.js:41:28:41:35 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:43:18:43:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | semmle.label | sanitiz ... target | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | semmle.label | sanitizeBad(target) | +| optionalSanitizer.js:45:41:45:46 | target | semmle.label | target | +| optionalSanitizer.js:45:51:45:56 | target | semmle.label | target | +| pages/[id].jsx:3:30:3:35 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:3:30:3:35 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:5:9:5:14 | { id } | semmle.label | { id } | +| pages/[id].jsx:5:9:5:29 | id | semmle.label | id | +| pages/[id].jsx:5:11:5:12 | id | semmle.label | id | +| pages/[id].jsx:5:18:5:29 | router.query | semmle.label | router.query | +| pages/[id].jsx:10:44:10:45 | id | semmle.label | id | +| pages/[id].jsx:13:44:13:49 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:13:44:13:52 | params.id | semmle.label | params.id | +| pages/[id].jsx:16:44:16:49 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:16:44:16:51 | params.q | semmle.label | params.q | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | semmle.label | {\\n ... ,\\n } [id] | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | semmle.label | {\\n ... ,\\n } [q] | +| pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params | +| pages/[id].jsx:25:11:25:27 | context.params.id | semmle.label | context.params.id | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" | +| pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query | +| pages/[id].jsx:26:10:26:30 | context ... .foobar | semmle.label | context ... .foobar | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | semmle.label | context ... r \|\| "" | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:18:8:24 | tainted | semmle.label | tainted | +| react-native.js:9:27:9:33 | tainted | semmle.label | tainted | +| react-use-context.js:10:22:10:32 | window.name | semmle.label | window.name | +| react-use-context.js:16:26:16:36 | window.name | semmle.label | window.name | +| react-use-router.js:8:21:8:32 | router.query | semmle.label | router.query | +| react-use-router.js:8:21:8:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:11:24:11:35 | router.query | semmle.label | router.query | +| react-use-router.js:11:24:11:42 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:23:31:23:36 | [post update] router | semmle.label | [post update] router | +| react-use-router.js:23:43:23:48 | router | semmle.label | router | +| react-use-router.js:23:43:23:54 | router.query | semmle.label | router.query | +| react-use-router.js:23:43:23:61 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query | +| react-use-router.js:33:21:33:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-state.js:4:9:4:49 | state | semmle.label | state | +| react-use-state.js:4:10:4:14 | state | semmle.label | state | +| react-use-state.js:4:38:4:48 | window.name | semmle.label | window.name | +| react-use-state.js:5:51:5:55 | state | semmle.label | state | +| react-use-state.js:9:9:9:43 | state | semmle.label | state | +| react-use-state.js:9:10:9:14 | state | semmle.label | state | +| react-use-state.js:10:14:10:24 | window.name | semmle.label | window.name | +| react-use-state.js:11:51:11:55 | state | semmle.label | state | +| react-use-state.js:15:9:15:43 | state | semmle.label | state | +| react-use-state.js:15:10:15:14 | state | semmle.label | state | +| react-use-state.js:16:20:16:30 | window.name | semmle.label | window.name | +| react-use-state.js:17:51:17:55 | state | semmle.label | state | +| react-use-state.js:21:10:21:14 | state | semmle.label | state | +| react-use-state.js:22:14:22:17 | prev | semmle.label | prev | +| react-use-state.js:23:35:23:38 | prev | semmle.label | prev | +| react-use-state.js:25:20:25:30 | window.name | semmle.label | window.name | +| sanitiser.js:16:7:16:27 | tainted | semmle.label | tainted | +| sanitiser.js:16:17:16:27 | window.name | semmle.label | window.name | +| sanitiser.js:23:21:23:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:23:29:23:35 | tainted | semmle.label | tainted | +| sanitiser.js:25:21:25:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:25:29:25:35 | tainted | semmle.label | tainted | +| sanitiser.js:28:21:28:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:28:29:28:35 | tainted | semmle.label | tainted | +| sanitiser.js:30:21:30:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:30:29:30:35 | tainted | semmle.label | tainted | +| sanitiser.js:33:21:33:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:33:29:33:35 | tainted | semmle.label | tainted | +| sanitiser.js:35:21:35:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:35:29:35:35 | tainted | semmle.label | tainted | +| sanitiser.js:38:21:38:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:38:29:38:35 | tainted | semmle.label | tainted | +| sanitiser.js:45:21:45:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:45:29:45:35 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:25 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:46 | tainted ... /g, '') | semmle.label | tainted ... /g, '') | +| stored-xss.js:2:39:2:62 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:3:35:3:58 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:5:20:5:52 | session ... ssion') | semmle.label | session ... ssion') | +| stored-xss.js:8:20:8:48 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:10:9:10:44 | href | semmle.label | href | +| stored-xss.js:10:16:10:44 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:12:20:12:54 | "" | semmle.label | "" | +| stored-xss.js:12:35:12:38 | href | semmle.label | href | +| string-manipulations.js:3:16:3:32 | document.location | semmle.label | document.location | +| string-manipulations.js:4:16:4:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:47 | documen ... lueOf() | semmle.label | documen ... lueOf() | +| string-manipulations.js:6:16:6:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:6:16:6:43 | documen ... f.sup() | semmle.label | documen ... f.sup() | +| string-manipulations.js:7:16:7:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:7:16:7:51 | documen ... rCase() | semmle.label | documen ... rCase() | +| string-manipulations.js:8:16:8:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:8:16:8:48 | documen ... mLeft() | semmle.label | documen ... mLeft() | +| string-manipulations.js:9:16:9:58 | String. ... n.href) | semmle.label | String. ... n.href) | +| string-manipulations.js:9:36:9:57 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:10:16:10:45 | String( ... n.href) | semmle.label | String( ... n.href) | +| string-manipulations.js:10:23:10:44 | documen ... on.href | semmle.label | documen ... on.href | +| tooltip.jsx:6:11:6:30 | source | semmle.label | source | +| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name | +| tooltip.jsx:10:25:10:30 | source | semmle.label | source | +| tooltip.jsx:11:25:11:30 | source | semmle.label | source | +| translate.js:6:7:6:39 | target | semmle.label | target | +| translate.js:6:16:6:39 | documen ... .search | semmle.label | documen ... .search | +| translate.js:7:7:7:61 | searchParams | semmle.label | searchParams | +| translate.js:7:22:7:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| translate.js:7:42:7:47 | target | semmle.label | target | +| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | +| translate.js:9:27:9:38 | searchParams | semmle.label | searchParams | +| translate.js:9:27:9:50 | searchP ... 'term') | semmle.label | searchP ... 'term') | +| trusted-types-lib.js:1:28:1:28 | x | semmle.label | x | +| trusted-types-lib.js:2:12:2:12 | x | semmle.label | x | +| trusted-types.js:3:62:3:62 | x | semmle.label | x | +| trusted-types.js:3:67:3:67 | x | semmle.label | x | +| trusted-types.js:4:20:4:30 | window.name | semmle.label | window.name | +| trusted-types.js:13:20:13:30 | window.name | semmle.label | window.name | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | semmle.label | JSON.pa ... tr(1))) | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | semmle.label | decodeU ... str(1)) | +| tst3.js:2:42:2:63 | window. ... .search | semmle.label | window. ... .search | +| tst3.js:2:42:2:73 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst3.js:4:25:4:28 | data | semmle.label | data | +| tst3.js:4:25:4:32 | data.src | semmle.label | data.src | +| tst3.js:5:26:5:29 | data | semmle.label | data | +| tst3.js:5:26:5:31 | data.p | semmle.label | data.p | +| tst3.js:7:32:7:35 | data | semmle.label | data | +| tst3.js:7:32:7:37 | data.p | semmle.label | data.p | +| tst3.js:9:37:9:40 | data | semmle.label | data | +| tst3.js:9:37:9:42 | data.p | semmle.label | data.p | +| tst3.js:10:38:10:41 | data | semmle.label | data | +| tst3.js:10:38:10:43 | data.p | semmle.label | data.p | +| tst.js:2:7:2:39 | target | semmle.label | target | +| tst.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:5:18:5:23 | target | semmle.label | target | +| tst.js:8:18:8:126 | "" | semmle.label | "" | +| tst.js:8:37:8:58 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:12:5:12:42 | '
' | semmle.label | '
' | +| tst.js:12:28:12:33 | target | semmle.label | target | +| tst.js:17:7:17:56 | params | semmle.label | params | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] | +| tst.js:17:16:17:56 | (new UR ... hParams | semmle.label | (new UR ... hParams | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:17:25:17:41 | document.location | semmle.label | document.location | +| tst.js:18:18:18:23 | params | semmle.label | params | +| tst.js:18:18:18:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:20:7:20:61 | searchParams | semmle.label | searchParams | +| tst.js:20:22:20:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| tst.js:20:42:20:47 | target | semmle.label | target | +| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:21:18:21:29 | searchParams | semmle.label | searchParams | +| tst.js:21:18:21:41 | searchP ... 'name') | semmle.label | searchP ... 'name') | +| tst.js:24:14:24:19 | target | semmle.label | target | +| tst.js:26:18:26:23 | target | semmle.label | target | +| tst.js:28:5:28:28 | documen ... .search | semmle.label | documen ... .search | +| tst.js:31:10:31:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:34:16:34:20 | bar() | semmle.label | bar() | +| tst.js:36:14:36:14 | x | semmle.label | x | +| tst.js:37:10:37:10 | x | semmle.label | x | +| tst.js:40:16:40:44 | baz(doc ... search) | semmle.label | baz(doc ... search) | +| tst.js:40:20:40:43 | documen ... .search | semmle.label | documen ... .search | +| tst.js:42:15:42:15 | s | semmle.label | s | +| tst.js:43:10:43:31 | "
" ...
" | semmle.label | "
" ...
" | +| tst.js:43:20:43:20 | s | semmle.label | s | +| tst.js:46:16:46:45 | wrap(do ... search) | semmle.label | wrap(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:48:15:48:15 | s | semmle.label | s | +| tst.js:50:12:50:12 | s | semmle.label | s | +| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:54:16:54:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:56:16:56:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:58:16:58:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) | +| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:58:26:58:30 | bar() | semmle.label | bar() | +| tst.js:60:34:60:34 | s | semmle.label | s | +| tst.js:62:18:62:18 | s | semmle.label | s | +| tst.js:64:25:64:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:65:25:65:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:68:16:68:20 | bar() | semmle.label | bar() | +| tst.js:70:1:70:27 | [,docum ... search] | semmle.label | [,docum ... search] | +| tst.js:70:1:70:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] | +| tst.js:70:3:70:26 | documen ... .search | semmle.label | documen ... .search | +| tst.js:70:46:70:46 | x | semmle.label | x | +| tst.js:73:20:73:20 | x | semmle.label | x | +| tst.js:77:49:77:72 | documen ... .search | semmle.label | documen ... .search | +| tst.js:81:26:81:49 | documen ... .search | semmle.label | documen ... .search | +| tst.js:82:25:82:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:84:33:84:56 | documen ... .search | semmle.label | documen ... .search | +| tst.js:85:32:85:55 | documen ... .search | semmle.label | documen ... .search | +| tst.js:90:39:90:62 | documen ... .search | semmle.label | documen ... .search | +| tst.js:96:30:96:53 | documen ... .search | semmle.label | documen ... .search | +| tst.js:102:25:102:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:7:107:44 | v | semmle.label | v | +| tst.js:107:11:107:34 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:11:107:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:110:18:110:18 | v | semmle.label | v | +| tst.js:136:18:136:18 | v | semmle.label | v | +| tst.js:148:29:148:50 | window. ... .search | semmle.label | window. ... .search | +| tst.js:151:29:151:29 | v | semmle.label | v | +| tst.js:151:49:151:49 | v | semmle.label | v | +| tst.js:155:29:155:46 | xssSourceService() | semmle.label | xssSourceService() | +| tst.js:158:40:158:61 | window. ... .search | semmle.label | window. ... .search | +| tst.js:177:9:177:41 | target | semmle.label | target | +| tst.js:177:18:177:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:180:28:180:33 | target | semmle.label | target | +| tst.js:184:9:184:42 | tainted | semmle.label | tainted | +| tst.js:184:19:184:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:186:31:186:37 | tainted | semmle.label | tainted | +| tst.js:188:42:188:48 | tainted | semmle.label | tainted | +| tst.js:189:33:189:39 | tainted | semmle.label | tainted | +| tst.js:191:54:191:60 | tainted | semmle.label | tainted | +| tst.js:192:45:192:51 | tainted | semmle.label | tainted | +| tst.js:193:49:193:55 | tainted | semmle.label | tainted | +| tst.js:197:9:197:42 | tainted | semmle.label | tainted | +| tst.js:197:19:197:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:199:67:199:73 | tainted | semmle.label | tainted | +| tst.js:200:67:200:73 | tainted | semmle.label | tainted | +| tst.js:204:35:204:41 | tainted | semmle.label | tainted | +| tst.js:206:46:206:52 | tainted | semmle.label | tainted | +| tst.js:207:38:207:44 | tainted | semmle.label | tainted | +| tst.js:208:35:208:41 | tainted | semmle.label | tainted | +| tst.js:212:28:212:46 | this.state.tainted1 | semmle.label | this.state.tainted1 | +| tst.js:213:28:213:46 | this.state.tainted2 | semmle.label | this.state.tainted2 | +| tst.js:214:28:214:46 | this.state.tainted3 | semmle.label | this.state.tainted3 | +| tst.js:218:32:218:49 | prevState.tainted4 | semmle.label | prevState.tainted4 | +| tst.js:225:28:225:46 | this.props.tainted1 | semmle.label | this.props.tainted1 | +| tst.js:226:28:226:46 | this.props.tainted2 | semmle.label | this.props.tainted2 | +| tst.js:227:28:227:46 | this.props.tainted3 | semmle.label | this.props.tainted3 | +| tst.js:231:32:231:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 | +| tst.js:236:35:236:41 | tainted | semmle.label | tainted | +| tst.js:238:20:238:26 | tainted | semmle.label | tainted | +| tst.js:240:23:240:29 | tainted | semmle.label | tainted | +| tst.js:241:23:241:29 | tainted | semmle.label | tainted | +| tst.js:247:39:247:55 | props.propTainted | semmle.label | props.propTainted | +| tst.js:251:60:251:82 | this.st ... Tainted | semmle.label | this.st ... Tainted | +| tst.js:255:23:255:29 | tainted | semmle.label | tainted | +| tst.js:259:7:259:17 | window.name | semmle.label | window.name | +| tst.js:260:7:260:10 | name | semmle.label | name | +| tst.js:264:11:264:21 | window.name | semmle.label | window.name | +| tst.js:280:22:280:29 | location | semmle.label | location | +| tst.js:285:9:285:29 | tainted | semmle.label | tainted | +| tst.js:285:19:285:29 | window.name | semmle.label | window.name | +| tst.js:288:59:288:65 | tainted | semmle.label | tainted | +| tst.js:301:9:301:16 | location | semmle.label | location | +| tst.js:302:10:302:10 | e | semmle.label | e | +| tst.js:303:20:303:20 | e | semmle.label | e | +| tst.js:308:10:308:17 | location | semmle.label | location | +| tst.js:310:10:310:10 | e | semmle.label | e | +| tst.js:311:20:311:20 | e | semmle.label | e | +| tst.js:316:35:316:42 | location | semmle.label | location | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:327:18:327:34 | document.location | semmle.label | document.location | +| tst.js:331:7:331:43 | params | semmle.label | params | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] | +| tst.js:331:16:331:43 | getTain ... hParams | semmle.label | getTain ... hParams | +| tst.js:332:18:332:23 | params | semmle.label | params | +| tst.js:332:18:332:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] | +| tst.js:341:20:341:36 | document.location | semmle.label | document.location | +| tst.js:343:5:343:12 | getUrl() [hash] | semmle.label | getUrl() [hash] | +| tst.js:343:5:343:17 | getUrl().hash | semmle.label | getUrl().hash | +| tst.js:343:5:343:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) | +| tst.js:348:7:348:39 | target | semmle.label | target | +| tst.js:348:16:348:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:349:12:349:17 | target | semmle.label | target | +| tst.js:355:10:355:42 | target | semmle.label | target | +| tst.js:355:19:355:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:356:16:356:21 | target | semmle.label | target | +| tst.js:360:21:360:26 | target | semmle.label | target | +| tst.js:363:18:363:23 | target | semmle.label | target | +| tst.js:371:7:371:39 | target | semmle.label | target | +| tst.js:371:16:371:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:374:18:374:23 | target | semmle.label | target | +| tst.js:381:7:381:39 | target | semmle.label | target | +| tst.js:381:7:381:39 | target [taint3] | semmle.label | target [taint3] | +| tst.js:381:7:381:39 | target [taint8] | semmle.label | target [taint8] | +| tst.js:381:16:381:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:384:18:384:23 | target | semmle.label | target | +| tst.js:386:18:386:23 | target | semmle.label | target | +| tst.js:386:18:386:29 | target.taint | semmle.label | target.taint | +| tst.js:391:3:391:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] | +| tst.js:391:19:391:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:392:18:392:23 | target [taint3] | semmle.label | target [taint3] | +| tst.js:392:18:392:30 | target.taint3 | semmle.label | target.taint3 | +| tst.js:397:18:397:23 | target | semmle.label | target | +| tst.js:397:18:397:30 | target.taint5 | semmle.label | target.taint5 | +| tst.js:406:18:406:23 | target | semmle.label | target | +| tst.js:406:18:406:30 | target.taint7 | semmle.label | target.taint7 | +| tst.js:408:3:408:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] | +| tst.js:408:19:408:24 | target | semmle.label | target | +| tst.js:408:19:408:24 | target [taint8] | semmle.label | target [taint8] | +| tst.js:408:19:408:31 | target.taint8 | semmle.label | target.taint8 | +| tst.js:409:18:409:23 | target [taint8] | semmle.label | target [taint8] | +| tst.js:409:18:409:30 | target.taint8 | semmle.label | target.taint8 | +| tst.js:416:7:416:46 | payload | semmle.label | payload | +| tst.js:416:17:416:36 | window.location.hash | semmle.label | window.location.hash | +| tst.js:416:17:416:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst.js:417:18:417:24 | payload | semmle.label | payload | +| tst.js:419:7:419:55 | match | semmle.label | match | +| tst.js:419:15:419:34 | window.location.hash | semmle.label | window.location.hash | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) | +| tst.js:421:20:421:24 | match | semmle.label | match | +| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] | +| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash | +| tst.js:424:18:424:48 | window. ... it('#') | semmle.label | window. ... it('#') | +| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] | +| tst.js:428:7:428:39 | target | semmle.label | target | +| tst.js:428:16:428:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:430:18:430:23 | target | semmle.label | target | +| tst.js:430:18:430:89 | target. ... data>') | semmle.label | target. ... data>') | +| tst.js:436:6:436:38 | source | semmle.label | source | +| tst.js:436:15:436:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:440:28:440:33 | source | semmle.label | source | +| tst.js:441:33:441:38 | source | semmle.label | source | +| tst.js:442:34:442:39 | source | semmle.label | source | +| tst.js:443:41:443:46 | source | semmle.label | source | +| tst.js:444:44:444:49 | source | semmle.label | source | +| tst.js:445:32:445:37 | source | semmle.label | source | +| tst.js:453:7:453:39 | source | semmle.label | source | +| tst.js:453:16:453:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:455:18:455:23 | source | semmle.label | source | +| tst.js:456:18:456:42 | ansiToH ... source) | semmle.label | ansiToH ... source) | +| tst.js:456:36:456:41 | source | semmle.label | source | +| tst.js:460:6:460:38 | source | semmle.label | source | +| tst.js:460:15:460:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:463:21:463:26 | source | semmle.label | source | +| tst.js:465:19:465:24 | source | semmle.label | source | +| tst.js:467:20:467:25 | source | semmle.label | source | +| tst.js:471:7:471:46 | url | semmle.label | url | +| tst.js:471:13:471:36 | documen ... .search | semmle.label | documen ... .search | +| tst.js:471:13:471:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:473:19:473:21 | url | semmle.label | url | +| tst.js:474:26:474:28 | url | semmle.label | url | +| tst.js:475:25:475:27 | url | semmle.label | url | +| tst.js:476:20:476:22 | url | semmle.label | url | +| tst.js:486:22:486:24 | url | semmle.label | url | +| tst.js:491:23:491:35 | location.hash | semmle.label | location.hash | +| tst.js:491:23:491:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:494:18:494:30 | location.hash | semmle.label | location.hash | +| tst.js:494:18:494:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:501:33:501:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| tst.js:501:43:501:62 | window.location.hash | semmle.label | window.location.hash | +| typeahead.js:9:28:9:30 | loc | semmle.label | loc | +| typeahead.js:10:16:10:18 | loc | semmle.label | loc | +| typeahead.js:20:13:20:45 | target | semmle.label | target | +| typeahead.js:20:22:20:45 | documen ... .search | semmle.label | documen ... .search | +| typeahead.js:21:12:21:17 | target | semmle.label | target | +| typeahead.js:24:30:24:32 | val | semmle.label | val | +| typeahead.js:25:18:25:20 | val | semmle.label | val | +| various-concat-obfuscations.js:2:6:2:39 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | semmle.label | "
" ...
" | +| various-concat-obfuscations.js:4:14:4:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | semmle.label | `
$ ...
` | +| various-concat-obfuscations.js:5:12:5:18 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | semmle.label | "
" ... ainted) | +| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | semmle.label | "
" ... /div>") | +| various-concat-obfuscations.js:6:19:6:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | semmle.label | ["
... /div>"] | +| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | semmle.label | ["
... .join() | +| various-concat-obfuscations.js:7:14:7:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:9:4:9:34 | "
" | semmle.label | "
" | +| various-concat-obfuscations.js:9:19:9:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:10:4:10:27 | `
` | semmle.label | `
` | +| various-concat-obfuscations.js:10:16:10:22 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:11:4:11:31 | "
") | semmle.label | "
") | +| various-concat-obfuscations.js:11:24:11:30 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:12:4:12:34 | ["
"] | semmle.label | ["
"] | +| various-concat-obfuscations.js:12:4:12:41 | ["
' | semmle.label | '
' | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | semmle.label | (attrs. ... 'left') | +| various-concat-obfuscations.js:15:28:15:32 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | semmle.label | attrs.defaultattr | +| various-concat-obfuscations.js:17:24:17:28 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:10:18:59 | '
') | semmle.label | '
') | +| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | semmle.label | attrs.defaultattr | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' | +| various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| winjs.js:2:7:2:53 | tainted | semmle.label | tainted | +| winjs.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| winjs.js:2:17:2:53 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| winjs.js:3:43:3:49 | tainted | semmle.label | tainted | +| winjs.js:4:43:4:49 | tainted | semmle.label | tainted | +| xmlRequest.js:8:13:8:47 | json | semmle.label | json | +| xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | semmle.label | JSON.pa ... seText) | +| xmlRequest.js:8:31:8:46 | xhr.responseText | semmle.label | xhr.responseText | +| xmlRequest.js:9:28:9:31 | json | semmle.label | json | +| xmlRequest.js:9:28:9:39 | json.message | semmle.label | json.message | +| xmlRequest.js:20:11:20:48 | resp | semmle.label | resp | +| xmlRequest.js:20:18:20:48 | await g ... rl }}") | semmle.label | await g ... rl }}") | +| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | semmle.label | got.get ... rl }}") | +| xmlRequest.js:21:11:21:38 | json | semmle.label | json | +| xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | semmle.label | JSON.pa ... p.body) | +| xmlRequest.js:21:29:21:32 | resp | semmle.label | resp | +| xmlRequest.js:21:29:21:37 | resp.body | semmle.label | resp.body | +| xmlRequest.js:22:24:22:27 | json | semmle.label | json | +| xmlRequest.js:22:24:22:35 | json.message | semmle.label | json.message | edges | addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | | addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | | addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | | addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | | addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | | addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | | angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | | angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | | angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | | angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | | classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | | classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | | classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | | classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | | classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | | classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | | classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | | classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | | classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | | classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | | classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | | classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | | classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | | classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | | clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | | clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | | clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | | clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | | clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | | clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | | clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | | clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| custom-element.js:5:26:5:36 | window.name | custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | | d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | | d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | | d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | | d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | | dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | | dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | | dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | | dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | | dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | | dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | | dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | | dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | | dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | | dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | | dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | | dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | | dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | | dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | | dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | | dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | | dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | | dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | | dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | | dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | | dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | | dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | | dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | | dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | | dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | | dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | | dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | | dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | | dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | | dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | | dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | | dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | | dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | | dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | | dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | | dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | | dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | | dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | | dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | | dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | | dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | | dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | | dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | | dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | | dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | | dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | | dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | | dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | | dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | | dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | | dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | | dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | | dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | | dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | | dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | | dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | | dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | | dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | | dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | | dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | | dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | | dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | | dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | | dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | | dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | | event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") | | jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | | jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | | jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | | jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | | jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | | jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | | jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | | jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | | jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | | jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | | jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | | jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | | jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | | jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | | jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | | jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | @@ -1633,350 +766,149 @@ edges | jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | | jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | | jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | | jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | | jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | | jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | | jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | | jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | | jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | | jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | | jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | | json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | | json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | | json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | | json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | | json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | | json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | | json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | | jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | | jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | | jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | | jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | | jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | | jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | | jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | | jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | | jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) | -| jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | | nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | | optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | | optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | | optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | | optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | | optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | | optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | | optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | | optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | | optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | | optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | | optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | | optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | | optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | +| optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | | optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | | optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | | optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | | optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | | optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | | optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | | optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | | optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | | optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | | optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | | optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | | optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | | optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | | optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | +| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | +| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | | pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | | pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | | pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | | pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | +| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | +| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | | pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | | pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | | pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | | pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | | react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | | react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | | react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:8:21:8:26 | router | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:11:24:11:29 | router | -| react-use-router.js:4:18:4:28 | useRouter() | react-use-router.js:4:9:4:28 | router | -| react-use-router.js:8:21:8:26 | router | react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | | react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:11:24:11:29 | router | react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | | react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | react-use-router.js:23:43:23:48 | router | -| react-use-router.js:22:17:22:22 | router | react-use-router.js:22:15:22:24 | router | +| react-use-router.js:23:31:23:36 | [post update] router | react-use-router.js:23:43:23:48 | router | | react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | | react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:22:17:22:22 | router | -| react-use-router.js:29:9:29:30 | router | react-use-router.js:33:21:33:26 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | react-use-router.js:29:9:29:30 | router | -| react-use-router.js:33:21:33:26 | router | react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | +| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router | | react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | | react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | | react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | | react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | | react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | | react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | | react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | | react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | | react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | | react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | | react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | | react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | | react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:25:29:25:35 | tainted | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:28:29:28:35 | tainted | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:35:29:35:35 | tainted | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | | sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | | sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | +| sanitiser.js:25:29:25:35 | tainted | sanitiser.js:25:21:25:44 | '' + ... '' | +| sanitiser.js:28:29:28:35 | tainted | sanitiser.js:28:21:28:44 | '' + ... '' | | sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | | sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | +| sanitiser.js:35:29:35:35 | tainted | sanitiser.js:35:21:35:44 | '' + ... '' | | sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | | sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | | sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | | stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | | stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | | stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | | stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | | stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | | stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | | string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | | string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | | string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | | string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | | string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | | tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | | tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | | translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | | translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | | translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | | translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | | translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | | translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | +| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | | trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | | trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | | trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | | trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | @@ -1985,179 +917,77 @@ edges | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | | tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | | tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | | tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | | tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | | tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | | tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | | tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | | tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | | tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | | tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | | tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | | tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | | tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | | tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | | tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | | tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | | tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | +| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | | tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | | tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | | tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | | tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | | tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | | tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | | tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | | tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | | tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | | tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | | tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | +| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | +| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | | tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | +| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | +| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | | tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | | tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | | tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | | tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | | tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | | tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | | tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | | tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | | tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | +| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | | tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | | tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | | tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | | tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | | tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | | tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | | tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | | tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | | tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | | tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | | tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | | tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | | tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | | tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | | tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | | tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | | tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | @@ -2169,210 +999,102 @@ edges | tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | | tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | | tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | | tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | | tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | | tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | | tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | | tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | | tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | | tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | | tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | | tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | | tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | -| tst.js:259:7:259:17 | window.name | tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | tst.js:280:22:280:29 | location | | tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | | tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | | tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | | tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | | tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | | tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | +| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | | tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | | tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | | tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | +| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | +| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | | tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | | tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | | tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | | tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | | tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | | tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | | tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | | tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | | tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | | tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | | tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | | tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | | tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | | tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | +| tst.js:381:7:381:39 | target [taint3] | tst.js:392:18:392:23 | target [taint3] | +| tst.js:381:7:381:39 | target [taint8] | tst.js:408:19:408:24 | target [taint8] | +| tst.js:381:7:381:39 | target [taint8] | tst.js:409:18:409:23 | target [taint8] | | tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | | tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | +| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:381:7:381:39 | target [taint3] | +| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | +| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | | tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | | tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | +| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:381:7:381:39 | target [taint8] | | tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | +| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | +| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | +| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | | tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | | tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | | tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | | tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | | tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | | tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | | tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | | tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | | tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | | tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | | tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | | tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | | tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | | tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | | tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | | tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | | tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | | tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | | tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | | tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | | tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | | tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | | tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | | tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | | tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | | tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | | tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | | tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | | tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | | tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | | tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | | tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | | tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | | tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | | tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | | tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | | tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | | typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | | typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | | typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | @@ -2382,88 +1104,64 @@ edges | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | | various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | | various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | | various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | | various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | | various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | | various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | | various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:11:4:11:31 | "
") | | various-concat-obfuscations.js:11:4:11:31 | "
") | | various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | +| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '
' | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | +| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | +| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | +| various-concat-obfuscations.js:18:10:18:59 | '
') | +| various-concat-obfuscations.js:18:10:18:88 | '
') | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | +| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '
" ...
" | tst.js:46:16:46:45 | wrap(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
" ...
" | tst.js:58:16:58:32 | wrap(chop(bar())) | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '
' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | #select | jwt.js:6:14:6:20 | decoded | jwt.js:4:36:4:39 | data | jwt.js:6:14:6:20 | decoded | Cross-site scripting vulnerability due to $@. | jwt.js:4:36:4:39 | data | user-provided value | | typeahead.js:10:16:10:18 | loc | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | Cross-site scripting vulnerability due to $@. | typeahead.js:9:28:9:30 | loc | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql index 9a27e9db4d41..a2e4dad22fe5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql @@ -13,11 +13,13 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXssQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph import semmle.javascript.heuristics.AdditionalSources -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from PathNode source, PathNode sink +where + DomBasedXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and + source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(), "user-provided value" From 46b90e51fc818e62ee27ef437543333f71fb4fc8 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:30:06 +0200 Subject: [PATCH 049/223] JS: Port ReflectedXss --- .../security/dataflow/ReflectedXssQuery.qll | 29 +- .../ql/src/Security/CWE-079/ReflectedXss.ql | 6 +- .../ReflectedXss/ReflectedXss.expected | 580 +++++++----------- 3 files changed, 246 insertions(+), 369 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll index 75ccaeeb9d89..9af157fe4233 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll @@ -5,12 +5,30 @@ import javascript import ReflectedXssCustomizations::ReflectedXss -private import Xss::Shared as Shared +private import Xss::Shared as SharedXss /** - * A taint-tracking configuration for reasoning about XSS. + * A taint-tracking configuration for reasoning about reflected XSS. */ -class Configuration extends TaintTracking::Configuration { +module ReflectedXssConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = SharedXss::BarrierGuard::getABarrierNode() + } +} + +/** + * Taint-tracking for reasoning about reflected XSS. + */ +module ReflectedXssFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ReflectedXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ReflectedXss" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -28,11 +46,10 @@ class Configuration extends TaintTracking::Configuration { } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends SharedXss::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends SharedXss::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql index a95a7aec205b..5f4c85a0be56 100644 --- a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.ReflectedXssQuery -import DataFlow::PathGraph +import ReflectedXssFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from ReflectedXssFlow::PathNode source, ReflectedXssFlow::PathNode sink +where ReflectedXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected index 3c625dccdd37..4dd4aa119950 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected @@ -1,444 +1,304 @@ -nodes -| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | -| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | -| ReflectedXss.js:17:31:17:39 | params.id | -| ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | -| ReflectedXss.js:23:19:23:26 | req.body | -| ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:30:7:33:4 | mytable | -| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | -| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | -| ReflectedXss.js:32:5:32:22 | ['body', req.body] | -| ReflectedXss.js:32:14:32:21 | req.body | -| ReflectedXss.js:32:14:32:21 | req.body | -| ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | -| ReflectedXss.js:42:31:42:38 | req.body | -| ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:64:14:64:21 | req.body | -| ReflectedXss.js:64:14:64:21 | req.body | -| ReflectedXss.js:64:39:64:42 | file | -| ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | -| ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:33:68:40 | req.body | -| ReflectedXss.js:68:33:68:40 | req.body | -| ReflectedXss.js:72:12:72:56 | unified ... q.body) | -| ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:48:72:55 | req.body | -| ReflectedXss.js:72:48:72:55 | req.body | -| ReflectedXss.js:74:20:74:27 | req.body | -| ReflectedXss.js:74:20:74:27 | req.body | -| ReflectedXss.js:74:34:74:34 | f | -| ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | -| ReflectedXss.js:84:22:84:29 | req.body | -| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | -| ReflectedXss.js:85:23:85:30 | req.body | -| ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | -| ReflectedXss.js:98:30:98:37 | req.body | -| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | -| ReflectedXss.js:100:31:100:38 | req.body | -| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | -| ReflectedXss.js:103:76:103:83 | req.body | -| ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | -| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | -| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | -| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | -| ReflectedXssGood3.js:135:9:135:27 | url | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | -| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| ReflectedXssGood3.js:139:24:139:26 | url | -| etherpad.js:9:5:9:53 | response | -| etherpad.js:9:16:9:30 | req.query.jsonp | -| etherpad.js:9:16:9:30 | req.query.jsonp | -| etherpad.js:9:16:9:53 | req.que ... e + ")" | -| etherpad.js:11:12:11:19 | response | -| etherpad.js:11:12:11:19 | response | -| formatting.js:4:9:4:29 | evil | -| formatting.js:4:16:4:29 | req.query.evil | -| formatting.js:4:16:4:29 | req.query.evil | -| formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:6:43:6:46 | evil | -| formatting.js:7:14:7:53 | require ... , evil) | -| formatting.js:7:14:7:53 | require ... , evil) | -| formatting.js:7:49:7:52 | evil | -| live-server.js:4:11:4:27 | tainted | -| live-server.js:4:21:4:27 | req.url | -| live-server.js:4:21:4:27 | req.url | -| live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:6:28:6:34 | tainted | -| live-server.js:10:11:10:27 | tainted | -| live-server.js:10:21:10:27 | req.url | -| live-server.js:10:21:10:27 | req.url | -| live-server.js:12:13:12:50 | ` ... /html>` | -| live-server.js:12:13:12:50 | ` ... /html>` | -| live-server.js:12:28:12:34 | tainted | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| partial.js:9:25:9:25 | x | -| partial.js:10:14:10:14 | x | -| partial.js:10:14:10:18 | x + y | -| partial.js:10:14:10:18 | x + y | -| partial.js:13:42:13:48 | req.url | -| partial.js:13:42:13:48 | req.url | -| partial.js:18:25:18:25 | x | -| partial.js:19:14:19:14 | x | -| partial.js:19:14:19:18 | x + y | -| partial.js:19:14:19:18 | x + y | -| partial.js:22:51:22:57 | req.url | -| partial.js:22:51:22:57 | req.url | -| partial.js:27:25:27:25 | x | -| partial.js:28:14:28:14 | x | -| partial.js:28:14:28:18 | x + y | -| partial.js:28:14:28:18 | x + y | -| partial.js:31:47:31:53 | req.url | -| partial.js:31:47:31:53 | req.url | -| partial.js:36:25:36:25 | x | -| partial.js:37:14:37:14 | x | -| partial.js:37:14:37:18 | x + y | -| partial.js:37:14:37:18 | x + y | -| partial.js:40:43:40:49 | req.url | -| partial.js:40:43:40:49 | req.url | -| promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | -| promises.js:5:44:5:57 | req.query.data | -| promises.js:6:11:6:11 | x | -| promises.js:6:25:6:25 | x | -| promises.js:6:25:6:25 | x | -| tst2.js:6:7:6:30 | p | -| tst2.js:6:7:6:30 | r | -| tst2.js:6:9:6:9 | p | -| tst2.js:6:9:6:9 | p | -| tst2.js:6:12:6:15 | q: r | -| tst2.js:6:12:6:15 | q: r | -| tst2.js:7:12:7:12 | p | -| tst2.js:7:12:7:12 | p | -| tst2.js:8:12:8:12 | r | -| tst2.js:8:12:8:12 | r | -| tst2.js:14:7:14:24 | p | -| tst2.js:14:9:14:9 | p | -| tst2.js:14:9:14:9 | p | -| tst2.js:18:12:18:12 | p | -| tst2.js:18:12:18:12 | p | -| tst2.js:21:14:21:14 | p | -| tst2.js:21:14:21:14 | p | -| tst2.js:30:7:30:24 | p | -| tst2.js:30:9:30:9 | p | -| tst2.js:30:9:30:9 | p | -| tst2.js:33:11:33:11 | p | -| tst2.js:36:12:36:12 | p | -| tst2.js:36:12:36:12 | p | -| tst2.js:37:12:37:18 | other.p | -| tst2.js:37:12:37:18 | other.p | -| tst2.js:43:7:43:24 | p | -| tst2.js:43:9:43:9 | p | -| tst2.js:43:9:43:9 | p | -| tst2.js:49:7:49:53 | unsafe | -| tst2.js:49:16:49:53 | seriali ... true}) | -| tst2.js:49:36:49:36 | p | -| tst2.js:51:12:51:17 | unsafe | -| tst2.js:51:12:51:17 | unsafe | -| tst2.js:57:7:57:24 | p | -| tst2.js:57:9:57:9 | p | -| tst2.js:57:9:57:9 | p | -| tst2.js:60:11:60:11 | p | -| tst2.js:63:12:63:12 | p | -| tst2.js:63:12:63:12 | p | -| tst2.js:64:12:64:18 | other.p | -| tst2.js:64:12:64:18 | other.p | -| tst2.js:69:7:69:24 | p | -| tst2.js:69:9:69:9 | p | -| tst2.js:69:9:69:9 | p | -| tst2.js:72:11:72:11 | p | -| tst2.js:75:12:75:12 | p | -| tst2.js:75:12:75:12 | p | -| tst2.js:76:12:76:18 | other.p | -| tst2.js:76:12:76:18 | other.p | -| tst2.js:82:7:82:24 | p | -| tst2.js:82:9:82:9 | p | -| tst2.js:82:9:82:9 | p | -| tst2.js:85:11:85:11 | p | -| tst2.js:88:12:88:12 | p | -| tst2.js:88:12:88:12 | p | -| tst2.js:89:12:89:18 | other.p | -| tst2.js:89:12:89:18 | other.p | -| tst3.js:5:7:5:24 | p | -| tst3.js:5:9:5:9 | p | -| tst3.js:5:9:5:9 | p | -| tst3.js:6:12:6:12 | p | -| tst3.js:6:12:6:12 | p | -| tst3.js:11:9:11:74 | code | -| tst3.js:11:16:11:74 | prettie ... bel" }) | -| tst3.js:11:32:11:39 | reg.body | -| tst3.js:11:32:11:39 | reg.body | -| tst3.js:12:12:12:15 | code | -| tst3.js:12:12:12:15 | code | edges | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | | ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | | ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable | -| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | -| ReflectedXss.js:32:5:32:22 | ['body', req.body] | ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | -| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] | -| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] | -| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | +| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | | ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | | ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | | ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | | ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | -| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | | ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | | ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | | ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | -| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | | ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | | ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | | ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | | ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | | ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | | ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | | ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | | ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | | ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | +| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:77:16:77:20 | value | +| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:105:18:105:22 | value | +| ReflectedXssGood3.js:77:7:77:37 | parts | ReflectedXssGood3.js:108:10:108:14 | parts | +| ReflectedXssGood3.js:77:16:77:20 | value | ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:7:77:37 | parts | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:77:7:77:37 | parts | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | +| ReflectedXssGood3.js:105:18:105:22 | value | ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | +| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts | +| ReflectedXssGood3.js:108:10:108:14 | parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | | ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url | | ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | -| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | +| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | | ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | | etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | -| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | -| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" | -| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" | -| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response | +| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response | | formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | | formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil | | formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | -| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | -| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | | formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | | formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | -| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | | live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted | | live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | -| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | -| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | ` ... /html>` | | live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | ` ... /html>` | | live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted | | live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | -| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | -| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | ` ... /html>` | | live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | ` ... /html>` | -| pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url | | partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x | | partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | -| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | -| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | | partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | | partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x | | partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | -| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | -| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | | partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | | partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x | | partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | -| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | -| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | | partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | | partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x | | partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | -| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | | partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | -| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | -| promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x | -| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x | -| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x | -| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | +| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | promises.js:6:11:6:11 | x | +| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | +| promises.js:5:44:5:57 | req.query.data | promises.js:5:36:5:42 | [post update] resolve [resolve-value] | | promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | | tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | -| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | -| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | | tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | | tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | -| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | | tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | -| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | -| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | | tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | | tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | -| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | -| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | | tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | | tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p | | tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | -| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | -| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | | tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | -| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p | -| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p | +| tst2.js:32:7:32:14 | obj [p] | tst2.js:34:21:34:23 | obj [p] | +| tst2.js:33:3:33:5 | [post update] obj [p] | tst2.js:32:7:32:14 | obj [p] | +| tst2.js:33:11:33:11 | p | tst2.js:33:3:33:5 | [post update] obj [p] | +| tst2.js:34:7:34:24 | other [p] | tst2.js:37:12:37:16 | other [p] | +| tst2.js:34:15:34:24 | clone(obj) [p] | tst2.js:34:7:34:24 | other [p] | +| tst2.js:34:21:34:23 | obj [p] | tst2.js:34:15:34:24 | clone(obj) [p] | +| tst2.js:37:12:37:16 | other [p] | tst2.js:37:12:37:18 | other.p | | tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p | | tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | -| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | -| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | | tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | | tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe | | tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) | | tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p | | tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | -| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | -| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | | tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | -| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p | -| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p | +| tst2.js:59:7:59:14 | obj [p] | tst2.js:61:22:61:24 | obj [p] | +| tst2.js:60:3:60:5 | [post update] obj [p] | tst2.js:59:7:59:14 | obj [p] | +| tst2.js:60:11:60:11 | p | tst2.js:60:3:60:5 | [post update] obj [p] | +| tst2.js:61:7:61:25 | other [p] | tst2.js:64:12:64:16 | other [p] | +| tst2.js:61:15:61:25 | fclone(obj) [p] | tst2.js:61:7:61:25 | other [p] | +| tst2.js:61:22:61:24 | obj [p] | tst2.js:61:15:61:25 | fclone(obj) [p] | +| tst2.js:64:12:64:16 | other [p] | tst2.js:64:12:64:18 | other.p | | tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p | | tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | -| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | | tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | -| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | -| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p | -| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p | +| tst2.js:71:7:71:14 | obj [p] | tst2.js:73:40:73:42 | obj [p] | +| tst2.js:72:3:72:5 | [post update] obj [p] | tst2.js:71:7:71:14 | obj [p] | +| tst2.js:72:11:72:11 | p | tst2.js:72:3:72:5 | [post update] obj [p] | +| tst2.js:73:7:73:44 | other [p] | tst2.js:76:12:76:16 | other [p] | +| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | tst2.js:73:7:73:44 | other [p] | +| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | +| tst2.js:73:40:73:42 | obj [p] | tst2.js:73:29:73:43 | jc.decycle(obj) [p] | +| tst2.js:76:12:76:16 | other [p] | tst2.js:76:12:76:18 | other.p | | tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p | | tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | -| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | -| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | | tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | -| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p | -| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p | +| tst2.js:84:7:84:14 | obj [p] | tst2.js:86:24:86:26 | obj [p] | +| tst2.js:85:3:85:5 | [post update] obj [p] | tst2.js:84:7:84:14 | obj [p] | +| tst2.js:85:11:85:11 | p | tst2.js:85:3:85:5 | [post update] obj [p] | +| tst2.js:86:7:86:27 | other [p] | tst2.js:89:12:89:16 | other [p] | +| tst2.js:86:15:86:27 | sortKeys(obj) [p] | tst2.js:86:7:86:27 | other [p] | +| tst2.js:86:24:86:26 | obj [p] | tst2.js:86:15:86:27 | sortKeys(obj) [p] | +| tst2.js:89:12:89:16 | other [p] | tst2.js:89:12:89:18 | other.p | | tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | -| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | -| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | | tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | | tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | -| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | | tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code | | tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | -| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | +nodes +| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id | +| ReflectedXss.js:8:33:8:45 | req.params.id | semmle.label | req.params.id | +| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id | +| ReflectedXss.js:17:31:17:39 | params.id | semmle.label | params.id | +| ReflectedXss.js:22:12:22:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:23:12:23:27 | marked(req.body) | semmle.label | marked(req.body) | +| ReflectedXss.js:23:19:23:26 | req.body | semmle.label | req.body | +| ReflectedXss.js:29:12:29:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:30:7:33:4 | mytable | semmle.label | mytable | +| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | semmle.label | table([ ... y]\\n ]) | +| ReflectedXss.js:32:14:32:21 | req.body | semmle.label | req.body | +| ReflectedXss.js:34:12:34:18 | mytable | semmle.label | mytable | +| ReflectedXss.js:41:12:41:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:42:12:42:39 | convert ... q.body) | semmle.label | convert ... q.body) | +| ReflectedXss.js:42:31:42:38 | req.body | semmle.label | req.body | +| ReflectedXss.js:56:12:56:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:64:14:64:21 | req.body | semmle.label | req.body | +| ReflectedXss.js:64:39:64:42 | file | semmle.label | file | +| ReflectedXss.js:65:16:65:19 | file | semmle.label | file | +| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | semmle.label | remark( ... q.body) | +| ReflectedXss.js:68:12:68:52 | remark( ... tring() | semmle.label | remark( ... tring() | +| ReflectedXss.js:68:33:68:40 | req.body | semmle.label | req.body | +| ReflectedXss.js:72:12:72:56 | unified ... q.body) | semmle.label | unified ... q.body) | +| ReflectedXss.js:72:12:72:65 | unified ... oString | semmle.label | unified ... oString | +| ReflectedXss.js:72:48:72:55 | req.body | semmle.label | req.body | +| ReflectedXss.js:74:20:74:27 | req.body | semmle.label | req.body | +| ReflectedXss.js:74:34:74:34 | f | semmle.label | f | +| ReflectedXss.js:75:14:75:14 | f | semmle.label | f | +| ReflectedXss.js:83:12:83:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | semmle.label | snarkdown(req.body) | +| ReflectedXss.js:84:22:84:29 | req.body | semmle.label | req.body | +| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | semmle.label | snarkdown2(req.body) | +| ReflectedXss.js:85:23:85:30 | req.body | semmle.label | req.body | +| ReflectedXss.js:97:12:97:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:98:30:98:37 | req.body | semmle.label | req.body | +| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:100:31:100:38 | req.body | semmle.label | req.body | +| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:103:76:103:83 | req.body | semmle.label | req.body | +| ReflectedXss.js:110:16:110:30 | request.query.p | semmle.label | request.query.p | +| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | semmle.label | req.params.id | +| ReflectedXssGood3.js:68:22:68:26 | value | semmle.label | value | +| ReflectedXssGood3.js:77:7:77:37 | parts | semmle.label | parts | +| ReflectedXssGood3.js:77:16:77:20 | value | semmle.label | value | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | semmle.label | value.s ... g(0, i) | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | semmle.label | [post update] parts | +| ReflectedXssGood3.js:105:18:105:22 | value | semmle.label | value | +| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | semmle.label | value.s ... g(j, i) | +| ReflectedXssGood3.js:108:10:108:14 | parts | semmle.label | parts | +| ReflectedXssGood3.js:108:10:108:23 | parts.join('') | semmle.label | parts.join('') | +| ReflectedXssGood3.js:135:9:135:27 | url | semmle.label | url | +| ReflectedXssGood3.js:135:15:135:27 | req.params.id | semmle.label | req.params.id | +| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | semmle.label | escapeHtml3(url) | +| ReflectedXssGood3.js:139:24:139:26 | url | semmle.label | url | +| etherpad.js:9:5:9:53 | response | semmle.label | response | +| etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp | +| etherpad.js:11:12:11:19 | response | semmle.label | response | +| formatting.js:4:9:4:29 | evil | semmle.label | evil | +| formatting.js:4:16:4:29 | req.query.evil | semmle.label | req.query.evil | +| formatting.js:6:14:6:47 | util.fo ... , evil) | semmle.label | util.fo ... , evil) | +| formatting.js:6:43:6:46 | evil | semmle.label | evil | +| formatting.js:7:14:7:53 | require ... , evil) | semmle.label | require ... , evil) | +| formatting.js:7:49:7:52 | evil | semmle.label | evil | +| live-server.js:4:11:4:27 | tainted | semmle.label | tainted | +| live-server.js:4:21:4:27 | req.url | semmle.label | req.url | +| live-server.js:6:13:6:50 | ` ... /html>` | semmle.label | ` ... /html>` | +| live-server.js:6:28:6:34 | tainted | semmle.label | tainted | +| live-server.js:10:11:10:27 | tainted | semmle.label | tainted | +| live-server.js:10:21:10:27 | req.url | semmle.label | req.url | +| live-server.js:12:13:12:50 | ` ... /html>` | semmle.label | ` ... /html>` | +| live-server.js:12:28:12:34 | tainted | semmle.label | tainted | +| pages/Next.jsx:8:13:8:19 | req.url | semmle.label | req.url | +| pages/Next.jsx:15:13:15:19 | req.url | semmle.label | req.url | +| pages/api/myapi.js:2:14:2:20 | req.url | semmle.label | req.url | +| partial.js:9:25:9:25 | x | semmle.label | x | +| partial.js:10:14:10:14 | x | semmle.label | x | +| partial.js:10:14:10:18 | x + y | semmle.label | x + y | +| partial.js:13:42:13:48 | req.url | semmle.label | req.url | +| partial.js:18:25:18:25 | x | semmle.label | x | +| partial.js:19:14:19:14 | x | semmle.label | x | +| partial.js:19:14:19:18 | x + y | semmle.label | x + y | +| partial.js:22:51:22:57 | req.url | semmle.label | req.url | +| partial.js:27:25:27:25 | x | semmle.label | x | +| partial.js:28:14:28:14 | x | semmle.label | x | +| partial.js:28:14:28:18 | x + y | semmle.label | x + y | +| partial.js:31:47:31:53 | req.url | semmle.label | req.url | +| partial.js:36:25:36:25 | x | semmle.label | x | +| partial.js:37:14:37:14 | x | semmle.label | x | +| partial.js:37:14:37:18 | x + y | semmle.label | x + y | +| partial.js:40:43:40:49 | req.url | semmle.label | req.url | +| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | semmle.label | new Pro ... .data)) [PromiseValue] | +| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | semmle.label | [post update] resolve [resolve-value] | +| promises.js:5:44:5:57 | req.query.data | semmle.label | req.query.data | +| promises.js:6:11:6:11 | x | semmle.label | x | +| promises.js:6:25:6:25 | x | semmle.label | x | +| tst2.js:6:7:6:30 | p | semmle.label | p | +| tst2.js:6:7:6:30 | r | semmle.label | r | +| tst2.js:6:9:6:9 | p | semmle.label | p | +| tst2.js:6:12:6:15 | q: r | semmle.label | q: r | +| tst2.js:7:12:7:12 | p | semmle.label | p | +| tst2.js:8:12:8:12 | r | semmle.label | r | +| tst2.js:14:7:14:24 | p | semmle.label | p | +| tst2.js:14:9:14:9 | p | semmle.label | p | +| tst2.js:18:12:18:12 | p | semmle.label | p | +| tst2.js:21:14:21:14 | p | semmle.label | p | +| tst2.js:30:7:30:24 | p | semmle.label | p | +| tst2.js:30:9:30:9 | p | semmle.label | p | +| tst2.js:32:7:32:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:33:3:33:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:33:11:33:11 | p | semmle.label | p | +| tst2.js:34:7:34:24 | other [p] | semmle.label | other [p] | +| tst2.js:34:15:34:24 | clone(obj) [p] | semmle.label | clone(obj) [p] | +| tst2.js:34:21:34:23 | obj [p] | semmle.label | obj [p] | +| tst2.js:36:12:36:12 | p | semmle.label | p | +| tst2.js:37:12:37:16 | other [p] | semmle.label | other [p] | +| tst2.js:37:12:37:18 | other.p | semmle.label | other.p | +| tst2.js:43:7:43:24 | p | semmle.label | p | +| tst2.js:43:9:43:9 | p | semmle.label | p | +| tst2.js:49:7:49:53 | unsafe | semmle.label | unsafe | +| tst2.js:49:16:49:53 | seriali ... true}) | semmle.label | seriali ... true}) | +| tst2.js:49:36:49:36 | p | semmle.label | p | +| tst2.js:51:12:51:17 | unsafe | semmle.label | unsafe | +| tst2.js:57:7:57:24 | p | semmle.label | p | +| tst2.js:57:9:57:9 | p | semmle.label | p | +| tst2.js:59:7:59:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:60:3:60:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:60:11:60:11 | p | semmle.label | p | +| tst2.js:61:7:61:25 | other [p] | semmle.label | other [p] | +| tst2.js:61:15:61:25 | fclone(obj) [p] | semmle.label | fclone(obj) [p] | +| tst2.js:61:22:61:24 | obj [p] | semmle.label | obj [p] | +| tst2.js:63:12:63:12 | p | semmle.label | p | +| tst2.js:64:12:64:16 | other [p] | semmle.label | other [p] | +| tst2.js:64:12:64:18 | other.p | semmle.label | other.p | +| tst2.js:69:7:69:24 | p | semmle.label | p | +| tst2.js:69:9:69:9 | p | semmle.label | p | +| tst2.js:71:7:71:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:72:3:72:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:72:11:72:11 | p | semmle.label | p | +| tst2.js:73:7:73:44 | other [p] | semmle.label | other [p] | +| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | semmle.label | jc.retr ... e(obj)) [p] | +| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | semmle.label | jc.decycle(obj) [p] | +| tst2.js:73:40:73:42 | obj [p] | semmle.label | obj [p] | +| tst2.js:75:12:75:12 | p | semmle.label | p | +| tst2.js:76:12:76:16 | other [p] | semmle.label | other [p] | +| tst2.js:76:12:76:18 | other.p | semmle.label | other.p | +| tst2.js:82:7:82:24 | p | semmle.label | p | +| tst2.js:82:9:82:9 | p | semmle.label | p | +| tst2.js:84:7:84:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:85:3:85:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:85:11:85:11 | p | semmle.label | p | +| tst2.js:86:7:86:27 | other [p] | semmle.label | other [p] | +| tst2.js:86:15:86:27 | sortKeys(obj) [p] | semmle.label | sortKeys(obj) [p] | +| tst2.js:86:24:86:26 | obj [p] | semmle.label | obj [p] | +| tst2.js:88:12:88:12 | p | semmle.label | p | +| tst2.js:89:12:89:16 | other [p] | semmle.label | other [p] | +| tst2.js:89:12:89:18 | other.p | semmle.label | other.p | +| tst3.js:5:7:5:24 | p | semmle.label | p | +| tst3.js:5:9:5:9 | p | semmle.label | p | +| tst3.js:6:12:6:12 | p | semmle.label | p | +| tst3.js:11:9:11:74 | code | semmle.label | code | +| tst3.js:11:16:11:74 | prettie ... bel" }) | semmle.label | prettie ... bel" }) | +| tst3.js:11:32:11:39 | reg.body | semmle.label | reg.body | +| tst3.js:12:12:12:15 | code | semmle.label | code | +subpaths +| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | #select | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value | | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value | From 5f05232e023536a57e5ec851b4e3608ce5ee58a1 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:31:50 +0200 Subject: [PATCH 050/223] JS: Port StoredXss --- .../dataflow/StoredXssCustomizations.qll | 15 +++ .../security/dataflow/StoredXssQuery.qll | 25 ++++- .../ql/src/Security/CWE-079/StoredXss.ql | 6 +- .../CWE-079/StoredXss/StoredXss.expected | 95 ++++++++++--------- 4 files changed, 90 insertions(+), 51 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll index 16fe8e44a9ca..b0de349a53d8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll @@ -21,6 +21,21 @@ module StoredXss { /** A sanitizer for stored XSS vulnerabilities. */ abstract class Sanitizer extends Shared::Sanitizer { } + /** + * A barrier guard for stored XSS. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** An arbitrary XSS sink, considered as a flow sink for stored XSS. */ private class AnySink extends Sink { AnySink() { this instanceof Shared::Sink } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll index cc2f39471869..b40b610b71e9 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll @@ -8,9 +8,25 @@ import StoredXssCustomizations::StoredXss private import Xss::Shared as Shared /** - * A taint-tracking configuration for reasoning about XSS. + * A taint-tracking configuration for reasoning about stored XSS. */ -class Configuration extends TaintTracking::Configuration { +module StoredXssConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about stored XSS. + */ +module StoredXssFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `StoredXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "StoredXss" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -28,11 +44,10 @@ class Configuration extends TaintTracking::Configuration { } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/src/Security/CWE-079/StoredXss.ql b/javascript/ql/src/Security/CWE-079/StoredXss.ql index d5f28b28e557..5aabb1cd1151 100644 --- a/javascript/ql/src/Security/CWE-079/StoredXss.ql +++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.StoredXssQuery -import DataFlow::PathGraph +import StoredXssFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink +where StoredXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Stored cross-site scripting vulnerability due to $@.", source.getNode(), "stored value" diff --git a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected index d6142c980b64..53f02ae19f21 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected @@ -1,55 +1,64 @@ -nodes -| xss-through-filenames.js:7:43:7:48 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | -| xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | -| xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:29:13:29:23 | files2 | -| xss-through-filenames.js:29:22:29:23 | [] | -| xss-through-filenames.js:30:9:30:14 | files1 | -| xss-through-filenames.js:30:34:30:37 | file | -| xss-through-filenames.js:31:25:31:28 | file | -| xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:35:13:35:35 | files3 | -| xss-through-filenames.js:35:22:35:35 | format(files2) | -| xss-through-filenames.js:35:29:35:34 | files2 | -| xss-through-filenames.js:37:19:37:24 | files3 | -| xss-through-filenames.js:37:19:37:24 | files3 | -| xss-through-torrent.js:6:6:6:24 | name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | -| xss-through-torrent.js:7:11:7:14 | name | -| xss-through-torrent.js:7:11:7:14 | name | edges | xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | +| xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:19:9:19:14 | files2 | +| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | +| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | +| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | +| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | +| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | +| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | -| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:35:29:35:34 | files2 | -| xss-through-filenames.js:29:22:29:23 | [] | xss-through-filenames.js:29:13:29:23 | files2 | -| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | -| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file | -| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:29:22:29:23 | [] | -| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | +| xss-through-filenames.js:33:19:33:24 | files2 | xss-through-filenames.js:35:29:35:34 | files2 | +| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | | xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | | xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 | +| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | | xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:35:22:35:35 | format(files2) | | xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | -| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | | xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | +nodes +| xss-through-filenames.js:7:43:7:48 | files1 | semmle.label | files1 | +| xss-through-filenames.js:8:18:8:23 | files1 | semmle.label | files1 | +| xss-through-filenames.js:17:21:17:26 | files2 | semmle.label | files2 | +| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:19:9:19:14 | files2 | semmle.label | files2 | +| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | semmle.label | files2.sort(sort) | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | semmle.label | files2.sort(sort) | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] | +| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 | +| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 | +| xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') | +| xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') | +| xss-through-filenames.js:25:43:25:48 | files1 | semmle.label | files1 | +| xss-through-filenames.js:26:19:26:24 | files1 | semmle.label | files1 | +| xss-through-filenames.js:30:9:30:14 | files1 | semmle.label | files1 | +| xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 | +| xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 | +| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:35:13:35:35 | files3 | semmle.label | files3 | +| xss-through-filenames.js:35:22:35:35 | format(files2) | semmle.label | format(files2) | +| xss-through-filenames.js:35:29:35:34 | files2 | semmle.label | files2 | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:37:19:37:24 | files3 | semmle.label | files3 | +| xss-through-torrent.js:6:6:6:24 | name | semmle.label | name | +| xss-through-torrent.js:6:13:6:24 | torrent.name | semmle.label | torrent.name | +| xss-through-torrent.js:7:11:7:14 | name | semmle.label | name | +subpaths +| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) | #select | xss-through-filenames.js:8:18:8:23 | files1 | xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:7:43:7:48 | files1 | stored value | | xss-through-filenames.js:26:19:26:24 | files1 | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:25:43:25:48 | files1 | stored value | From cf5450dbd55a59bf4a6369f2da01938907a1995c Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:32:04 +0200 Subject: [PATCH 051/223] JS: Port XssThroughDom --- .../dataflow/XssThroughDomCustomizations.qll | 15 + .../security/dataflow/XssThroughDomQuery.qll | 52 ++- .../ql/src/Security/CWE-079/XssThroughDom.ql | 8 +- .../XssThroughDom/ConsistencyXssThroughDom.ql | 13 +- .../XssThroughDom/XssThroughDom.expected | 319 +++++------------- 5 files changed, 160 insertions(+), 247 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll index a1074e49eb20..7e5437123316 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll @@ -16,6 +16,21 @@ module XssThroughDom { /** A data flow source for XSS through DOM vulnerabilities. */ abstract class Source extends Shared::Source { } + /** + * A barrier guard for XSS through the DOM. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** * Gets an attribute name that could store user-controlled data. * diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll index cc75078fd67e..c9d8112ba5dd 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll @@ -11,7 +11,44 @@ private import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizati /** * A taint-tracking configuration for reasoning about XSS through the DOM. */ -class Configuration extends TaintTracking::Configuration { +module XssThroughDomConfig implements DataFlow::ConfigSig { + // NOTE: Gained FP in Lucifier due to spurious source but with more data flow (I think). + // TODO: Seen unexplained FP in meteor, likely due to spurious flow into a callback coming from another call site + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof DomBasedXss::Sanitizer or + DomBasedXss::isOptionallySanitizedNode(node) or + node = DataFlow::MakeBarrierGuard::getABarrierNode() or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + succ = DataFlow::globalVarRef("URL").getAMemberCall("createObjectURL") and + pred = succ.(DataFlow::InvokeNode).getArgument(0) + } +} + +/** + * Taint-tracking configuration for reasoning about XSS through the DOM. + */ +module XssThroughDomFlow = TaintTracking::Global; + +/** + * Holds if the `source,sink` pair should not be reported. + */ +bindingset[source, sink] +predicate isIgnoredSourceSinkPair(Source source, DomBasedXss::Sink sink) { + source.(DomPropertySource).getPropertyName() = "src" and + sink instanceof DomBasedXss::WriteUrlSink +} + +/** + * DEPRECATED. Use the `XssThroughDomFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "XssThroughDOM" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -49,14 +86,14 @@ class Configuration extends TaintTracking::Configuration { } /** A test for the value of `typeof x`, restricting the potential types of `x`. */ -class TypeTestGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { +class TypeTestGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; boolean polarity; TypeTestGuard() { TaintTracking::isStringTypeGuard(astNode, operand, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { polarity = outcome and e = operand } @@ -64,9 +101,7 @@ class TypeTestGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNo private import semmle.javascript.security.dataflow.Xss::Shared as Shared -private class PrefixStringSanitizer extends TaintTracking::SanitizerGuardNode, - DomBasedXss::PrefixStringSanitizer -{ +private class PrefixStringSanitizer extends DomBasedXss::PrefixStringSanitizer { PrefixStringSanitizer() { this = this } } @@ -74,11 +109,10 @@ private class PrefixString extends DataFlow::FlowLabel, DomBasedXss::PrefixStrin PrefixString() { this = this } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql index 87a76d822277..e690e2bab28e 100644 --- a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql +++ b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql @@ -14,9 +14,11 @@ import javascript import semmle.javascript.security.dataflow.XssThroughDomQuery -import DataFlow::PathGraph +import XssThroughDomFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XssThroughDomFlow::PathNode source, XssThroughDomFlow::PathNode sink +where + XssThroughDomFlow::flowPath(source, sink) and + not isIgnoredSourceSinkPair(source.getNode(), sink.getNode()) select sink.getNode(), source, sink, "$@ is reinterpreted as HTML without escaping meta-characters.", source.getNode(), "DOM text" diff --git a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql index 75416d5a0dc2..08eb6eda7fbf 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql @@ -1,3 +1,14 @@ import javascript import testUtilities.ConsistencyChecking -import semmle.javascript.security.dataflow.XssThroughDomQuery as ThroughDomXss +import semmle.javascript.security.dataflow.XssThroughDomQuery + +class ConsistencyConfig extends ConsistencyConfiguration { + ConsistencyConfig() { this = "ConsistencyConfig" } + + override DataFlow::Node getAnAlert() { + exists(DataFlow::Node source | + XssThroughDomFlow::flow(source, result) and + not isIgnoredSourceSinkPair(source, result) + ) + } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected index 83147705499c..156b4b7e2f20 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected @@ -1,277 +1,128 @@ -nodes -| forms.js:8:23:8:28 | values | -| forms.js:8:23:8:28 | values | -| forms.js:9:31:9:36 | values | -| forms.js:9:31:9:40 | values.foo | -| forms.js:9:31:9:40 | values.foo | -| forms.js:11:24:11:29 | values | -| forms.js:11:24:11:29 | values | -| forms.js:12:31:12:36 | values | -| forms.js:12:31:12:40 | values.bar | -| forms.js:12:31:12:40 | values.bar | -| forms.js:24:15:24:20 | values | -| forms.js:24:15:24:20 | values | -| forms.js:25:23:25:28 | values | -| forms.js:25:23:25:34 | values.email | -| forms.js:25:23:25:34 | values.email | -| forms.js:28:20:28:25 | values | -| forms.js:28:20:28:25 | values | -| forms.js:29:23:29:28 | values | -| forms.js:29:23:29:34 | values.email | -| forms.js:29:23:29:34 | values.email | -| forms.js:34:11:34:53 | values | -| forms.js:34:13:34:18 | values | -| forms.js:34:13:34:18 | values | -| forms.js:35:19:35:24 | values | -| forms.js:35:19:35:30 | values.email | -| forms.js:35:19:35:30 | values.email | -| forms.js:44:21:44:26 | values | -| forms.js:44:21:44:26 | values | -| forms.js:45:21:45:26 | values | -| forms.js:45:21:45:33 | values.stooge | -| forms.js:45:21:45:33 | values.stooge | -| forms.js:57:19:57:32 | e.target.value | -| forms.js:57:19:57:32 | e.target.value | -| forms.js:57:19:57:32 | e.target.value | -| forms.js:71:21:71:24 | data | -| forms.js:71:21:71:24 | data | -| forms.js:72:19:72:22 | data | -| forms.js:72:19:72:27 | data.name | -| forms.js:72:19:72:27 | data.name | -| forms.js:92:17:92:36 | values | -| forms.js:92:26:92:36 | getValues() | -| forms.js:92:26:92:36 | getValues() | -| forms.js:93:25:93:30 | values | -| forms.js:93:25:93:35 | values.name | -| forms.js:93:25:93:35 | values.name | -| forms.js:103:23:103:36 | e.target.value | -| forms.js:103:23:103:36 | e.target.value | -| forms.js:103:23:103:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:73:9:73:41 | selector | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | -| xss-through-dom.js:77:4:77:11 | selector | -| xss-through-dom.js:77:4:77:11 | selector | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | -| xss-through-dom.js:84:8:84:30 | text | -| xss-through-dom.js:84:15:84:30 | $("text").text() | -| xss-through-dom.js:84:15:84:30 | $("text").text() | -| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:86:33:86:36 | text | -| xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:87:36:87:39 | text | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:45:109:55 | this.el.src | -| xss-through-dom.js:109:45:109:55 | this.el.src | -| xss-through-dom.js:114:11:114:52 | src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | -| xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:117:26:117:28 | src | -| xss-through-dom.js:117:26:117:28 | src | -| xss-through-dom.js:120:23:120:37 | ev.target.files | -| xss-through-dom.js:120:23:120:37 | ev.target.files | -| xss-through-dom.js:120:23:120:40 | ev.target.files[0] | -| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | -| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | -| xss-through-dom.js:122:53:122:67 | ev.target.files | -| xss-through-dom.js:122:53:122:67 | ev.target.files | -| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | -| xss-through-dom.js:130:6:130:68 | linkText | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | -| xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:139:11:139:52 | src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | -| xss-through-dom.js:140:19:140:21 | src | -| xss-through-dom.js:140:19:140:21 | src | -| xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:150:24:150:26 | src | -| xss-through-dom.js:150:24:150:26 | src | -| xss-through-dom.js:154:25:154:27 | msg | -| xss-through-dom.js:155:27:155:29 | msg | -| xss-through-dom.js:155:27:155:29 | msg | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | edges | forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values | -| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values | -| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo | | forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo | | forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values | -| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values | -| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar | | forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar | | forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values | -| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values | -| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email | | forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email | | forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values | -| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values | -| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email | | forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email | | forms.js:34:11:34:53 | values | forms.js:35:19:35:24 | values | | forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values | -| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values | | forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email | -| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email | -| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values | | forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values | | forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge | -| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge | -| forms.js:57:19:57:32 | e.target.value | forms.js:57:19:57:32 | e.target.value | | forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data | -| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data | -| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name | | forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name | | forms.js:92:17:92:36 | values | forms.js:93:25:93:30 | values | | forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values | -| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values | -| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name | | forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name | -| forms.js:103:23:103:36 | e.target.value | forms.js:103:23:103:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | forms.js:107:23:107:36 | e.target.value | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:19:3:19:44 | documen ... Content | xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector | | xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector | | xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | | xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:86:33:86:36 | text | | xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:87:36:87:39 | text | | xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text | -| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text | | xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | | xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | | xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | | xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src | | xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src | | xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src | -| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:40 | ev.target.files[0] | -| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:40 | ev.target.files[0] | -| xss-through-dom.js:120:23:120:40 | ev.target.files[0] | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:120:23:120:40 | ev.target.files[0] | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | +| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | | xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | -| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | -| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | | xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText | | xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:62 | wSelect ... tring() | xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' | -| xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' | xss-through-dom.js:130:6:130:68 | linkText | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src | +| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | +| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | | xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src | | xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src | | xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src | | xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src | -| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg | | xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg | | xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg | +nodes +| forms.js:8:23:8:28 | values | semmle.label | values | +| forms.js:9:31:9:36 | values | semmle.label | values | +| forms.js:9:31:9:40 | values.foo | semmle.label | values.foo | +| forms.js:11:24:11:29 | values | semmle.label | values | +| forms.js:12:31:12:36 | values | semmle.label | values | +| forms.js:12:31:12:40 | values.bar | semmle.label | values.bar | +| forms.js:24:15:24:20 | values | semmle.label | values | +| forms.js:25:23:25:28 | values | semmle.label | values | +| forms.js:25:23:25:34 | values.email | semmle.label | values.email | +| forms.js:28:20:28:25 | values | semmle.label | values | +| forms.js:29:23:29:28 | values | semmle.label | values | +| forms.js:29:23:29:34 | values.email | semmle.label | values.email | +| forms.js:34:11:34:53 | values | semmle.label | values | +| forms.js:34:13:34:18 | values | semmle.label | values | +| forms.js:35:19:35:24 | values | semmle.label | values | +| forms.js:35:19:35:30 | values.email | semmle.label | values.email | +| forms.js:44:21:44:26 | values | semmle.label | values | +| forms.js:45:21:45:26 | values | semmle.label | values | +| forms.js:45:21:45:33 | values.stooge | semmle.label | values.stooge | +| forms.js:57:19:57:32 | e.target.value | semmle.label | e.target.value | +| forms.js:71:21:71:24 | data | semmle.label | data | +| forms.js:72:19:72:22 | data | semmle.label | data | +| forms.js:72:19:72:27 | data.name | semmle.label | data.name | +| forms.js:92:17:92:36 | values | semmle.label | values | +| forms.js:92:26:92:36 | getValues() | semmle.label | getValues() | +| forms.js:93:25:93:30 | values | semmle.label | values | +| forms.js:93:25:93:35 | values.name | semmle.label | values.name | +| forms.js:103:23:103:36 | e.target.value | semmle.label | e.target.value | +| forms.js:107:23:107:36 | e.target.value | semmle.label | e.target.value | +| xss-through-dom.js:2:16:2:34 | $("textarea").val() | semmle.label | $("textarea").val() | +| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | semmle.label | $(".som ... .text() | +| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | semmle.label | $(".som ... arget") | +| xss-through-dom.js:11:3:11:42 | documen ... nerText | semmle.label | documen ... nerText | +| xss-through-dom.js:19:3:19:44 | documen ... Content | semmle.label | documen ... Content | +| xss-through-dom.js:23:3:23:48 | documen ... ].value | semmle.label | documen ... ].value | +| xss-through-dom.js:27:3:27:61 | documen ... arget') | semmle.label | documen ... arget') | +| xss-through-dom.js:51:30:51:48 | $("textarea").val() | semmle.label | $("textarea").val() | +| xss-through-dom.js:54:31:54:49 | $("textarea").val() | semmle.label | $("textarea").val() | +| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name | +| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | semmle.label | $("inpu ... "name") | +| xss-through-dom.js:61:30:61:69 | $(docum ... value") | semmle.label | $(docum ... value") | +| xss-through-dom.js:64:30:64:40 | valMethod() | semmle.label | valMethod() | +| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name | +| xss-through-dom.js:73:9:73:41 | selector | semmle.label | selector | +| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name | +| xss-through-dom.js:77:4:77:11 | selector | semmle.label | selector | +| xss-through-dom.js:79:4:79:34 | documen ... t.value | semmle.label | documen ... t.value | +| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | semmle.label | $('#foo ... rText') | +| xss-through-dom.js:84:8:84:30 | text | semmle.label | text | +| xss-through-dom.js:84:15:84:30 | $("text").text() | semmle.label | $("text").text() | +| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | semmle.label | anser.a ... l(text) | +| xss-through-dom.js:86:33:86:36 | text | semmle.label | text | +| xss-through-dom.js:87:16:87:40 | new ans ... s(text) | semmle.label | new ans ... s(text) | +| xss-through-dom.js:87:36:87:39 | text | semmle.label | text | +| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | semmle.label | $("#foo ... ].value | +| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | semmle.label | $("#foo ... ].value | +| xss-through-dom.js:109:31:109:70 | "" | semmle.label | "" | +| xss-through-dom.js:109:45:109:55 | this.el.src | semmle.label | this.el.src | +| xss-through-dom.js:114:11:114:52 | src | semmle.label | src | +| xss-through-dom.js:114:17:114:52 | documen ... k").src | semmle.label | documen ... k").src | +| xss-through-dom.js:115:16:115:18 | src | semmle.label | src | +| xss-through-dom.js:117:26:117:28 | src | semmle.label | src | +| xss-through-dom.js:120:23:120:37 | ev.target.files | semmle.label | ev.target.files | +| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | semmle.label | ev.targ ... 0].name | +| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | semmle.label | URL.cre ... les[0]) | +| xss-through-dom.js:122:53:122:67 | ev.target.files | semmle.label | ev.target.files | +| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | semmle.label | ev.target.files[0] | +| xss-through-dom.js:130:6:130:68 | linkText | semmle.label | linkText | +| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | semmle.label | wSelect ... tring() | +| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | semmle.label | dSelect ... tring() | +| xss-through-dom.js:131:19:131:26 | linkText | semmle.label | linkText | +| xss-through-dom.js:132:16:132:23 | linkText | semmle.label | linkText | +| xss-through-dom.js:139:11:139:52 | src | semmle.label | src | +| xss-through-dom.js:139:17:139:52 | documen ... k").src | semmle.label | documen ... k").src | +| xss-through-dom.js:140:19:140:21 | src | semmle.label | src | +| xss-through-dom.js:141:25:141:27 | src | semmle.label | src | +| xss-through-dom.js:150:24:150:26 | src | semmle.label | src | +| xss-through-dom.js:154:25:154:27 | msg | semmle.label | msg | +| xss-through-dom.js:155:27:155:29 | msg | semmle.label | msg | +| xss-through-dom.js:159:34:159:52 | $("textarea").val() | semmle.label | $("textarea").val() | +subpaths #select | forms.js:9:31:9:40 | values.foo | forms.js:8:23:8:28 | values | forms.js:9:31:9:40 | values.foo | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:8:23:8:28 | values | DOM text | | forms.js:12:31:12:40 | values.bar | forms.js:11:24:11:29 | values | forms.js:12:31:12:40 | values.bar | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:11:24:11:29 | values | DOM text | From d7b4e0c206c72a0f594bfffe9e279d2491922b70 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:32:10 +0200 Subject: [PATCH 052/223] JS: Port ExceptionXss --- .../security/dataflow/ExceptionXssQuery.qll | 41 +++- .../ql/src/Security/CWE-079/ExceptionXss.ql | 6 +- .../ExceptionXss/ExceptionXss.expected | 224 +++++++++--------- 3 files changed, 145 insertions(+), 126 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll index a8418898e1be..9a748c0c301a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll @@ -126,10 +126,41 @@ private DataFlow::Node getExceptionTarget(DataFlow::Node pred) { /** * A taint-tracking configuration for reasoning about XSS with possible exceptional flow. - * Flow labels are used to ensure that we only report taint-flow that has been thrown in + * Flow states are used to ensure that we only report taint-flow that has been thrown in * an exception. */ -class Configuration extends TaintTracking::Configuration { +module ExceptionXssConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getAFlowLabel() = label + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink instanceof XssShared::Sink and not label instanceof NotYetThrown + } + + predicate isBarrier(DataFlow::Node node) { node instanceof XssShared::Sanitizer } + + predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::FlowLabel inlbl, DataFlow::Node succ, DataFlow::FlowLabel outlbl + ) { + inlbl instanceof NotYetThrown and + (outlbl.isTaint() or outlbl instanceof NotYetThrown) and + canThrowSensitiveInformation(pred) and + succ = getExceptionTarget(pred) + } +} + +/** + * Taint-tracking for reasoning about XSS with possible exceptional flow. + */ +module ExceptionXssFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `ExceptionXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ExceptionXss" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { @@ -145,12 +176,10 @@ class Configuration extends TaintTracking::Configuration { override predicate isAdditionalFlowStep( DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl ) { - inlbl instanceof NotYetThrown and - (outlbl.isTaint() or outlbl instanceof NotYetThrown) and - canThrowSensitiveInformation(pred) and - succ = getExceptionTarget(pred) + ExceptionXssConfig::isAdditionalFlowStep(pred, inlbl, succ, outlbl) or // All the usual taint-flow steps apply on data-flow before it has been thrown in an exception. + // Note: this step is not needed in StateConfigSig module since flow states inherit taint steps. this.isAdditionalFlowStep(pred, succ) and inlbl instanceof NotYetThrown and outlbl instanceof NotYetThrown diff --git a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql index c43206abb66c..76e56f1494d4 100644 --- a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql +++ b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.ExceptionXssQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where ExceptionXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "$@ is reinterpreted as HTML without escaping meta-characters.", source.getNode(), source.getNode().(Source).getDescription() diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected index 0ff9bcb932ab..ed59047c25e0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected @@ -1,98 +1,85 @@ nodes -| ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:24:18:24:26 | val.error | -| ajv.js:24:18:24:26 | val.error | -| ajv.js:24:18:24:26 | val.error | -| exception-xss.js:2:6:2:28 | foo | -| exception-xss.js:2:12:2:28 | document.location | -| exception-xss.js:2:12:2:28 | document.location | -| exception-xss.js:9:11:9:13 | foo | -| exception-xss.js:10:11:10:11 | e | -| exception-xss.js:11:18:11:18 | e | -| exception-xss.js:11:18:11:18 | e | -| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | -| exception-xss.js:15:9:15:11 | foo | -| exception-xss.js:16:11:16:11 | e | -| exception-xss.js:17:18:17:18 | e | -| exception-xss.js:17:18:17:18 | e | -| exception-xss.js:21:11:21:13 | foo | -| exception-xss.js:21:11:21:21 | foo + "bar" | -| exception-xss.js:22:11:22:11 | e | -| exception-xss.js:23:18:23:18 | e | -| exception-xss.js:23:18:23:18 | e | -| exception-xss.js:33:11:33:22 | ["bar", foo] | -| exception-xss.js:33:19:33:21 | foo | -| exception-xss.js:34:11:34:11 | e | -| exception-xss.js:35:18:35:18 | e | -| exception-xss.js:35:18:35:18 | e | -| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | -| exception-xss.js:46:8:46:18 | "bar" + foo | -| exception-xss.js:46:16:46:18 | foo | -| exception-xss.js:47:11:47:11 | e | -| exception-xss.js:48:18:48:18 | e | -| exception-xss.js:48:18:48:18 | e | -| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | -| exception-xss.js:81:16:81:18 | foo | -| exception-xss.js:82:11:82:11 | e | -| exception-xss.js:83:18:83:18 | e | -| exception-xss.js:83:18:83:18 | e | -| exception-xss.js:89:11:89:13 | foo | -| exception-xss.js:89:11:89:26 | foo.match(/foo/) | -| exception-xss.js:90:11:90:11 | e | -| exception-xss.js:91:18:91:18 | e | -| exception-xss.js:91:18:91:18 | e | -| exception-xss.js:95:11:95:22 | [foo, "bar"] | -| exception-xss.js:95:12:95:14 | foo | -| exception-xss.js:96:11:96:11 | e | -| exception-xss.js:97:18:97:18 | e | -| exception-xss.js:97:18:97:18 | e | -| exception-xss.js:102:12:102:14 | foo | -| exception-xss.js:106:11:106:11 | e | -| exception-xss.js:107:18:107:18 | e | -| exception-xss.js:107:18:107:18 | e | -| exception-xss.js:117:11:117:23 | req.params.id | -| exception-xss.js:117:11:117:23 | req.params.id | -| exception-xss.js:118:11:118:11 | e | -| exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:119:28:119:28 | e | -| exception-xss.js:125:45:125:68 | documen ... .search | -| exception-xss.js:125:45:125:68 | documen ... .search | -| exception-xss.js:128:11:128:52 | session ... ssion') | -| exception-xss.js:129:11:129:11 | e | -| exception-xss.js:130:18:130:18 | e | -| exception-xss.js:130:18:130:18 | e | -| exception-xss.js:136:10:136:22 | req.params.id | -| exception-xss.js:136:10:136:22 | req.params.id | -| exception-xss.js:136:26:136:30 | error | -| exception-xss.js:138:19:138:23 | error | -| exception-xss.js:138:19:138:23 | error | -| exception-xss.js:146:6:146:35 | foo | -| exception-xss.js:146:12:146:35 | documen ... .search | -| exception-xss.js:146:12:146:35 | documen ... .search | -| exception-xss.js:148:33:148:35 | foo | -| exception-xss.js:148:55:148:55 | e | -| exception-xss.js:149:18:149:18 | e | -| exception-xss.js:149:18:149:18 | e | -| exception-xss.js:153:8:153:10 | foo | -| exception-xss.js:154:11:154:11 | e | -| exception-xss.js:155:18:155:18 | e | -| exception-xss.js:155:18:155:18 | e | -| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | -| exception-xss.js:174:31:174:33 | foo | -| exception-xss.js:174:53:174:53 | e | -| exception-xss.js:175:18:175:18 | e | -| exception-xss.js:175:18:175:18 | e | -| exception-xss.js:180:10:180:22 | req.params.id | -| exception-xss.js:180:10:180:22 | req.params.id | -| exception-xss.js:180:26:180:30 | error | -| exception-xss.js:182:19:182:23 | error | -| exception-xss.js:182:19:182:23 | error | +| ajv.js:11:18:11:33 | ajv.errorsText() | semmle.label | ajv.errorsText() | +| ajv.js:24:18:24:26 | val.error | semmle.label | val.error | +| exception-xss.js:2:6:2:28 | foo | semmle.label | foo | +| exception-xss.js:2:12:2:28 | document.location | semmle.label | document.location | +| exception-xss.js:4:17:4:17 | x | semmle.label | x | +| exception-xss.js:5:11:5:11 | x | semmle.label | x | +| exception-xss.js:9:11:9:13 | foo | semmle.label | foo | +| exception-xss.js:10:11:10:11 | e | semmle.label | e | +| exception-xss.js:11:18:11:18 | e | semmle.label | e | +| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | semmle.label | exceptional return of inner(foo) | +| exception-xss.js:15:9:15:11 | foo | semmle.label | foo | +| exception-xss.js:16:11:16:11 | e | semmle.label | e | +| exception-xss.js:17:18:17:18 | e | semmle.label | e | +| exception-xss.js:21:11:21:13 | foo | semmle.label | foo | +| exception-xss.js:21:11:21:21 | foo + "bar" | semmle.label | foo + "bar" | +| exception-xss.js:22:11:22:11 | e | semmle.label | e | +| exception-xss.js:23:18:23:18 | e | semmle.label | e | +| exception-xss.js:33:11:33:22 | ["bar", foo] | semmle.label | ["bar", foo] | +| exception-xss.js:33:19:33:21 | foo | semmle.label | foo | +| exception-xss.js:34:11:34:11 | e | semmle.label | e | +| exception-xss.js:35:18:35:18 | e | semmle.label | e | +| exception-xss.js:38:16:38:16 | x | semmle.label | x | +| exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | semmle.label | exceptional return of deep2(x) | +| exception-xss.js:39:9:39:9 | x | semmle.label | x | +| exception-xss.js:41:17:41:17 | x | semmle.label | x | +| exception-xss.js:42:3:42:10 | exceptional return of inner(x) | semmle.label | exceptional return of inner(x) | +| exception-xss.js:42:9:42:9 | x | semmle.label | x | +| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | semmle.label | exceptional return of deep("bar" + foo) | +| exception-xss.js:46:8:46:18 | "bar" + foo | semmle.label | "bar" + foo | +| exception-xss.js:46:16:46:18 | foo | semmle.label | foo | +| exception-xss.js:47:11:47:11 | e | semmle.label | e | +| exception-xss.js:48:18:48:18 | e | semmle.label | e | +| exception-xss.js:74:28:74:28 | x | semmle.label | x | +| exception-xss.js:75:4:75:11 | exceptional return of inner(x) | semmle.label | exceptional return of inner(x) | +| exception-xss.js:75:10:75:10 | x | semmle.label | x | +| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | semmle.label | exceptional return of myWeirdInner(foo) | +| exception-xss.js:81:16:81:18 | foo | semmle.label | foo | +| exception-xss.js:82:11:82:11 | e | semmle.label | e | +| exception-xss.js:83:18:83:18 | e | semmle.label | e | +| exception-xss.js:89:11:89:13 | foo | semmle.label | foo | +| exception-xss.js:89:11:89:26 | foo.match(/foo/) | semmle.label | foo.match(/foo/) | +| exception-xss.js:90:11:90:11 | e | semmle.label | e | +| exception-xss.js:91:18:91:18 | e | semmle.label | e | +| exception-xss.js:95:11:95:22 | [foo, "bar"] | semmle.label | [foo, "bar"] | +| exception-xss.js:95:12:95:14 | foo | semmle.label | foo | +| exception-xss.js:96:11:96:11 | e | semmle.label | e | +| exception-xss.js:97:18:97:18 | e | semmle.label | e | +| exception-xss.js:102:12:102:14 | foo | semmle.label | foo | +| exception-xss.js:106:11:106:11 | e | semmle.label | e | +| exception-xss.js:107:18:107:18 | e | semmle.label | e | +| exception-xss.js:117:11:117:23 | req.params.id | semmle.label | req.params.id | +| exception-xss.js:118:11:118:11 | e | semmle.label | e | +| exception-xss.js:119:12:119:28 | "Exception: " + e | semmle.label | "Exception: " + e | +| exception-xss.js:119:28:119:28 | e | semmle.label | e | +| exception-xss.js:125:45:125:68 | documen ... .search | semmle.label | documen ... .search | +| exception-xss.js:128:11:128:52 | session ... ssion') | semmle.label | session ... ssion') | +| exception-xss.js:129:11:129:11 | e | semmle.label | e | +| exception-xss.js:130:18:130:18 | e | semmle.label | e | +| exception-xss.js:136:10:136:22 | req.params.id | semmle.label | req.params.id | +| exception-xss.js:136:26:136:30 | error | semmle.label | error | +| exception-xss.js:138:19:138:23 | error | semmle.label | error | +| exception-xss.js:146:6:146:35 | foo | semmle.label | foo | +| exception-xss.js:146:12:146:35 | documen ... .search | semmle.label | documen ... .search | +| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | semmle.label | new Pro ... solve)) [PromiseError] | +| exception-xss.js:148:33:148:35 | foo | semmle.label | foo | +| exception-xss.js:148:55:148:55 | e | semmle.label | e | +| exception-xss.js:149:18:149:18 | e | semmle.label | e | +| exception-xss.js:153:8:153:10 | foo | semmle.label | foo | +| exception-xss.js:154:11:154:11 | e | semmle.label | e | +| exception-xss.js:155:18:155:18 | e | semmle.label | e | +| exception-xss.js:170:17:170:23 | tainted | semmle.label | tainted | +| exception-xss.js:171:11:171:17 | tainted | semmle.label | tainted | +| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | semmle.label | new Pro ... solve)) [PromiseError] | +| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | semmle.label | exceptional return of inner(foo, resolve) | +| exception-xss.js:174:31:174:33 | foo | semmle.label | foo | +| exception-xss.js:174:53:174:53 | e | semmle.label | e | +| exception-xss.js:175:18:175:18 | e | semmle.label | e | +| exception-xss.js:180:10:180:22 | req.params.id | semmle.label | req.params.id | +| exception-xss.js:180:26:180:30 | error | semmle.label | error | +| exception-xss.js:182:19:182:23 | error | semmle.label | error | edges -| ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | | exception-xss.js:2:6:2:28 | foo | exception-xss.js:9:11:9:13 | foo | | exception-xss.js:2:6:2:28 | foo | exception-xss.js:15:9:15:11 | foo | | exception-xss.js:2:6:2:28 | foo | exception-xss.js:21:11:21:13 | foo | @@ -103,75 +90,78 @@ edges | exception-xss.js:2:6:2:28 | foo | exception-xss.js:95:12:95:14 | foo | | exception-xss.js:2:6:2:28 | foo | exception-xss.js:102:12:102:14 | foo | | exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo | -| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo | +| exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | | exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:11:10:11 | e | | exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e | -| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e | | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:11:16:11 | e | +| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x | | exception-xss.js:15:9:15:11 | foo | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | | exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e | -| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e | | exception-xss.js:21:11:21:13 | foo | exception-xss.js:21:11:21:21 | foo + "bar" | | exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:11:22:11 | e | | exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e | -| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e | | exception-xss.js:33:11:33:22 | ["bar", foo] | exception-xss.js:34:11:34:11 | e | | exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] | | exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e | -| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e | +| exception-xss.js:38:16:38:16 | x | exception-xss.js:39:9:39:9 | x | +| exception-xss.js:39:9:39:9 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | +| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | +| exception-xss.js:41:17:41:17 | x | exception-xss.js:42:9:42:9 | x | +| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x | +| exception-xss.js:42:9:42:9 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:11:47:11 | e | +| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x | | exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | | exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo | | exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e | -| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e | +| exception-xss.js:74:28:74:28 | x | exception-xss.js:75:10:75:10 | x | +| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x | +| exception-xss.js:75:10:75:10 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:11:82:11 | e | +| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x | | exception-xss.js:81:16:81:18 | foo | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | | exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e | -| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e | | exception-xss.js:89:11:89:13 | foo | exception-xss.js:89:11:89:26 | foo.match(/foo/) | | exception-xss.js:89:11:89:26 | foo.match(/foo/) | exception-xss.js:90:11:90:11 | e | | exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e | -| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e | | exception-xss.js:95:11:95:22 | [foo, "bar"] | exception-xss.js:96:11:96:11 | e | | exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] | | exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e | -| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e | | exception-xss.js:102:12:102:14 | foo | exception-xss.js:106:11:106:11 | e | | exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e | -| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e | -| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e | | exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e | | exception-xss.js:118:11:118:11 | e | exception-xss.js:119:28:119:28 | e | | exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') | | exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') | | exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:11:129:11 | e | | exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e | -| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e | | exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error | -| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error | -| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error | | exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error | | exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo | | exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo | | exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo | | exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo | -| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo | -| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:55:148:55 | e | -| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e | +| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | exception-xss.js:148:55:148:55 | e | +| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | | exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e | | exception-xss.js:153:8:153:10 | foo | exception-xss.js:154:11:154:11 | e | | exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e | -| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e | -| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:53:174:53 | e | +| exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted | +| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | exception-xss.js:174:53:174:53 | e | +| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | +| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted | | exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | | exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e | -| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e | | exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error | -| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error | -| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error | | exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error | +subpaths +| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | +| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | +| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | +| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | +| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | +| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | +| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | #select | ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | $@ is reinterpreted as HTML without escaping meta-characters. | ajv.js:11:18:11:33 | ajv.errorsText() | JSON schema validation error | | ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | $@ is reinterpreted as HTML without escaping meta-characters. | ajv.js:24:18:24:26 | val.error | JSON schema validation error | From b2216627be79a5f74e7768401c8bd6de8b6acbc5 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:33:25 +0200 Subject: [PATCH 053/223] JS: Port RequestForgery --- .../security/dataflow/RequestForgeryQuery.qll | 39 ++- .../ql/src/Security/CWE-918/RequestForgery.ql | 6 +- .../Security/CWE-918/RequestForgery.expected | 226 ++++++------------ 3 files changed, 103 insertions(+), 168 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll index 9c67df35ed99..09c956d12ee9 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll @@ -12,23 +12,48 @@ import UrlConcatenation import RequestForgeryCustomizations::RequestForgery /** - * A taint tracking configuration for request forgery. + * A taint tracking configuration for server-side request forgery. */ -class Configuration extends TaintTracking::Configuration { +module RequestForgeryConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(Source).isServerSide() } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierOut(DataFlow::Node node) { sanitizingPrefixEdge(node, _) } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + isAdditionalRequestForgeryStep(pred, succ) + } +} + +/** + * Taint tracking for server-side request forgery. + */ +module RequestForgeryFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `RequestForgeryFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "RequestForgery" } - override predicate isSource(DataFlow::Node source) { source.(Source).isServerSide() } + override predicate isSource(DataFlow::Node source) { RequestForgeryConfig::isSource(source) } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + override predicate isSink(DataFlow::Node sink) { RequestForgeryConfig::isSink(sink) } override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or + super.isSanitizer(node) + or node instanceof Sanitizer } - override predicate isSanitizerOut(DataFlow::Node node) { sanitizingPrefixEdge(node, _) } + override predicate isSanitizerOut(DataFlow::Node node) { + RequestForgeryConfig::isBarrierOut(node) + } override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - isAdditionalRequestForgeryStep(pred, succ) + RequestForgeryConfig::isAdditionalFlowStep(pred, succ) } } diff --git a/javascript/ql/src/Security/CWE-918/RequestForgery.ql b/javascript/ql/src/Security/CWE-918/RequestForgery.ql index c84f5f7d1cbb..6546104068bf 100644 --- a/javascript/ql/src/Security/CWE-918/RequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/RequestForgery.ql @@ -12,11 +12,11 @@ import javascript import semmle.javascript.security.dataflow.RequestForgeryQuery -import DataFlow::PathGraph +import RequestForgeryFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request +from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink, DataFlow::Node request where - cfg.hasFlowPath(source, sink) and + RequestForgeryFlow::flowPath(source, sink) and request = sink.getNode().(Sink).getARequest() select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(), sink.getNode().(Sink).getKind(), source, "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 012033fce624..4d97d522e54b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,202 +1,112 @@ -nodes -| serverSide.js:14:9:14:52 | tainted | -| serverSide.js:14:19:14:42 | url.par ... , true) | -| serverSide.js:14:19:14:48 | url.par ... ).query | -| serverSide.js:14:19:14:52 | url.par ... ery.url | -| serverSide.js:14:29:14:35 | req.url | -| serverSide.js:14:29:14:35 | req.url | -| serverSide.js:18:13:18:19 | tainted | -| serverSide.js:18:13:18:19 | tainted | -| serverSide.js:20:17:20:23 | tainted | -| serverSide.js:20:17:20:23 | tainted | -| serverSide.js:23:19:23:25 | tainted | -| serverSide.js:23:19:23:25 | tainted | -| serverSide.js:26:13:26:31 | "http://" + tainted | -| serverSide.js:26:13:26:31 | "http://" + tainted | -| serverSide.js:26:25:26:31 | tainted | -| serverSide.js:28:13:28:42 | "http:/ ... tainted | -| serverSide.js:28:13:28:42 | "http:/ ... tainted | -| serverSide.js:28:36:28:42 | tainted | -| serverSide.js:30:13:30:43 | "http:/ ... tainted | -| serverSide.js:30:13:30:43 | "http:/ ... tainted | -| serverSide.js:30:37:30:43 | tainted | -| serverSide.js:34:34:34:40 | tainted | -| serverSide.js:34:34:34:40 | tainted | -| serverSide.js:36:16:36:31 | new Uri(tainted) | -| serverSide.js:36:16:36:31 | new Uri(tainted) | -| serverSide.js:36:24:36:30 | tainted | -| serverSide.js:37:22:37:37 | new Uri(tainted) | -| serverSide.js:37:22:37:37 | new Uri(tainted) | -| serverSide.js:37:30:37:36 | tainted | -| serverSide.js:41:13:41:51 | `http:/ ... inted}` | -| serverSide.js:41:13:41:51 | `http:/ ... inted}` | -| serverSide.js:41:43:41:49 | tainted | -| serverSide.js:43:13:43:54 | `http:/ ... inted}` | -| serverSide.js:43:13:43:54 | `http:/ ... inted}` | -| serverSide.js:43:46:43:52 | tainted | -| serverSide.js:45:13:45:56 | 'http:/ ... tainted | -| serverSide.js:45:13:45:56 | 'http:/ ... tainted | -| serverSide.js:45:50:45:56 | tainted | -| serverSide.js:58:9:58:52 | tainted | -| serverSide.js:58:19:58:42 | url.par ... , true) | -| serverSide.js:58:19:58:48 | url.par ... ).query | -| serverSide.js:58:19:58:52 | url.par ... ery.url | -| serverSide.js:58:29:58:35 | req.url | -| serverSide.js:58:29:58:35 | req.url | -| serverSide.js:61:29:61:35 | tainted | -| serverSide.js:61:29:61:35 | tainted | -| serverSide.js:64:30:64:36 | tainted | -| serverSide.js:64:30:64:36 | tainted | -| serverSide.js:68:30:68:36 | tainted | -| serverSide.js:68:30:68:36 | tainted | -| serverSide.js:74:9:74:52 | tainted | -| serverSide.js:74:19:74:42 | url.par ... , true) | -| serverSide.js:74:19:74:48 | url.par ... ).query | -| serverSide.js:74:19:74:52 | url.par ... ery.url | -| serverSide.js:74:29:74:35 | req.url | -| serverSide.js:74:29:74:35 | req.url | -| serverSide.js:76:19:76:25 | tainted | -| serverSide.js:76:19:76:25 | tainted | -| serverSide.js:83:38:83:43 | param1 | -| serverSide.js:83:38:83:43 | param1 | -| serverSide.js:84:19:84:24 | param1 | -| serverSide.js:84:19:84:24 | param1 | -| serverSide.js:90:19:90:28 | ctx.params | -| serverSide.js:90:19:90:28 | ctx.params | -| serverSide.js:90:19:90:32 | ctx.params.foo | -| serverSide.js:90:19:90:32 | ctx.params.foo | -| serverSide.js:92:19:92:28 | ctx.params | -| serverSide.js:92:19:92:28 | ctx.params | -| serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:98:9:98:52 | tainted | -| serverSide.js:98:19:98:42 | url.par ... , true) | -| serverSide.js:98:19:98:48 | url.par ... ).query | -| serverSide.js:98:19:98:52 | url.par ... ery.url | -| serverSide.js:98:29:98:35 | req.url | -| serverSide.js:98:29:98:35 | req.url | -| serverSide.js:100:19:100:25 | tainted | -| serverSide.js:100:19:100:25 | tainted | -| serverSide.js:108:11:108:27 | url | -| serverSide.js:108:17:108:27 | request.url | -| serverSide.js:108:17:108:27 | request.url | -| serverSide.js:109:27:109:29 | url | -| serverSide.js:109:27:109:29 | url | -| serverSide.js:115:11:115:42 | url | -| serverSide.js:115:17:115:42 | new URL ... , base) | -| serverSide.js:115:25:115:35 | request.url | -| serverSide.js:115:25:115:35 | request.url | -| serverSide.js:117:27:117:29 | url | -| serverSide.js:117:27:117:29 | url | -| serverSide.js:123:9:123:52 | tainted | -| serverSide.js:123:19:123:42 | url.par ... , true) | -| serverSide.js:123:19:123:48 | url.par ... ).query | -| serverSide.js:123:19:123:52 | url.par ... ery.url | -| serverSide.js:123:29:123:35 | req.url | -| serverSide.js:123:29:123:35 | req.url | -| serverSide.js:127:14:127:20 | tainted | -| serverSide.js:127:14:127:20 | tainted | -| serverSide.js:130:9:130:45 | myUrl | -| serverSide.js:130:17:130:45 | `${some ... inted}` | -| serverSide.js:130:37:130:43 | tainted | -| serverSide.js:131:15:131:19 | myUrl | -| serverSide.js:131:15:131:19 | myUrl | edges | serverSide.js:14:9:14:52 | tainted | serverSide.js:18:13:18:19 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:18:13:18:19 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:20:17:20:23 | tainted | | serverSide.js:14:9:14:52 | tainted | serverSide.js:20:17:20:23 | tainted | | serverSide.js:14:9:14:52 | tainted | serverSide.js:23:19:23:25 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:23:19:23:25 | tainted | | serverSide.js:14:9:14:52 | tainted | serverSide.js:26:25:26:31 | tainted | | serverSide.js:14:9:14:52 | tainted | serverSide.js:28:36:28:42 | tainted | | serverSide.js:14:9:14:52 | tainted | serverSide.js:30:37:30:43 | tainted | | serverSide.js:14:9:14:52 | tainted | serverSide.js:34:34:34:40 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:34:34:34:40 | tainted | | serverSide.js:14:9:14:52 | tainted | serverSide.js:36:24:36:30 | tainted | | serverSide.js:14:9:14:52 | tainted | serverSide.js:37:30:37:36 | tainted | | serverSide.js:14:9:14:52 | tainted | serverSide.js:41:43:41:49 | tainted | | serverSide.js:14:9:14:52 | tainted | serverSide.js:43:46:43:52 | tainted | | serverSide.js:14:9:14:52 | tainted | serverSide.js:45:50:45:56 | tainted | -| serverSide.js:14:19:14:42 | url.par ... , true) | serverSide.js:14:19:14:48 | url.par ... ).query | -| serverSide.js:14:19:14:48 | url.par ... ).query | serverSide.js:14:19:14:52 | url.par ... ery.url | -| serverSide.js:14:19:14:52 | url.par ... ery.url | serverSide.js:14:9:14:52 | tainted | +| serverSide.js:14:19:14:42 | url.par ... , true) | serverSide.js:14:9:14:52 | tainted | | serverSide.js:14:29:14:35 | req.url | serverSide.js:14:19:14:42 | url.par ... , true) | -| serverSide.js:14:29:14:35 | req.url | serverSide.js:14:19:14:42 | url.par ... , true) | -| serverSide.js:26:25:26:31 | tainted | serverSide.js:26:13:26:31 | "http://" + tainted | | serverSide.js:26:25:26:31 | tainted | serverSide.js:26:13:26:31 | "http://" + tainted | | serverSide.js:28:36:28:42 | tainted | serverSide.js:28:13:28:42 | "http:/ ... tainted | -| serverSide.js:28:36:28:42 | tainted | serverSide.js:28:13:28:42 | "http:/ ... tainted | -| serverSide.js:30:37:30:43 | tainted | serverSide.js:30:13:30:43 | "http:/ ... tainted | | serverSide.js:30:37:30:43 | tainted | serverSide.js:30:13:30:43 | "http:/ ... tainted | | serverSide.js:36:24:36:30 | tainted | serverSide.js:36:16:36:31 | new Uri(tainted) | -| serverSide.js:36:24:36:30 | tainted | serverSide.js:36:16:36:31 | new Uri(tainted) | -| serverSide.js:37:30:37:36 | tainted | serverSide.js:37:22:37:37 | new Uri(tainted) | | serverSide.js:37:30:37:36 | tainted | serverSide.js:37:22:37:37 | new Uri(tainted) | | serverSide.js:41:43:41:49 | tainted | serverSide.js:41:13:41:51 | `http:/ ... inted}` | -| serverSide.js:41:43:41:49 | tainted | serverSide.js:41:13:41:51 | `http:/ ... inted}` | | serverSide.js:43:46:43:52 | tainted | serverSide.js:43:13:43:54 | `http:/ ... inted}` | -| serverSide.js:43:46:43:52 | tainted | serverSide.js:43:13:43:54 | `http:/ ... inted}` | -| serverSide.js:45:50:45:56 | tainted | serverSide.js:45:13:45:56 | 'http:/ ... tainted | | serverSide.js:45:50:45:56 | tainted | serverSide.js:45:13:45:56 | 'http:/ ... tainted | | serverSide.js:58:9:58:52 | tainted | serverSide.js:61:29:61:35 | tainted | | serverSide.js:58:9:58:52 | tainted | serverSide.js:61:29:61:35 | tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:64:30:64:36 | tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:64:30:64:36 | tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:68:30:68:36 | tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:68:30:68:36 | tainted | -| serverSide.js:58:19:58:42 | url.par ... , true) | serverSide.js:58:19:58:48 | url.par ... ).query | -| serverSide.js:58:19:58:48 | url.par ... ).query | serverSide.js:58:19:58:52 | url.par ... ery.url | -| serverSide.js:58:19:58:52 | url.par ... ery.url | serverSide.js:58:9:58:52 | tainted | +| serverSide.js:58:19:58:42 | url.par ... , true) | serverSide.js:58:9:58:52 | tainted | | serverSide.js:58:29:58:35 | req.url | serverSide.js:58:19:58:42 | url.par ... , true) | -| serverSide.js:58:29:58:35 | req.url | serverSide.js:58:19:58:42 | url.par ... , true) | -| serverSide.js:74:9:74:52 | tainted | serverSide.js:76:19:76:25 | tainted | +| serverSide.js:61:29:61:35 | tainted | serverSide.js:64:30:64:36 | tainted | +| serverSide.js:61:29:61:35 | tainted | serverSide.js:68:30:68:36 | tainted | | serverSide.js:74:9:74:52 | tainted | serverSide.js:76:19:76:25 | tainted | -| serverSide.js:74:19:74:42 | url.par ... , true) | serverSide.js:74:19:74:48 | url.par ... ).query | -| serverSide.js:74:19:74:48 | url.par ... ).query | serverSide.js:74:19:74:52 | url.par ... ery.url | -| serverSide.js:74:19:74:52 | url.par ... ery.url | serverSide.js:74:9:74:52 | tainted | +| serverSide.js:74:19:74:42 | url.par ... , true) | serverSide.js:74:9:74:52 | tainted | | serverSide.js:74:29:74:35 | req.url | serverSide.js:74:19:74:42 | url.par ... , true) | -| serverSide.js:74:29:74:35 | req.url | serverSide.js:74:19:74:42 | url.par ... , true) | -| serverSide.js:83:38:83:43 | param1 | serverSide.js:84:19:84:24 | param1 | | serverSide.js:83:38:83:43 | param1 | serverSide.js:84:19:84:24 | param1 | -| serverSide.js:83:38:83:43 | param1 | serverSide.js:84:19:84:24 | param1 | -| serverSide.js:83:38:83:43 | param1 | serverSide.js:84:19:84:24 | param1 | -| serverSide.js:90:19:90:28 | ctx.params | serverSide.js:90:19:90:32 | ctx.params.foo | -| serverSide.js:90:19:90:28 | ctx.params | serverSide.js:90:19:90:32 | ctx.params.foo | -| serverSide.js:90:19:90:28 | ctx.params | serverSide.js:90:19:90:32 | ctx.params.foo | | serverSide.js:90:19:90:28 | ctx.params | serverSide.js:90:19:90:32 | ctx.params.foo | | serverSide.js:92:19:92:28 | ctx.params | serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:92:19:92:28 | ctx.params | serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:92:19:92:28 | ctx.params | serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:92:19:92:28 | ctx.params | serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:98:9:98:52 | tainted | serverSide.js:100:19:100:25 | tainted | | serverSide.js:98:9:98:52 | tainted | serverSide.js:100:19:100:25 | tainted | -| serverSide.js:98:19:98:42 | url.par ... , true) | serverSide.js:98:19:98:48 | url.par ... ).query | -| serverSide.js:98:19:98:48 | url.par ... ).query | serverSide.js:98:19:98:52 | url.par ... ery.url | -| serverSide.js:98:19:98:52 | url.par ... ery.url | serverSide.js:98:9:98:52 | tainted | +| serverSide.js:98:19:98:42 | url.par ... , true) | serverSide.js:98:9:98:52 | tainted | | serverSide.js:98:29:98:35 | req.url | serverSide.js:98:19:98:42 | url.par ... , true) | -| serverSide.js:98:29:98:35 | req.url | serverSide.js:98:19:98:42 | url.par ... , true) | -| serverSide.js:108:11:108:27 | url | serverSide.js:109:27:109:29 | url | | serverSide.js:108:11:108:27 | url | serverSide.js:109:27:109:29 | url | | serverSide.js:108:17:108:27 | request.url | serverSide.js:108:11:108:27 | url | -| serverSide.js:108:17:108:27 | request.url | serverSide.js:108:11:108:27 | url | -| serverSide.js:115:11:115:42 | url | serverSide.js:117:27:117:29 | url | | serverSide.js:115:11:115:42 | url | serverSide.js:117:27:117:29 | url | | serverSide.js:115:17:115:42 | new URL ... , base) | serverSide.js:115:11:115:42 | url | | serverSide.js:115:25:115:35 | request.url | serverSide.js:115:17:115:42 | new URL ... , base) | -| serverSide.js:115:25:115:35 | request.url | serverSide.js:115:17:115:42 | new URL ... , base) | -| serverSide.js:123:9:123:52 | tainted | serverSide.js:127:14:127:20 | tainted | | serverSide.js:123:9:123:52 | tainted | serverSide.js:127:14:127:20 | tainted | | serverSide.js:123:9:123:52 | tainted | serverSide.js:130:37:130:43 | tainted | -| serverSide.js:123:19:123:42 | url.par ... , true) | serverSide.js:123:19:123:48 | url.par ... ).query | -| serverSide.js:123:19:123:48 | url.par ... ).query | serverSide.js:123:19:123:52 | url.par ... ery.url | -| serverSide.js:123:19:123:52 | url.par ... ery.url | serverSide.js:123:9:123:52 | tainted | -| serverSide.js:123:29:123:35 | req.url | serverSide.js:123:19:123:42 | url.par ... , true) | +| serverSide.js:123:19:123:42 | url.par ... , true) | serverSide.js:123:9:123:52 | tainted | | serverSide.js:123:29:123:35 | req.url | serverSide.js:123:19:123:42 | url.par ... , true) | | serverSide.js:130:9:130:45 | myUrl | serverSide.js:131:15:131:19 | myUrl | -| serverSide.js:130:9:130:45 | myUrl | serverSide.js:131:15:131:19 | myUrl | -| serverSide.js:130:17:130:45 | `${some ... inted}` | serverSide.js:130:9:130:45 | myUrl | -| serverSide.js:130:37:130:43 | tainted | serverSide.js:130:17:130:45 | `${some ... inted}` | +| serverSide.js:130:37:130:43 | tainted | serverSide.js:130:9:130:45 | myUrl | +nodes +| serverSide.js:14:9:14:52 | tainted | semmle.label | tainted | +| serverSide.js:14:19:14:42 | url.par ... , true) | semmle.label | url.par ... , true) | +| serverSide.js:14:29:14:35 | req.url | semmle.label | req.url | +| serverSide.js:18:13:18:19 | tainted | semmle.label | tainted | +| serverSide.js:20:17:20:23 | tainted | semmle.label | tainted | +| serverSide.js:23:19:23:25 | tainted | semmle.label | tainted | +| serverSide.js:26:13:26:31 | "http://" + tainted | semmle.label | "http://" + tainted | +| serverSide.js:26:25:26:31 | tainted | semmle.label | tainted | +| serverSide.js:28:13:28:42 | "http:/ ... tainted | semmle.label | "http:/ ... tainted | +| serverSide.js:28:36:28:42 | tainted | semmle.label | tainted | +| serverSide.js:30:13:30:43 | "http:/ ... tainted | semmle.label | "http:/ ... tainted | +| serverSide.js:30:37:30:43 | tainted | semmle.label | tainted | +| serverSide.js:34:34:34:40 | tainted | semmle.label | tainted | +| serverSide.js:36:16:36:31 | new Uri(tainted) | semmle.label | new Uri(tainted) | +| serverSide.js:36:24:36:30 | tainted | semmle.label | tainted | +| serverSide.js:37:22:37:37 | new Uri(tainted) | semmle.label | new Uri(tainted) | +| serverSide.js:37:30:37:36 | tainted | semmle.label | tainted | +| serverSide.js:41:13:41:51 | `http:/ ... inted}` | semmle.label | `http:/ ... inted}` | +| serverSide.js:41:43:41:49 | tainted | semmle.label | tainted | +| serverSide.js:43:13:43:54 | `http:/ ... inted}` | semmle.label | `http:/ ... inted}` | +| serverSide.js:43:46:43:52 | tainted | semmle.label | tainted | +| serverSide.js:45:13:45:56 | 'http:/ ... tainted | semmle.label | 'http:/ ... tainted | +| serverSide.js:45:50:45:56 | tainted | semmle.label | tainted | +| serverSide.js:58:9:58:52 | tainted | semmle.label | tainted | +| serverSide.js:58:19:58:42 | url.par ... , true) | semmle.label | url.par ... , true) | +| serverSide.js:58:29:58:35 | req.url | semmle.label | req.url | +| serverSide.js:61:29:61:35 | tainted | semmle.label | tainted | +| serverSide.js:61:29:61:35 | tainted | semmle.label | tainted | +| serverSide.js:64:30:64:36 | tainted | semmle.label | tainted | +| serverSide.js:68:30:68:36 | tainted | semmle.label | tainted | +| serverSide.js:74:9:74:52 | tainted | semmle.label | tainted | +| serverSide.js:74:19:74:42 | url.par ... , true) | semmle.label | url.par ... , true) | +| serverSide.js:74:29:74:35 | req.url | semmle.label | req.url | +| serverSide.js:76:19:76:25 | tainted | semmle.label | tainted | +| serverSide.js:83:38:83:43 | param1 | semmle.label | param1 | +| serverSide.js:84:19:84:24 | param1 | semmle.label | param1 | +| serverSide.js:90:19:90:28 | ctx.params | semmle.label | ctx.params | +| serverSide.js:90:19:90:32 | ctx.params.foo | semmle.label | ctx.params.foo | +| serverSide.js:92:19:92:28 | ctx.params | semmle.label | ctx.params | +| serverSide.js:92:19:92:32 | ctx.params.foo | semmle.label | ctx.params.foo | +| serverSide.js:98:9:98:52 | tainted | semmle.label | tainted | +| serverSide.js:98:19:98:42 | url.par ... , true) | semmle.label | url.par ... , true) | +| serverSide.js:98:29:98:35 | req.url | semmle.label | req.url | +| serverSide.js:100:19:100:25 | tainted | semmle.label | tainted | +| serverSide.js:108:11:108:27 | url | semmle.label | url | +| serverSide.js:108:17:108:27 | request.url | semmle.label | request.url | +| serverSide.js:109:27:109:29 | url | semmle.label | url | +| serverSide.js:115:11:115:42 | url | semmle.label | url | +| serverSide.js:115:17:115:42 | new URL ... , base) | semmle.label | new URL ... , base) | +| serverSide.js:115:25:115:35 | request.url | semmle.label | request.url | +| serverSide.js:117:27:117:29 | url | semmle.label | url | +| serverSide.js:123:9:123:52 | tainted | semmle.label | tainted | +| serverSide.js:123:19:123:42 | url.par ... , true) | semmle.label | url.par ... , true) | +| serverSide.js:123:29:123:35 | req.url | semmle.label | req.url | +| serverSide.js:127:14:127:20 | tainted | semmle.label | tainted | +| serverSide.js:130:9:130:45 | myUrl | semmle.label | myUrl | +| serverSide.js:130:37:130:43 | tainted | semmle.label | tainted | +| serverSide.js:131:15:131:19 | myUrl | semmle.label | myUrl | +subpaths #select | serverSide.js:18:5:18:20 | request(tainted) | serverSide.js:14:29:14:35 | req.url | serverSide.js:18:13:18:19 | tainted | The $@ of this request depends on a $@. | serverSide.js:18:13:18:19 | tainted | URL | serverSide.js:14:29:14:35 | req.url | user-provided value | | serverSide.js:20:5:20:24 | request.get(tainted) | serverSide.js:14:29:14:35 | req.url | serverSide.js:20:17:20:23 | tainted | The $@ of this request depends on a $@. | serverSide.js:20:17:20:23 | tainted | URL | serverSide.js:14:29:14:35 | req.url | user-provided value | From 92816b1c9ad77bf78d630399da0388ae9daf3712 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:34:26 +0200 Subject: [PATCH 054/223] JS: Port ClientSideRequestForgery --- .../ClientSideRequestForgeryQuery.qll | 29 ++++++++++- .../CWE-918/ClientSideRequestForgery.ql | 8 +-- .../CWE-918/ClientSideRequestForgery.expected | 52 +++++++------------ .../Security/CWE-918/Consistency.ql | 16 ++++-- 4 files changed, 63 insertions(+), 42 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll index 8e5a46576f23..c3856e5bcd2e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll @@ -14,7 +14,34 @@ import RequestForgeryCustomizations::RequestForgery /** * A taint tracking configuration for client-side request forgery. */ -class Configuration extends TaintTracking::Configuration { +module ClientSideRequestForgeryConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + exists(Source src | + source = src and + not src.isServerSide() + ) + } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierOut(DataFlow::Node node) { sanitizingPrefixEdge(node, _) } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + isAdditionalRequestForgeryStep(pred, succ) + } +} + +/** + * Taint tracking for client-side request forgery. + */ +module ClientSideRequestForgeryFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ClientSideRequestForgeryFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ClientSideRequestForgery" } override predicate isSource(DataFlow::Node source) { diff --git a/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql b/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql index 4e03a62b1981..1f8fb9c2d416 100644 --- a/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql @@ -13,11 +13,13 @@ import javascript import semmle.javascript.security.dataflow.ClientSideRequestForgeryQuery -import DataFlow::PathGraph +import ClientSideRequestForgeryFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request +from + ClientSideRequestForgeryFlow::PathNode source, ClientSideRequestForgeryFlow::PathNode sink, + DataFlow::Node request where - cfg.hasFlowPath(source, sink) and + ClientSideRequestForgeryFlow::flowPath(source, sink) and request = sink.getNode().(Sink).getARequest() select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(), sink.getNode().(Sink).getKind(), source, "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected index 1390cf8cd32d..b11a9d20a641 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected @@ -1,50 +1,34 @@ -nodes -| clientSide.js:11:11:11:53 | query | -| clientSide.js:11:19:11:40 | window. ... .search | -| clientSide.js:11:19:11:40 | window. ... .search | -| clientSide.js:11:19:11:53 | window. ... ring(1) | -| clientSide.js:12:13:12:54 | 'https: ... + '/id' | -| clientSide.js:12:13:12:54 | 'https: ... + '/id' | -| clientSide.js:12:42:12:46 | query | -| clientSide.js:14:13:14:63 | 'https: ... .search | -| clientSide.js:14:13:14:63 | 'https: ... .search | -| clientSide.js:14:42:14:63 | window. ... .search | -| clientSide.js:14:42:14:63 | window. ... .search | -| clientSide.js:16:11:16:54 | fragment | -| clientSide.js:16:22:16:41 | window.location.hash | -| clientSide.js:16:22:16:41 | window.location.hash | -| clientSide.js:16:22:16:54 | window. ... ring(1) | -| clientSide.js:17:13:17:57 | 'https: ... + '/id' | -| clientSide.js:17:13:17:57 | 'https: ... + '/id' | -| clientSide.js:17:42:17:49 | fragment | -| clientSide.js:20:11:20:28 | name | -| clientSide.js:20:18:20:28 | window.name | -| clientSide.js:20:18:20:28 | window.name | -| clientSide.js:21:13:21:53 | 'https: ... + '/id' | -| clientSide.js:21:13:21:53 | 'https: ... + '/id' | -| clientSide.js:21:42:21:45 | name | edges | clientSide.js:11:11:11:53 | query | clientSide.js:12:42:12:46 | query | | clientSide.js:11:19:11:40 | window. ... .search | clientSide.js:11:19:11:53 | window. ... ring(1) | -| clientSide.js:11:19:11:40 | window. ... .search | clientSide.js:11:19:11:53 | window. ... ring(1) | | clientSide.js:11:19:11:53 | window. ... ring(1) | clientSide.js:11:11:11:53 | query | | clientSide.js:12:42:12:46 | query | clientSide.js:12:13:12:54 | 'https: ... + '/id' | -| clientSide.js:12:42:12:46 | query | clientSide.js:12:13:12:54 | 'https: ... + '/id' | -| clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | -| clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | -| clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | | clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | | clientSide.js:16:11:16:54 | fragment | clientSide.js:17:42:17:49 | fragment | | clientSide.js:16:22:16:41 | window.location.hash | clientSide.js:16:22:16:54 | window. ... ring(1) | -| clientSide.js:16:22:16:41 | window.location.hash | clientSide.js:16:22:16:54 | window. ... ring(1) | | clientSide.js:16:22:16:54 | window. ... ring(1) | clientSide.js:16:11:16:54 | fragment | | clientSide.js:17:42:17:49 | fragment | clientSide.js:17:13:17:57 | 'https: ... + '/id' | -| clientSide.js:17:42:17:49 | fragment | clientSide.js:17:13:17:57 | 'https: ... + '/id' | | clientSide.js:20:11:20:28 | name | clientSide.js:21:42:21:45 | name | | clientSide.js:20:18:20:28 | window.name | clientSide.js:20:11:20:28 | name | -| clientSide.js:20:18:20:28 | window.name | clientSide.js:20:11:20:28 | name | -| clientSide.js:21:42:21:45 | name | clientSide.js:21:13:21:53 | 'https: ... + '/id' | | clientSide.js:21:42:21:45 | name | clientSide.js:21:13:21:53 | 'https: ... + '/id' | +nodes +| clientSide.js:11:11:11:53 | query | semmle.label | query | +| clientSide.js:11:19:11:40 | window. ... .search | semmle.label | window. ... .search | +| clientSide.js:11:19:11:53 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| clientSide.js:12:13:12:54 | 'https: ... + '/id' | semmle.label | 'https: ... + '/id' | +| clientSide.js:12:42:12:46 | query | semmle.label | query | +| clientSide.js:14:13:14:63 | 'https: ... .search | semmle.label | 'https: ... .search | +| clientSide.js:14:42:14:63 | window. ... .search | semmle.label | window. ... .search | +| clientSide.js:16:11:16:54 | fragment | semmle.label | fragment | +| clientSide.js:16:22:16:41 | window.location.hash | semmle.label | window.location.hash | +| clientSide.js:16:22:16:54 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| clientSide.js:17:13:17:57 | 'https: ... + '/id' | semmle.label | 'https: ... + '/id' | +| clientSide.js:17:42:17:49 | fragment | semmle.label | fragment | +| clientSide.js:20:11:20:28 | name | semmle.label | name | +| clientSide.js:20:18:20:28 | window.name | semmle.label | window.name | +| clientSide.js:21:13:21:53 | 'https: ... + '/id' | semmle.label | 'https: ... + '/id' | +| clientSide.js:21:42:21:45 | name | semmle.label | name | +subpaths #select | clientSide.js:12:5:12:55 | request ... '/id') | clientSide.js:11:19:11:40 | window. ... .search | clientSide.js:12:13:12:54 | 'https: ... + '/id' | The $@ of this request depends on a $@. | clientSide.js:12:13:12:54 | 'https: ... + '/id' | URL | clientSide.js:11:19:11:40 | window. ... .search | user-provided value | | clientSide.js:14:5:14:64 | request ... search) | clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | The $@ of this request depends on a $@. | clientSide.js:14:13:14:63 | 'https: ... .search | URL | clientSide.js:14:42:14:63 | window. ... .search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql index 7950d897e8fa..1e81213b108b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql +++ b/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql @@ -4,14 +4,22 @@ import semmle.javascript.security.dataflow.ClientSideRequestForgeryQuery as Clie import testUtilities.ConsistencyChecking query predicate resultInWrongFile(DataFlow::Node node) { - exists(DataFlow::Configuration cfg, string filePattern | - cfg instanceof RequestForgery::Configuration and + exists(string filePattern | + RequestForgery::RequestForgeryFlow::flowTo(node) and filePattern = ".*serverSide.*" or - cfg instanceof ClientSideRequestForgery::Configuration and + ClientSideRequestForgery::ClientSideRequestForgeryFlow::flowTo(node) and filePattern = ".*clientSide.*" | - cfg.hasFlow(_, node) and not node.getFile().getRelativePath().regexpMatch(filePattern) ) } + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { + RequestForgery::RequestForgeryFlow::flowTo(result) or + ClientSideRequestForgery::ClientSideRequestForgeryFlow::flowTo(result) + } +} From 46fd727a55895447ceb6155e4274f04b14d5e428 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:35:49 +0200 Subject: [PATCH 055/223] JS: Port ServerSideUrlRedirect --- .../dataflow/ServerSideUrlRedirectQuery.qll | 42 ++- .../Security/CWE-601/ServerSideUrlRedirect.ql | 6 +- .../ServerSideUrlRedirect.expected | 255 ++++++------------ 3 files changed, 113 insertions(+), 190 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll index 7f16f7f49dd9..94614094cb19 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll @@ -15,7 +15,32 @@ import ServerSideUrlRedirectCustomizations::ServerSideUrlRedirect /** * A taint-tracking configuration for reasoning about unvalidated URL redirections. */ -class Configuration extends TaintTracking::Configuration { +module ServerSideUrlRedirectConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + exists(HtmlSanitizerCall call | + pred = call.getInput() and + succ = call + ) + } +} + +/** + * Taint-tracking for reasoning about unvalidated URL redirections. + */ +module ServerSideUrlRedirectFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ServerSideUrlRedirectFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ServerSideUrlRedirect" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -27,7 +52,9 @@ class Configuration extends TaintTracking::Configuration { node instanceof Sanitizer } - override predicate isSanitizerOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } + override predicate isSanitizerOut(DataFlow::Node node) { + ServerSideUrlRedirectConfig::isBarrierOut(node) + } override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { guard instanceof LocalUrlSanitizingGuard or @@ -35,10 +62,7 @@ class Configuration extends TaintTracking::Configuration { } override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - exists(HtmlSanitizerCall call | - pred = call.getInput() and - succ = call - ) + ServerSideUrlRedirectConfig::isAdditionalFlowStep(pred, succ) } } @@ -49,8 +73,10 @@ class Configuration extends TaintTracking::Configuration { class LocalUrlSanitizingGuard extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { LocalUrlSanitizingGuard() { this.getCalleeName().regexpMatch("(?i)(is_?)?local_?url") } - override predicate sanitizes(boolean outcome, Expr e) { - // `isLocalUrl(e)` sanitizes `e` if it evaluates to `true` + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e) { this.getAnArgument().asExpr() = e and outcome = true } diff --git a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql index 764027065865..e3bc53ec4368 100644 --- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.ServerSideUrlRedirectQuery -import DataFlow::PathGraph +import ServerSideUrlRedirectFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from ServerSideUrlRedirectFlow::PathNode source, ServerSideUrlRedirectFlow::PathNode sink +where ServerSideUrlRedirectFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected b/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected index c03f57e7dd5c..4497676ff2e6 100644 --- a/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected +++ b/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected @@ -1,223 +1,120 @@ -nodes -| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | -| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | -| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | -| express.js:7:16:7:34 | req.param("target") | -| express.js:7:16:7:34 | req.param("target") | -| express.js:7:16:7:34 | req.param("target") | -| express.js:12:26:12:44 | req.param("target") | -| express.js:12:26:12:44 | req.param("target") | -| express.js:12:26:12:44 | req.param("target") | -| express.js:27:7:27:34 | target | -| express.js:27:16:27:34 | req.param("target") | -| express.js:27:16:27:34 | req.param("target") | -| express.js:33:18:33:23 | target | -| express.js:33:18:33:23 | target | -| express.js:35:16:35:21 | target | -| express.js:35:16:35:21 | target | -| express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:40:69:40:87 | req.param('action') | -| express.js:40:69:40:87 | req.param('action') | -| express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:74:19:74:37 | req.param("target") | -| express.js:74:19:74:37 | req.param("target") | -| express.js:83:7:83:34 | target | -| express.js:83:16:83:34 | req.param("target") | -| express.js:83:16:83:34 | req.param("target") | -| express.js:90:18:90:23 | target | -| express.js:90:18:90:23 | target | -| express.js:97:16:97:21 | target | -| express.js:97:16:97:21 | target | -| express.js:118:16:118:63 | [req.qu ... ection] | -| express.js:118:16:118:72 | [req.qu ... oin('') | -| express.js:118:16:118:72 | [req.qu ... oin('') | -| express.js:118:17:118:30 | req.query.page | -| express.js:118:17:118:30 | req.query.page | -| express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:134:22:134:36 | req.params.user | -| express.js:134:22:134:36 | req.params.user | -| express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:135:23:135:37 | req.params.user | -| express.js:135:23:135:37 | req.params.user | -| express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:136:22:136:36 | req.params.user | -| express.js:136:22:136:36 | req.params.user | -| express.js:143:16:143:28 | req.query.foo | -| express.js:143:16:143:28 | req.query.foo | -| express.js:143:16:143:28 | req.query.foo | -| express.js:146:16:146:24 | query.foo | -| express.js:146:16:146:24 | query.foo | -| express.js:146:16:146:24 | query.foo | -| express.js:150:7:150:34 | target | -| express.js:150:16:150:34 | req.param("target") | -| express.js:150:16:150:34 | req.param("target") | -| express.js:155:18:155:23 | target | -| express.js:155:18:155:23 | target | -| express.js:160:18:160:23 | target | -| express.js:160:18:160:23 | target | -| express.js:164:7:164:54 | myThing | -| express.js:164:17:164:41 | JSON.st ... .query) | -| express.js:164:17:164:54 | JSON.st ... (1, -1) | -| express.js:164:32:164:40 | req.query | -| express.js:164:32:164:40 | req.query | -| express.js:165:16:165:22 | myThing | -| express.js:165:16:165:22 | myThing | -| koa.js:6:6:6:27 | url | -| koa.js:6:12:6:27 | ctx.query.target | -| koa.js:6:12:6:27 | ctx.query.target | -| koa.js:7:15:7:17 | url | -| koa.js:7:15:7:17 | url | -| koa.js:8:15:8:26 | `${url}${x}` | -| koa.js:8:15:8:26 | `${url}${x}` | -| koa.js:8:18:8:20 | url | -| koa.js:14:16:14:18 | url | -| koa.js:14:16:14:18 | url | -| koa.js:20:16:20:18 | url | -| koa.js:20:16:20:18 | url | -| next.ts:11:31:11:38 | req.body | -| next.ts:11:31:11:38 | req.body | -| next.ts:11:31:11:50 | req.body.callbackUrl | -| next.ts:11:31:11:50 | req.body.callbackUrl | -| node.js:5:7:5:52 | target | -| node.js:5:16:5:39 | url.par ... , true) | -| node.js:5:16:5:45 | url.par ... ).query | -| node.js:5:16:5:52 | url.par ... .target | -| node.js:5:26:5:32 | req.url | -| node.js:5:26:5:32 | req.url | -| node.js:6:34:6:39 | target | -| node.js:6:34:6:39 | target | -| node.js:10:7:10:52 | target | -| node.js:10:16:10:39 | url.par ... , true) | -| node.js:10:16:10:45 | url.par ... ).query | -| node.js:10:16:10:52 | url.par ... .target | -| node.js:10:26:10:32 | req.url | -| node.js:10:26:10:32 | req.url | -| node.js:14:34:14:45 | '/' + target | -| node.js:14:34:14:45 | '/' + target | -| node.js:14:40:14:45 | target | -| node.js:28:7:28:52 | target | -| node.js:28:16:28:39 | url.par ... , true) | -| node.js:28:16:28:45 | url.par ... ).query | -| node.js:28:16:28:52 | url.par ... .target | -| node.js:28:26:28:32 | req.url | -| node.js:28:26:28:32 | req.url | -| node.js:31:34:31:39 | target | -| node.js:31:34:31:55 | target ... =" + me | -| node.js:31:34:31:55 | target ... =" + me | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:17:8:23 | tainted | -| react-native.js:8:17:8:23 | tainted | -| react-native.js:9:26:9:32 | tainted | -| react-native.js:9:26:9:32 | tainted | edges -| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | -| express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | -| express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") | -| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target | +| ServerSideUrlRedirectGood2.js:16:7:16:34 | target | ServerSideUrlRedirectGood2.js:18:18:18:23 | target | +| ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | ServerSideUrlRedirectGood2.js:16:7:16:34 | target | +| express.js:27:7:27:34 | target | express.js:30:18:30:23 | target | | express.js:27:7:27:34 | target | express.js:33:18:33:23 | target | | express.js:27:7:27:34 | target | express.js:35:16:35:21 | target | -| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target | | express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target | -| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target | -| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | | express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | | express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target | | express.js:83:7:83:34 | target | express.js:90:18:90:23 | target | | express.js:83:7:83:34 | target | express.js:97:16:97:21 | target | -| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target | | express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target | -| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target | -| express.js:118:16:118:63 | [req.qu ... ection] | express.js:118:16:118:72 | [req.qu ... oin('') | -| express.js:118:16:118:63 | [req.qu ... ection] | express.js:118:16:118:72 | [req.qu ... oin('') | -| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] | -| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] | -| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | +| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:72 | [req.qu ... oin('') | | express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | | express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | | express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:143:16:143:28 | req.query.foo | express.js:143:16:143:28 | req.query.foo | -| express.js:146:16:146:24 | query.foo | express.js:146:16:146:24 | query.foo | -| express.js:150:7:150:34 | target | express.js:155:18:155:23 | target | | express.js:150:7:150:34 | target | express.js:155:18:155:23 | target | | express.js:150:7:150:34 | target | express.js:160:18:160:23 | target | -| express.js:150:7:150:34 | target | express.js:160:18:160:23 | target | -| express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target | | express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target | | express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing | -| express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing | | express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) | | express.js:164:17:164:54 | JSON.st ... (1, -1) | express.js:164:7:164:54 | myThing | | express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) | -| express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) | -| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url | | koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url | | koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url | | koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url | -| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url | | koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url | -| koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url | -| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url | | koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url | | koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` | -| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` | -| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | -| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | | next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | -| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | -| node.js:5:7:5:52 | target | node.js:6:34:6:39 | target | | node.js:5:7:5:52 | target | node.js:6:34:6:39 | target | -| node.js:5:16:5:39 | url.par ... , true) | node.js:5:16:5:45 | url.par ... ).query | -| node.js:5:16:5:45 | url.par ... ).query | node.js:5:16:5:52 | url.par ... .target | -| node.js:5:16:5:52 | url.par ... .target | node.js:5:7:5:52 | target | -| node.js:5:26:5:32 | req.url | node.js:5:16:5:39 | url.par ... , true) | +| node.js:5:16:5:39 | url.par ... , true) | node.js:5:7:5:52 | target | | node.js:5:26:5:32 | req.url | node.js:5:16:5:39 | url.par ... , true) | | node.js:10:7:10:52 | target | node.js:14:40:14:45 | target | -| node.js:10:16:10:39 | url.par ... , true) | node.js:10:16:10:45 | url.par ... ).query | -| node.js:10:16:10:45 | url.par ... ).query | node.js:10:16:10:52 | url.par ... .target | -| node.js:10:16:10:52 | url.par ... .target | node.js:10:7:10:52 | target | +| node.js:10:16:10:39 | url.par ... , true) | node.js:10:7:10:52 | target | | node.js:10:26:10:32 | req.url | node.js:10:16:10:39 | url.par ... , true) | -| node.js:10:26:10:32 | req.url | node.js:10:16:10:39 | url.par ... , true) | -| node.js:14:40:14:45 | target | node.js:14:34:14:45 | '/' + target | | node.js:14:40:14:45 | target | node.js:14:34:14:45 | '/' + target | | node.js:28:7:28:52 | target | node.js:31:34:31:39 | target | -| node.js:28:16:28:39 | url.par ... , true) | node.js:28:16:28:45 | url.par ... ).query | -| node.js:28:16:28:45 | url.par ... ).query | node.js:28:16:28:52 | url.par ... .target | -| node.js:28:16:28:52 | url.par ... .target | node.js:28:7:28:52 | target | -| node.js:28:26:28:32 | req.url | node.js:28:16:28:39 | url.par ... , true) | +| node.js:28:16:28:39 | url.par ... , true) | node.js:28:7:28:52 | target | | node.js:28:26:28:32 | req.url | node.js:28:16:28:39 | url.par ... , true) | | node.js:31:34:31:39 | target | node.js:31:34:31:55 | target ... =" + me | -| node.js:31:34:31:39 | target | node.js:31:34:31:55 | target ... =" + me | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted | | react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted | | react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | | react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | +nodes +| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | semmle.label | req.query["target"] | +| ServerSideUrlRedirectGood2.js:16:7:16:34 | target | semmle.label | target | +| ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | semmle.label | req.query["target"] | +| ServerSideUrlRedirectGood2.js:18:18:18:23 | target | semmle.label | target | +| express.js:7:16:7:34 | req.param("target") | semmle.label | req.param("target") | +| express.js:12:26:12:44 | req.param("target") | semmle.label | req.param("target") | +| express.js:27:7:27:34 | target | semmle.label | target | +| express.js:27:16:27:34 | req.param("target") | semmle.label | req.param("target") | +| express.js:30:18:30:23 | target | semmle.label | target | +| express.js:33:18:33:23 | target | semmle.label | target | +| express.js:35:16:35:21 | target | semmle.label | target | +| express.js:40:16:40:108 | (req.pa ... ntacts" | semmle.label | (req.pa ... ntacts" | +| express.js:40:69:40:87 | req.param('action') | semmle.label | req.param('action') | +| express.js:74:16:74:43 | `${req. ... )}/foo` | semmle.label | `${req. ... )}/foo` | +| express.js:74:19:74:37 | req.param("target") | semmle.label | req.param("target") | +| express.js:83:7:83:34 | target | semmle.label | target | +| express.js:83:16:83:34 | req.param("target") | semmle.label | req.param("target") | +| express.js:90:18:90:23 | target | semmle.label | target | +| express.js:97:16:97:21 | target | semmle.label | target | +| express.js:118:16:118:72 | [req.qu ... oin('') | semmle.label | [req.qu ... oin('') | +| express.js:118:17:118:30 | req.query.page | semmle.label | req.query.page | +| express.js:134:16:134:36 | '/' + r ... ms.user | semmle.label | '/' + r ... ms.user | +| express.js:134:22:134:36 | req.params.user | semmle.label | req.params.user | +| express.js:135:16:135:37 | '//' + ... ms.user | semmle.label | '//' + ... ms.user | +| express.js:135:23:135:37 | req.params.user | semmle.label | req.params.user | +| express.js:136:16:136:36 | 'u' + r ... ms.user | semmle.label | 'u' + r ... ms.user | +| express.js:136:22:136:36 | req.params.user | semmle.label | req.params.user | +| express.js:143:16:143:28 | req.query.foo | semmle.label | req.query.foo | +| express.js:146:16:146:24 | query.foo | semmle.label | query.foo | +| express.js:150:7:150:34 | target | semmle.label | target | +| express.js:150:16:150:34 | req.param("target") | semmle.label | req.param("target") | +| express.js:155:18:155:23 | target | semmle.label | target | +| express.js:160:18:160:23 | target | semmle.label | target | +| express.js:164:7:164:54 | myThing | semmle.label | myThing | +| express.js:164:17:164:41 | JSON.st ... .query) | semmle.label | JSON.st ... .query) | +| express.js:164:17:164:54 | JSON.st ... (1, -1) | semmle.label | JSON.st ... (1, -1) | +| express.js:164:32:164:40 | req.query | semmle.label | req.query | +| express.js:165:16:165:22 | myThing | semmle.label | myThing | +| koa.js:6:6:6:27 | url | semmle.label | url | +| koa.js:6:12:6:27 | ctx.query.target | semmle.label | ctx.query.target | +| koa.js:7:15:7:17 | url | semmle.label | url | +| koa.js:8:15:8:26 | `${url}${x}` | semmle.label | `${url}${x}` | +| koa.js:8:18:8:20 | url | semmle.label | url | +| koa.js:14:16:14:18 | url | semmle.label | url | +| koa.js:20:16:20:18 | url | semmle.label | url | +| next.ts:11:31:11:38 | req.body | semmle.label | req.body | +| next.ts:11:31:11:50 | req.body.callbackUrl | semmle.label | req.body.callbackUrl | +| node.js:5:7:5:52 | target | semmle.label | target | +| node.js:5:16:5:39 | url.par ... , true) | semmle.label | url.par ... , true) | +| node.js:5:26:5:32 | req.url | semmle.label | req.url | +| node.js:6:34:6:39 | target | semmle.label | target | +| node.js:10:7:10:52 | target | semmle.label | target | +| node.js:10:16:10:39 | url.par ... , true) | semmle.label | url.par ... , true) | +| node.js:10:26:10:32 | req.url | semmle.label | req.url | +| node.js:14:34:14:45 | '/' + target | semmle.label | '/' + target | +| node.js:14:40:14:45 | target | semmle.label | target | +| node.js:28:7:28:52 | target | semmle.label | target | +| node.js:28:16:28:39 | url.par ... , true) | semmle.label | url.par ... , true) | +| node.js:28:26:28:32 | req.url | semmle.label | req.url | +| node.js:31:34:31:39 | target | semmle.label | target | +| node.js:31:34:31:55 | target ... =" + me | semmle.label | target ... =" + me | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:17:8:23 | tainted | semmle.label | tainted | +| react-native.js:9:26:9:32 | tainted | semmle.label | tainted | +subpaths #select | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | Untrusted URL redirection depends on a $@. | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | user-provided value | +| ServerSideUrlRedirectGood2.js:18:18:18:23 | target | ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | ServerSideUrlRedirectGood2.js:18:18:18:23 | target | Untrusted URL redirection depends on a $@. | ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | user-provided value | | express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | Untrusted URL redirection depends on a $@. | express.js:7:16:7:34 | req.param("target") | user-provided value | | express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") | Untrusted URL redirection depends on a $@. | express.js:12:26:12:44 | req.param("target") | user-provided value | +| express.js:30:18:30:23 | target | express.js:27:16:27:34 | req.param("target") | express.js:30:18:30:23 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value | | express.js:33:18:33:23 | target | express.js:27:16:27:34 | req.param("target") | express.js:33:18:33:23 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value | | express.js:35:16:35:21 | target | express.js:27:16:27:34 | req.param("target") | express.js:35:16:35:21 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value | | express.js:40:16:40:108 | (req.pa ... ntacts" | express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | Untrusted URL redirection depends on a $@. | express.js:40:69:40:87 | req.param('action') | user-provided value | From 81d2721248627049e45ab81e1f2b138022d1e886 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:36:01 +0200 Subject: [PATCH 056/223] JS: Port ClientSideUrlRedirect --- .../ClientSideUrlRedirectCustomizations.qll | 10 + .../dataflow/ClientSideUrlRedirectQuery.qll | 77 ++- .../Security/CWE-601/ClientSideUrlRedirect.ql | 7 +- .../ClientSideUrlRedirect.expected | 476 +++++------------- .../CWE-601/ClientSideUrlRedirect/tst15.js | 12 + 5 files changed, 211 insertions(+), 371 deletions(-) create mode 100644 javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst15.js diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll index 7b3b098b730b..edf3bb06ca8a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll @@ -49,6 +49,16 @@ module ClientSideUrlRedirect { } } + /** + * Holds if `node` extracts a part of a URL that does not contain the suffix. + */ + pragma[inline] + predicate isPrefixExtraction(DataFlow::MethodCallNode node) { + // Block flow through prefix-extraction `substring(0, ...)` and `split("#")[0]` + node.getMethodName() = [StringOps::substringMethodName(), "split"] and + not untrustedUrlSubstring(_, node) + } + /** * Holds if `substring` refers to a substring of `base` which is considered untrusted * when `base` is the current URL. diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll index 0e1ceb955dde..339626964841 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll @@ -19,7 +19,55 @@ private class ConcreteDocumentUrl extends DocumentUrl { /** * A taint-tracking configuration for reasoning about unvalidated URL redirections. */ -class Configuration extends TaintTracking::Configuration { +module ClientSideUrlRedirectConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel state) { + source.(Source).getAFlowLabel() = state + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel state) { + sink instanceof Sink and state.isTaint() + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = HostnameSanitizerGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel state) { + isPrefixExtraction(node) and + state instanceof DocumentUrl + } + + predicate isBarrierOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } + + predicate isBarrierOut(DataFlow::Node node, DataFlow::FlowLabel label) { isSink(node, label) } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 + ) { + untrustedUrlSubstring(node1, node2) and + state1 instanceof DocumentUrl and + state2.isTaint() + or + exists(HtmlSanitizerCall call | + node1 = call.getInput() and + node2 = call and + state1 = state2 + ) + } +} + +/** + * Taint-tracking flow for reasoning about unvalidated URL redirections. + */ +module ClientSideUrlRedirectFlow = TaintTracking::GlobalWithState; + +/** + * A taint-tracking configuration for reasoning about unvalidated URL redirections. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ClientSideUrlRedirect" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { @@ -36,21 +84,22 @@ class Configuration extends TaintTracking::Configuration { override predicate isSanitizerOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel f, DataFlow::FlowLabel g + DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, + DataFlow::FlowLabel state2 ) { - untrustedUrlSubstring(pred, succ) and - f instanceof DocumentUrl and - g.isTaint() - or - // preserve document.url label in step from `location` to `location.href` - f instanceof DocumentUrl and - g instanceof DocumentUrl and - succ.(DataFlow::PropRead).accesses(pred, "href") + ClientSideUrlRedirectConfig::isAdditionalFlowStep(node1, state1, node2, state2) or - exists(HtmlSanitizerCall call | - pred = call.getInput() and - succ = call and - f = g + // Preserve document.url label in step from `location` to `location.href` or `location.toString()` + state1 instanceof DocumentUrl and + state2 instanceof DocumentUrl and + ( + node2.(DataFlow::PropRead).accesses(node1, "href") + or + exists(DataFlow::CallNode call | + call.getCalleeName() = "toString" and + node1 = call.getReceiver() and + node2 = call + ) ) } diff --git a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql index 6f29d3882683..a4b08e385bae 100644 --- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql @@ -15,9 +15,10 @@ import javascript import semmle.javascript.security.dataflow.ClientSideUrlRedirectQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + ClientSideUrlRedirectFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected index 20114c9aa539..fbac71a1779b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected +++ b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected @@ -1,435 +1,210 @@ nodes -| electron.js:4:12:4:22 | window.name | -| electron.js:4:12:4:22 | window.name | -| electron.js:7:20:7:29 | getTaint() | -| electron.js:7:20:7:29 | getTaint() | -| react.js:10:60:10:81 | documen ... on.hash | -| react.js:10:60:10:81 | documen ... on.hash | -| react.js:10:60:10:81 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | -| react.js:28:43:28:64 | documen ... on.hash | -| react.js:28:43:28:64 | documen ... on.hash | -| react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | -| react.js:34:43:34:64 | documen ... on.hash | -| react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | -| react.js:40:19:40:40 | documen ... on.hash | -| react.js:40:19:40:50 | documen ... bstr(1) | -| react.js:40:19:40:50 | documen ... bstr(1) | -| sanitizer.js:2:9:2:25 | url | -| sanitizer.js:2:15:2:25 | window.name | -| sanitizer.js:2:15:2:25 | window.name | -| sanitizer.js:4:27:4:29 | url | -| sanitizer.js:4:27:4:29 | url | -| sanitizer.js:16:27:16:29 | url | -| sanitizer.js:16:27:16:29 | url | -| sanitizer.js:19:27:19:29 | url | -| sanitizer.js:19:27:19:29 | url | -| sanitizer.js:22:27:22:29 | url | -| sanitizer.js:22:27:22:29 | url | -| sanitizer.js:25:27:25:29 | url | -| sanitizer.js:25:27:25:29 | url | -| sanitizer.js:28:27:28:29 | url | -| sanitizer.js:28:27:28:29 | url | -| sanitizer.js:31:27:31:29 | url | -| sanitizer.js:31:27:31:29 | url | -| sanitizer.js:37:27:37:29 | url | -| sanitizer.js:37:27:37:29 | url | -| tst2.js:2:7:2:33 | href | -| tst2.js:2:14:2:28 | window.location | -| tst2.js:2:14:2:28 | window.location | -| tst2.js:2:14:2:33 | window.location.href | -| tst2.js:2:14:2:33 | window.location.href | -| tst2.js:4:21:4:24 | href | -| tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst6.js:2:7:2:45 | redirect | -| tst6.js:2:18:2:45 | $locati ... irect') | -| tst6.js:2:18:2:45 | $locati ... irect') | -| tst6.js:4:21:4:28 | redirect | -| tst6.js:4:21:4:28 | redirect | -| tst6.js:6:17:6:24 | redirect | -| tst6.js:6:17:6:24 | redirect | -| tst6.js:8:21:8:48 | $locati ... irect') | -| tst6.js:8:21:8:48 | $locati ... irect') | -| tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | -| tst9.js:2:21:2:42 | documen ... on.hash | -| tst9.js:2:21:2:42 | documen ... on.hash | -| tst9.js:2:21:2:55 | documen ... ring(1) | -| tst9.js:2:21:2:55 | documen ... ring(1) | -| tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:23:5:46 | documen ... .search | -| tst10.js:5:23:5:46 | documen ... .search | -| tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:24:8:47 | documen ... .search | -| tst10.js:8:24:8:47 | documen ... .search | -| tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:27:11:50 | documen ... .search | -| tst10.js:11:27:11:50 | documen ... .search | -| tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:33:14:56 | documen ... .search | -| tst10.js:14:33:14:56 | documen ... .search | -| tst12.js:3:9:3:50 | urlParts | -| tst12.js:3:20:3:39 | window.location.hash | -| tst12.js:3:20:3:39 | window.location.hash | -| tst12.js:3:20:3:50 | window. ... it('?') | -| tst12.js:4:9:4:45 | loc | -| tst12.js:4:15:4:22 | urlParts | -| tst12.js:4:15:4:25 | urlParts[0] | -| tst12.js:4:15:4:45 | urlPart ... s.value | -| tst12.js:5:23:5:25 | loc | -| tst12.js:5:23:5:25 | loc | -| tst13.js:2:9:2:52 | payload | -| tst13.js:2:19:2:42 | documen ... .search | -| tst13.js:2:19:2:42 | documen ... .search | -| tst13.js:2:19:2:52 | documen ... bstr(1) | -| tst13.js:4:15:4:21 | payload | -| tst13.js:4:15:4:21 | payload | -| tst13.js:8:21:8:27 | payload | -| tst13.js:8:21:8:27 | payload | -| tst13.js:12:14:12:20 | payload | -| tst13.js:12:14:12:20 | payload | -| tst13.js:16:17:16:23 | payload | -| tst13.js:16:17:16:23 | payload | -| tst13.js:20:14:20:20 | payload | -| tst13.js:20:14:20:20 | payload | -| tst13.js:24:14:24:20 | payload | -| tst13.js:24:14:24:20 | payload | -| tst13.js:28:21:28:27 | payload | -| tst13.js:28:21:28:27 | payload | -| tst13.js:32:17:32:23 | payload | -| tst13.js:32:17:32:23 | payload | -| tst13.js:36:21:36:27 | payload | -| tst13.js:36:21:36:27 | payload | -| tst13.js:40:15:40:21 | payload | -| tst13.js:40:15:40:21 | payload | -| tst13.js:44:14:44:20 | payload | -| tst13.js:44:14:44:20 | payload | -| tst13.js:49:32:49:32 | e | -| tst13.js:49:32:49:32 | e | -| tst13.js:50:23:50:23 | e | -| tst13.js:50:23:50:23 | e | -| tst13.js:52:34:52:34 | e | -| tst13.js:52:34:52:34 | e | -| tst13.js:53:28:53:28 | e | -| tst13.js:53:28:53:28 | e | -| tst13.js:59:9:59:52 | payload | -| tst13.js:59:19:59:42 | documen ... .search | -| tst13.js:59:19:59:42 | documen ... .search | -| tst13.js:59:19:59:52 | documen ... bstr(1) | -| tst13.js:61:18:61:24 | payload | -| tst13.js:61:18:61:24 | payload | -| tst13.js:65:9:65:49 | payload | -| tst13.js:65:19:65:39 | history ... on.hash | -| tst13.js:65:19:65:39 | history ... on.hash | -| tst13.js:65:19:65:49 | history ... bstr(1) | -| tst13.js:67:21:67:27 | payload | -| tst13.js:67:21:67:27 | payload | -| tst13.js:72:9:72:49 | payload | -| tst13.js:72:19:72:39 | history ... on.hash | -| tst13.js:72:19:72:39 | history ... on.hash | -| tst13.js:72:19:72:49 | history ... bstr(1) | -| tst13.js:74:21:74:27 | payload | -| tst13.js:74:21:74:27 | payload | -| tst13.js:78:9:78:48 | url | -| tst13.js:78:15:78:38 | documen ... .search | -| tst13.js:78:15:78:38 | documen ... .search | -| tst13.js:78:15:78:48 | documen ... bstr(1) | -| tst13.js:80:21:80:23 | url | -| tst13.js:80:21:80:23 | url | -| tst13.js:81:28:81:30 | url | -| tst13.js:81:28:81:30 | url | -| tst13.js:82:27:82:29 | url | -| tst13.js:82:27:82:29 | url | -| tst13.js:83:22:83:24 | url | -| tst13.js:83:22:83:24 | url | -| tst.js:2:19:2:69 | /.*redi ... n.href) | -| tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:47:2:63 | document.location | -| tst.js:2:47:2:63 | document.location | -| tst.js:2:47:2:68 | documen ... on.href | -| tst.js:2:47:2:68 | documen ... on.href | -| tst.js:6:20:6:56 | indirec ... n.href) | -| tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:34:6:50 | document.location | -| tst.js:6:34:6:50 | document.location | -| tst.js:6:34:6:55 | documen ... on.href | -| tst.js:6:34:6:55 | documen ... on.href | -| tst.js:10:19:10:81 | new Reg ... n.href) | -| tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:59:10:75 | document.location | -| tst.js:10:59:10:75 | document.location | -| tst.js:10:59:10:80 | documen ... on.href | -| tst.js:10:59:10:80 | documen ... on.href | -| tst.js:14:20:14:56 | indirec ... n.href) | -| tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:34:14:50 | document.location | -| tst.js:14:34:14:50 | document.location | -| tst.js:14:34:14:55 | documen ... on.href | -| tst.js:14:34:14:55 | documen ... on.href | -| tst.js:18:19:18:81 | new Reg ... n.href) | -| tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:59:18:75 | document.location | -| tst.js:18:59:18:75 | document.location | -| tst.js:18:59:18:80 | documen ... on.href | -| tst.js:18:59:18:80 | documen ... on.href | -| tst.js:22:20:22:56 | indirec ... n.href) | -| tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:34:22:50 | document.location | -| tst.js:22:34:22:50 | document.location | -| tst.js:22:34:22:55 | documen ... on.href | -| tst.js:22:34:22:55 | documen ... on.href | -| tst.js:26:22:26:79 | new Reg ... n.href) | -| tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:62:26:78 | win.location.href | -| tst.js:26:62:26:78 | win.location.href | -| typed.ts:4:13:4:36 | params | -| typed.ts:4:22:4:36 | location.search | -| typed.ts:4:22:4:36 | location.search | -| typed.ts:5:25:5:30 | params | -| typed.ts:7:24:7:34 | redirectUri | -| typed.ts:8:33:8:43 | redirectUri | -| typed.ts:8:33:8:43 | redirectUri | -| typed.ts:25:25:25:34 | loc.search | -| typed.ts:25:25:25:34 | loc.search | -| typed.ts:28:24:28:34 | redirectUri | -| typed.ts:29:33:29:43 | redirectUri | -| typed.ts:29:33:29:43 | redirectUri | -| typed.ts:47:25:47:34 | loc.search | -| typed.ts:47:25:47:34 | loc.search | -| typed.ts:48:26:48:36 | loc2.search | -| typed.ts:48:26:48:36 | loc2.search | -| typed.ts:51:24:51:34 | redirectUri | -| typed.ts:52:33:52:43 | redirectUri | -| typed.ts:52:33:52:43 | redirectUri | -| typed.ts:55:25:55:35 | redirectUri | -| typed.ts:56:33:56:43 | redirectUri | -| typed.ts:56:33:56:43 | redirectUri | +| electron.js:4:12:4:22 | window.name | semmle.label | window.name | +| electron.js:7:20:7:29 | getTaint() | semmle.label | getTaint() | +| react.js:10:60:10:81 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:21:24:21:45 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:28:43:28:64 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:28:43:28:74 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| react.js:34:43:34:64 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:34:43:34:74 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| react.js:40:19:40:40 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:40:19:40:50 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| sanitizer.js:2:9:2:25 | url | semmle.label | url | +| sanitizer.js:2:15:2:25 | window.name | semmle.label | window.name | +| sanitizer.js:4:27:4:29 | url | semmle.label | url | +| sanitizer.js:16:27:16:29 | url | semmle.label | url | +| sanitizer.js:19:27:19:29 | url | semmle.label | url | +| sanitizer.js:22:27:22:29 | url | semmle.label | url | +| sanitizer.js:25:27:25:29 | url | semmle.label | url | +| sanitizer.js:28:27:28:29 | url | semmle.label | url | +| sanitizer.js:31:27:31:29 | url | semmle.label | url | +| sanitizer.js:37:27:37:29 | url | semmle.label | url | +| tst2.js:2:7:2:33 | href | semmle.label | href | +| tst2.js:2:14:2:33 | window.location.href | semmle.label | window.location.href | +| tst2.js:4:21:4:24 | href | semmle.label | href | +| tst2.js:4:21:4:55 | href.su ... '?')+1) | semmle.label | href.su ... '?')+1) | +| tst6.js:2:7:2:45 | redirect | semmle.label | redirect | +| tst6.js:2:18:2:45 | $locati ... irect') | semmle.label | $locati ... irect') | +| tst6.js:4:21:4:28 | redirect | semmle.label | redirect | +| tst6.js:6:17:6:24 | redirect | semmle.label | redirect | +| tst6.js:8:21:8:48 | $locati ... irect') | semmle.label | $locati ... irect') | +| tst6.js:8:21:8:56 | $locati ... + "foo" | semmle.label | $locati ... + "foo" | +| tst7.js:2:12:2:35 | documen ... .search | semmle.label | documen ... .search | +| tst7.js:5:27:5:50 | documen ... .search | semmle.label | documen ... .search | +| tst9.js:2:21:2:42 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst9.js:2:21:2:55 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst10.js:5:17:5:46 | '/' + d ... .search | semmle.label | '/' + d ... .search | +| tst10.js:5:23:5:46 | documen ... .search | semmle.label | documen ... .search | +| tst10.js:8:17:8:47 | '//' + ... .search | semmle.label | '//' + ... .search | +| tst10.js:8:24:8:47 | documen ... .search | semmle.label | documen ... .search | +| tst10.js:11:17:11:50 | '//foo' ... .search | semmle.label | '//foo' ... .search | +| tst10.js:11:27:11:50 | documen ... .search | semmle.label | documen ... .search | +| tst10.js:14:17:14:56 | 'https: ... .search | semmle.label | 'https: ... .search | +| tst10.js:14:33:14:56 | documen ... .search | semmle.label | documen ... .search | +| tst12.js:3:9:3:50 | urlParts | semmle.label | urlParts | +| tst12.js:3:20:3:39 | window.location.hash | semmle.label | window.location.hash | +| tst12.js:3:20:3:50 | window. ... it('?') | semmle.label | window. ... it('?') | +| tst12.js:4:9:4:45 | loc | semmle.label | loc | +| tst12.js:4:15:4:22 | urlParts | semmle.label | urlParts | +| tst12.js:5:23:5:25 | loc | semmle.label | loc | +| tst13.js:2:9:2:52 | payload | semmle.label | payload | +| tst13.js:2:19:2:42 | documen ... .search | semmle.label | documen ... .search | +| tst13.js:2:19:2:52 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst13.js:4:15:4:21 | payload | semmle.label | payload | +| tst13.js:8:21:8:27 | payload | semmle.label | payload | +| tst13.js:12:14:12:20 | payload | semmle.label | payload | +| tst13.js:16:17:16:23 | payload | semmle.label | payload | +| tst13.js:20:14:20:20 | payload | semmle.label | payload | +| tst13.js:24:14:24:20 | payload | semmle.label | payload | +| tst13.js:28:21:28:27 | payload | semmle.label | payload | +| tst13.js:32:17:32:23 | payload | semmle.label | payload | +| tst13.js:36:21:36:27 | payload | semmle.label | payload | +| tst13.js:40:15:40:21 | payload | semmle.label | payload | +| tst13.js:44:14:44:20 | payload | semmle.label | payload | +| tst13.js:49:32:49:32 | e | semmle.label | e | +| tst13.js:50:23:50:23 | e | semmle.label | e | +| tst13.js:52:34:52:34 | e | semmle.label | e | +| tst13.js:53:28:53:28 | e | semmle.label | e | +| tst13.js:59:9:59:52 | payload | semmle.label | payload | +| tst13.js:59:19:59:42 | documen ... .search | semmle.label | documen ... .search | +| tst13.js:59:19:59:52 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst13.js:61:18:61:24 | payload | semmle.label | payload | +| tst13.js:65:9:65:49 | payload | semmle.label | payload | +| tst13.js:65:19:65:39 | history ... on.hash | semmle.label | history ... on.hash | +| tst13.js:65:19:65:49 | history ... bstr(1) | semmle.label | history ... bstr(1) | +| tst13.js:67:21:67:27 | payload | semmle.label | payload | +| tst13.js:72:9:72:49 | payload | semmle.label | payload | +| tst13.js:72:19:72:39 | history ... on.hash | semmle.label | history ... on.hash | +| tst13.js:72:19:72:49 | history ... bstr(1) | semmle.label | history ... bstr(1) | +| tst13.js:74:21:74:27 | payload | semmle.label | payload | +| tst13.js:78:9:78:48 | url | semmle.label | url | +| tst13.js:78:15:78:38 | documen ... .search | semmle.label | documen ... .search | +| tst13.js:78:15:78:48 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst13.js:80:21:80:23 | url | semmle.label | url | +| tst13.js:81:28:81:30 | url | semmle.label | url | +| tst13.js:82:27:82:29 | url | semmle.label | url | +| tst13.js:83:22:83:24 | url | semmle.label | url | +| tst.js:2:19:2:69 | /.*redi ... n.href) | semmle.label | /.*redi ... n.href) | +| tst.js:2:19:2:72 | /.*redi ... ref)[1] | semmle.label | /.*redi ... ref)[1] | +| tst.js:2:47:2:68 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:6:20:6:56 | indirec ... n.href) | semmle.label | indirec ... n.href) | +| tst.js:6:20:6:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] | +| tst.js:6:34:6:55 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:10:19:10:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) | +| tst.js:10:19:10:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] | +| tst.js:10:59:10:80 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:14:20:14:56 | indirec ... n.href) | semmle.label | indirec ... n.href) | +| tst.js:14:20:14:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] | +| tst.js:14:34:14:55 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:18:19:18:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) | +| tst.js:18:19:18:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] | +| tst.js:18:59:18:80 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:22:20:22:56 | indirec ... n.href) | semmle.label | indirec ... n.href) | +| tst.js:22:20:22:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] | +| tst.js:22:34:22:55 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:26:22:26:79 | new Reg ... n.href) | semmle.label | new Reg ... n.href) | +| tst.js:26:22:26:82 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] | +| tst.js:26:62:26:78 | win.location.href | semmle.label | win.location.href | +| typed.ts:4:13:4:36 | params | semmle.label | params | +| typed.ts:4:22:4:36 | location.search | semmle.label | location.search | +| typed.ts:5:25:5:30 | params | semmle.label | params | +| typed.ts:7:24:7:34 | redirectUri | semmle.label | redirectUri | +| typed.ts:8:33:8:43 | redirectUri | semmle.label | redirectUri | +| typed.ts:25:25:25:34 | loc.search | semmle.label | loc.search | +| typed.ts:28:24:28:34 | redirectUri | semmle.label | redirectUri | +| typed.ts:29:33:29:43 | redirectUri | semmle.label | redirectUri | +| typed.ts:47:25:47:34 | loc.search | semmle.label | loc.search | +| typed.ts:48:26:48:36 | loc2.search | semmle.label | loc2.search | +| typed.ts:51:24:51:34 | redirectUri | semmle.label | redirectUri | +| typed.ts:52:33:52:43 | redirectUri | semmle.label | redirectUri | +| typed.ts:55:25:55:35 | redirectUri | semmle.label | redirectUri | +| typed.ts:56:33:56:43 | redirectUri | semmle.label | redirectUri | edges | electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:45 | documen ... on.hash | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | | react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | | react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | | react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url | | sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url | | sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url | | sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url | | sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url | | sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url | | sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url | | sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | | sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | -| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | | tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href | -| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href | -| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href | -| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | | tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | | tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | | tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | | tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | -| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | -| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | | tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:50 | documen ... .search | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | | tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | | tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | | tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | | tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | | tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | | tst12.js:3:9:3:50 | urlParts | tst12.js:4:15:4:22 | urlParts | | tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') | -| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') | | tst12.js:3:20:3:50 | window. ... it('?') | tst12.js:3:9:3:50 | urlParts | | tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc | -| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc | -| tst12.js:4:15:4:22 | urlParts | tst12.js:4:15:4:25 | urlParts[0] | -| tst12.js:4:15:4:25 | urlParts[0] | tst12.js:4:15:4:45 | urlPart ... s.value | -| tst12.js:4:15:4:45 | urlPart ... s.value | tst12.js:4:9:4:45 | loc | +| tst12.js:4:15:4:22 | urlParts | tst12.js:4:9:4:45 | loc | | tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | | tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | | tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | | tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload | | tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload | | tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload | | tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload | | tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload | | tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload | | tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload | | tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload | | tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) | -| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) | | tst13.js:2:19:2:52 | documen ... bstr(1) | tst13.js:2:9:2:52 | payload | | tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | | tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | | tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload | -| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload | -| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) | | tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) | | tst13.js:59:19:59:52 | documen ... bstr(1) | tst13.js:59:9:59:52 | payload | | tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload | -| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload | -| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) | | tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) | | tst13.js:65:19:65:49 | history ... bstr(1) | tst13.js:65:9:65:49 | payload | | tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload | -| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload | -| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) | | tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) | | tst13.js:72:19:72:49 | history ... bstr(1) | tst13.js:72:9:72:49 | payload | | tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url | -| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url | -| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url | | tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url | | tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url | -| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url | | tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url | -| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url | -| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) | | tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) | | tst13.js:78:15:78:48 | documen ... bstr(1) | tst13.js:78:9:78:48 | url | | tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href | -| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href | | tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | -| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | -| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | | tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href | -| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href | -| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | | tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | | tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:59:10:75 | document.location | tst.js:10:59:10:80 | documen ... on.href | -| tst.js:10:59:10:75 | document.location | tst.js:10:59:10:80 | documen ... on.href | -| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | | tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | | tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:34:14:50 | document.location | tst.js:14:34:14:55 | documen ... on.href | -| tst.js:14:34:14:50 | document.location | tst.js:14:34:14:55 | documen ... on.href | | tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | -| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | -| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | | tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:59:18:75 | document.location | tst.js:18:59:18:80 | documen ... on.href | -| tst.js:18:59:18:75 | document.location | tst.js:18:59:18:80 | documen ... on.href | -| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | | tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | | tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:34:22:50 | document.location | tst.js:22:34:22:55 | documen ... on.href | -| tst.js:22:34:22:50 | document.location | tst.js:22:34:22:55 | documen ... on.href | -| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | | tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | | tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | | tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | | typed.ts:4:13:4:36 | params | typed.ts:5:25:5:30 | params | | typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params | -| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params | | typed.ts:5:25:5:30 | params | typed.ts:7:24:7:34 | redirectUri | | typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | -| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | | typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri | -| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri | -| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | | typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | | typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri | -| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri | | typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri | -| typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri | -| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | | typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | | typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | -| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | +subpaths #select | electron.js:7:20:7:29 | getTaint() | electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | Untrusted URL redirection depends on a $@. | electron.js:4:12:4:22 | window.name | user-provided value | | react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | Untrusted URL redirection depends on a $@. | react.js:10:60:10:81 | documen ... on.hash | user-provided value | @@ -445,7 +220,6 @@ edges | sanitizer.js:28:27:28:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:28:27:28:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | | sanitizer.js:31:27:31:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:31:27:31:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | | sanitizer.js:37:27:37:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:37:27:37:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | -| tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:28 | window.location | tst2.js:4:21:4:55 | href.su ... '?')+1) | Untrusted URL redirection depends on a $@. | tst2.js:2:14:2:28 | window.location | user-provided value | | tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:33 | window.location.href | tst2.js:4:21:4:55 | href.su ... '?')+1) | Untrusted URL redirection depends on a $@. | tst2.js:2:14:2:33 | window.location.href | user-provided value | | tst6.js:4:21:4:28 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:4:21:4:28 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value | | tst6.js:6:17:6:24 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:6:17:6:24 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value | @@ -478,17 +252,11 @@ edges | tst13.js:81:28:81:30 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:81:28:81:30 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value | | tst13.js:82:27:82:29 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:82:27:82:29 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value | | tst13.js:83:22:83:24 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:83:22:83:24 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value | -| tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:63 | document.location | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:2:47:2:63 | document.location | user-provided value | | tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:2:47:2:68 | documen ... on.href | user-provided value | -| tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:50 | document.location | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:6:34:6:50 | document.location | user-provided value | | tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:6:34:6:55 | documen ... on.href | user-provided value | -| tst.js:10:19:10:84 | new Reg ... ref)[1] | tst.js:10:59:10:75 | document.location | tst.js:10:19:10:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:10:59:10:75 | document.location | user-provided value | | tst.js:10:19:10:84 | new Reg ... ref)[1] | tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:10:59:10:80 | documen ... on.href | user-provided value | -| tst.js:14:20:14:59 | indirec ... ref)[1] | tst.js:14:34:14:50 | document.location | tst.js:14:20:14:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:14:34:14:50 | document.location | user-provided value | | tst.js:14:20:14:59 | indirec ... ref)[1] | tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:14:34:14:55 | documen ... on.href | user-provided value | -| tst.js:18:19:18:84 | new Reg ... ref)[1] | tst.js:18:59:18:75 | document.location | tst.js:18:19:18:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:18:59:18:75 | document.location | user-provided value | | tst.js:18:19:18:84 | new Reg ... ref)[1] | tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:18:59:18:80 | documen ... on.href | user-provided value | -| tst.js:22:20:22:59 | indirec ... ref)[1] | tst.js:22:34:22:50 | document.location | tst.js:22:20:22:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:22:34:22:50 | document.location | user-provided value | | tst.js:22:20:22:59 | indirec ... ref)[1] | tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:22:34:22:55 | documen ... on.href | user-provided value | | tst.js:26:22:26:82 | new Reg ... ref)[1] | tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:82 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:26:62:26:78 | win.location.href | user-provided value | | typed.ts:8:33:8:43 | redirectUri | typed.ts:4:22:4:36 | location.search | typed.ts:8:33:8:43 | redirectUri | Untrusted URL redirection depends on a $@. | typed.ts:4:22:4:36 | location.search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst15.js b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst15.js new file mode 100644 index 000000000000..cb5345d5921b --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst15.js @@ -0,0 +1,12 @@ +function foo() { + var url = document.location.toString(); + window.location = url.substring(0).substring(1); // OK + window.location = url.substring(0, 10).substring(1); // OK + window.location = url.substring(0, url.indexOf('/', 10)).substring(1); // OK +} + +function bar() { + var url = new URL(window.location); + window.location = url.origin; // OK + window.location = url.origin.substring(10); // OK +} From f1f45927b121fb858c5bfc3c8078c1915ae9731b Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:36:31 +0200 Subject: [PATCH 057/223] JS: Port PrototypePollutingAssignment --- ...otypePollutingAssignmentCustomizations.qll | 32 +- .../PrototypePollutingAssignmentQuery.qll | 138 ++++-- .../CWE-915/PrototypePollutingAssignment.ql | 9 +- .../Consistency.expected | 1 + .../Consistency.ql | 11 +- .../PrototypePollutingAssignment.expected | 402 ++++++------------ 6 files changed, 286 insertions(+), 307 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll index 656c7bb3849c..4b0b954066a8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll @@ -38,6 +38,30 @@ module PrototypePollutingAssignment { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for prototype-polluting assignments. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** A flow label representing the `Object.prototype` value. */ abstract class ObjectPrototype extends DataFlow::FlowLabel { ObjectPrototype() { this = "Object.prototype" } @@ -46,7 +70,9 @@ module PrototypePollutingAssignment { /** The base of an assignment or extend call, as a sink for `Object.prototype` references. */ private class DefaultSink extends Sink { DefaultSink() { - this = any(DataFlow::PropWrite write).getBase() + // Avoid using PropWrite here as we only want assignments that can mutate a pre-existing object, + // so not object literals or array literals. + this = any(AssignExpr assign).getTarget().(PropAccess).getBase().flow() or this = any(ExtendCall c).getDestinationOperand() or @@ -67,7 +93,9 @@ module PrototypePollutingAssignment { * A parameter of an exported function, seen as a source prototype-polluting assignment. */ class ExternalInputSource extends Source { - ExternalInputSource() { this = Exports::getALibraryInputParameter() } + ExternalInputSource() { + this = Exports::getALibraryInputParameter() and not this instanceof RemoteFlowSource + } override string describe() { result = "library input" } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll index 0ba2f26b24c7..ca61ebf284d0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll @@ -19,16 +19,18 @@ private class ConcreteObjectPrototype extends ObjectPrototype { } /** A taint-tracking configuration for reasoning about prototype-polluting assignments. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PrototypePollutingAssignment" } +module PrototypePollutingAssignmentConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node node) { node instanceof Source } + predicate isSource(DataFlow::Node node, DataFlow::FlowLabel label) { + node instanceof Source and label.isTaint() + } - override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { + predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { node.(Sink).getAFlowLabel() = lbl } - override predicate isSanitizer(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer or // Concatenating with a string will in practice prevent the string `__proto__` from arising. @@ -53,17 +55,24 @@ class Configuration extends TaintTracking::Configuration { not replace.getRawReplacement().getStringValue() = "" ) ) + or + node = DataFlow::MakeBarrierGuard::getABarrierNode() } - override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowLabel lbl) { + predicate isBarrierOut(DataFlow::Node node, DataFlow::FlowLabel lbl) { // Suppress the value-preserving step src -> dst in `extend(dst, src)`. This is modeled as a value-preserving // step because it preserves all properties, but the destination is not actually Object.prototype. node = any(ExtendCall call).getASourceOperand() and lbl instanceof ObjectPrototype } - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + predicate isBarrierIn(DataFlow::Node node, DataFlow::FlowLabel lbl) { + // FIXME: This should only be an in-barrier for the corresponding flow state, but flow-state specific in-barriers are not supported right now. + isSource(node, lbl) + } + + predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::FlowLabel inlbl, DataFlow::Node succ, DataFlow::FlowLabel outlbl ) { // Step from x -> obj[x] while switching to the ObjectPrototype label // (If `x` can have the value `__proto__` then the result can be Object.prototype) @@ -91,7 +100,80 @@ class Configuration extends TaintTracking::Configuration { outlbl instanceof ObjectPrototype ) or - DataFlow::localFieldStep(pred, succ) and inlbl = outlbl + // TODO: local field step becomes a jump step, resulting in FPs (closure-lib) + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) + none() + or + inlbl.isTaint() and + TaintTracking::defaultTaintStep(pred, succ) and + inlbl = outlbl + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + lbl.isTaint() and + TaintTracking::defaultSanitizer(node) + or + // Don't propagate into the receiver, as the method lookups will generally fail on Object.prototype. + node instanceof DataFlow::ThisNode and + lbl instanceof ObjectPrototype + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(lbl) + } +} + +/** Taint-tracking for reasoning about prototype-polluting assignments. */ +module PrototypePollutingAssignmentFlow = + DataFlow::GlobalWithState; + +/** + * Holds if the given `source, sink` pair should not be reported, as we don't have enough + * confidence in the alert given that source is a library input. + */ +bindingset[source, sink] +predicate isIgnoredLibraryFlow(ExternalInputSource source, Sink sink) { + exists(source) and + // filter away paths that start with library inputs and end with a write to a fixed property. + exists(DataFlow::PropWrite write | sink = write.getBase() | + // fixed property name + exists(write.getPropertyName()) + or + // non-string property name (likely number) + exists(Expr prop | prop = write.getPropertyNameExpr() | + not prop.analyze().getAType() = TTString() + ) + ) +} + +/** + * DEPRECATED. Use the `PrototypePollutingAssignmentFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "PrototypePollutingAssignment" } + + override predicate isSource(DataFlow::Node node) { node instanceof Source } + + override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { + node.(Sink).getAFlowLabel() = lbl + } + + override predicate isSanitizer(DataFlow::Node node) { + PrototypePollutingAssignmentConfig::isBarrier(node) + } + + override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowLabel lbl) { + // Suppress the value-preserving step src -> dst in `extend(dst, src)`. This is modeled as a value-preserving + // step because it preserves all properties, but the destination is not actually Object.prototype. + node = any(ExtendCall call).getASourceOperand() and + lbl instanceof ObjectPrototype + } + + override predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + ) { + PrototypePollutingAssignmentConfig::isAdditionalFlowStep(pred, inlbl, succ, outlbl) } override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { @@ -174,9 +256,7 @@ private predicate isPropertyPresentOnObjectPrototype(string prop) { } /** A check of form `e.prop` where `prop` is not present on `Object.prototype`. */ -private class PropertyPresenceCheck extends TaintTracking::LabeledSanitizerGuardNode, - DataFlow::ValueNode -{ +private class PropertyPresenceCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override PropAccess astNode; PropertyPresenceCheck() { @@ -184,7 +264,7 @@ private class PropertyPresenceCheck extends TaintTracking::LabeledSanitizerGuard not isPropertyPresentOnObjectPrototype(astNode.getPropertyName()) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getBase() and outcome = true and label instanceof ObjectPrototype @@ -192,14 +272,14 @@ private class PropertyPresenceCheck extends TaintTracking::LabeledSanitizerGuard } /** A check of form `"prop" in e` where `prop` is not present on `Object.prototype`. */ -private class InExprCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { +private class InExprCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override InExpr astNode; InExprCheck() { not isPropertyPresentOnObjectPrototype(astNode.getLeftOperand().getStringValue()) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getRightOperand() and outcome = true and label instanceof ObjectPrototype @@ -207,10 +287,10 @@ private class InExprCheck extends TaintTracking::LabeledSanitizerGuardNode, Data } /** A check of form `e instanceof X`, which is always false for `Object.prototype`. */ -private class InstanceofCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { +private class InstanceofCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override InstanceofExpr astNode; - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getLeftOperand() and outcome = true and label instanceof ObjectPrototype @@ -218,7 +298,7 @@ private class InstanceofCheck extends TaintTracking::LabeledSanitizerGuardNode, } /** A check of form `typeof e === "string"`. */ -private class TypeofCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { +private class TypeofCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; boolean polarity; @@ -231,7 +311,7 @@ private class TypeofCheck extends TaintTracking::LabeledSanitizerGuardNode, Data ) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { polarity = outcome and e = operand and label instanceof ObjectPrototype @@ -239,20 +319,20 @@ private class TypeofCheck extends TaintTracking::LabeledSanitizerGuardNode, Data } /** A guard that checks whether `x` is a number. */ -class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { +class NumberGuard extends BarrierGuardLegacy instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } /** A call to `Array.isArray`, which is false for `Object.prototype`. */ -private class IsArrayCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::CallNode { +private class IsArrayCheck extends BarrierGuardLegacy, DataFlow::CallNode { IsArrayCheck() { this = DataFlow::globalVarRef("Array").getAMemberCall("isArray") } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = this.getArgument(0).asExpr() and outcome = true and label instanceof ObjectPrototype @@ -262,12 +342,12 @@ private class IsArrayCheck extends TaintTracking::LabeledSanitizerGuardNode, Dat /** * Sanitizer guard of form `x !== "__proto__"`. */ -private class EqualityCheck extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { +private class EqualityCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; EqualityCheck() { astNode.getAnOperand().getStringValue() = "__proto__" } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = astNode.getAnOperand() and outcome = astNode.getPolarity().booleanNot() } @@ -276,10 +356,10 @@ private class EqualityCheck extends TaintTracking::SanitizerGuardNode, DataFlow: /** * Sanitizer guard of the form `x.includes("__proto__")`. */ -private class IncludesCheck extends TaintTracking::LabeledSanitizerGuardNode, InclusionTest { +private class IncludesCheck extends BarrierGuardLegacy, InclusionTest { IncludesCheck() { this.getContainedNode().mayHaveStringValue("__proto__") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = this.getContainerNode().asExpr() and outcome = this.getPolarity().booleanNot() } @@ -288,7 +368,7 @@ private class IncludesCheck extends TaintTracking::LabeledSanitizerGuardNode, In /** * A sanitizer guard that checks tests whether `x` is included in a list like `["__proto__"].includes(x)`. */ -private class DenyListInclusionGuard extends TaintTracking::SanitizerGuardNode, InclusionTest { +private class DenyListInclusionGuard extends BarrierGuardLegacy, InclusionTest { DenyListInclusionGuard() { this.getContainerNode() .getALocalSource() @@ -297,7 +377,7 @@ private class DenyListInclusionGuard extends TaintTracking::SanitizerGuardNode, .mayHaveStringValue("__proto__") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = this.getContainedNode().asExpr() and outcome = super.getPolarity().booleanNot() } diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql index 2b916426169e..b5f86910e9de 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql @@ -19,10 +19,13 @@ import javascript import semmle.javascript.security.dataflow.PrototypePollutingAssignmentQuery -import DataFlow::PathGraph +import PrototypePollutingAssignmentFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from + PrototypePollutingAssignmentFlow::PathNode source, PrototypePollutingAssignmentFlow::PathNode sink +where + PrototypePollutingAssignmentFlow::flowPath(source, sink) and + not isIgnoredLibraryFlow(source.getNode(), sink.getNode()) select sink, source, sink, "This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.expected index e69de29bb2d1..8d013c40b5fb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.expected @@ -0,0 +1 @@ +| query-tests/Security/CWE-915/PrototypePollutingAssignment/lib.js:70 | expected an alert, but found none | NOT OK | Config | diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.ql index 7a440ac58bba..636d6e3bbdaa 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.ql +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.ql @@ -2,6 +2,15 @@ import javascript import testUtilities.ConsistencyChecking import semmle.javascript.security.dataflow.PrototypePollutingAssignmentQuery -class Config extends ConsistencyConfiguration, Configuration { +class Config extends ConsistencyConfiguration { + Config() { this = "Config" } + override File getAFile() { any() } + + override DataFlow::Node getAnAlert() { + exists(DataFlow::Node source | + PrototypePollutingAssignmentFlow::flow(source, result) and + not isIgnoredLibraryFlow(source, result) + ) + } } diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected index 891aeff42218..e3e20255490c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected @@ -1,371 +1,230 @@ -nodes -| lib.js:1:38:1:40 | obj | -| lib.js:1:43:1:46 | path | -| lib.js:1:43:1:46 | path | -| lib.js:1:43:1:46 | path | -| lib.js:2:7:2:27 | currentPath | -| lib.js:2:7:2:27 | currentPath | -| lib.js:2:21:2:24 | path | -| lib.js:2:21:2:24 | path | -| lib.js:2:21:2:27 | path[0] | -| lib.js:2:21:2:27 | path[0] | -| lib.js:6:7:6:9 | obj | -| lib.js:6:7:6:9 | obj | -| lib.js:11:17:11:32 | obj[currentPath] | -| lib.js:11:17:11:32 | obj[currentPath] | -| lib.js:11:21:11:31 | currentPath | -| lib.js:11:21:11:31 | currentPath | -| lib.js:11:35:11:38 | path | -| lib.js:11:35:11:38 | path | -| lib.js:11:35:11:47 | path.slice(1) | -| lib.js:11:35:11:47 | path.slice(1) | -| lib.js:14:38:14:41 | path | -| lib.js:14:38:14:41 | path | -| lib.js:15:3:15:14 | obj[path[0]] | -| lib.js:15:3:15:14 | obj[path[0]] | -| lib.js:15:7:15:10 | path | -| lib.js:15:7:15:13 | path[0] | -| lib.js:20:7:20:25 | path | -| lib.js:20:14:20:22 | arguments | -| lib.js:20:14:20:22 | arguments | -| lib.js:20:14:20:25 | arguments[1] | -| lib.js:22:3:22:14 | obj[path[0]] | -| lib.js:22:3:22:14 | obj[path[0]] | -| lib.js:22:7:22:10 | path | -| lib.js:22:7:22:13 | path[0] | -| lib.js:25:44:25:47 | path | -| lib.js:25:44:25:47 | path | -| lib.js:26:10:26:21 | obj[path[0]] | -| lib.js:26:10:26:21 | obj[path[0]] | -| lib.js:26:14:26:17 | path | -| lib.js:26:14:26:20 | path[0] | -| lib.js:30:9:30:52 | args | -| lib.js:30:16:30:52 | Array.p ... uments) | -| lib.js:30:43:30:51 | arguments | -| lib.js:30:43:30:51 | arguments | -| lib.js:32:7:32:20 | path | -| lib.js:32:14:32:17 | args | -| lib.js:32:14:32:20 | args[1] | -| lib.js:34:3:34:14 | obj[path[0]] | -| lib.js:34:3:34:14 | obj[path[0]] | -| lib.js:34:7:34:10 | path | -| lib.js:34:7:34:13 | path[0] | -| lib.js:38:9:38:36 | args | -| lib.js:38:16:38:36 | Array.f ... uments) | -| lib.js:38:27:38:35 | arguments | -| lib.js:38:27:38:35 | arguments | -| lib.js:40:7:40:20 | path | -| lib.js:40:14:40:17 | args | -| lib.js:40:14:40:20 | args[1] | -| lib.js:42:3:42:14 | obj[path[0]] | -| lib.js:42:3:42:14 | obj[path[0]] | -| lib.js:42:7:42:10 | path | -| lib.js:42:7:42:13 | path[0] | -| lib.js:45:13:45:13 | s | -| lib.js:45:13:45:13 | s | -| lib.js:46:10:46:10 | s | -| lib.js:52:9:52:22 | path | -| lib.js:52:16:52:22 | id("x") | -| lib.js:55:11:55:22 | obj[path[0]] | -| lib.js:55:11:55:22 | obj[path[0]] | -| lib.js:55:15:55:18 | path | -| lib.js:55:15:55:21 | path[0] | -| lib.js:59:18:59:18 | s | -| lib.js:59:18:59:18 | s | -| lib.js:61:17:61:17 | s | -| lib.js:68:11:68:26 | path | -| lib.js:68:18:68:26 | this.path | -| lib.js:70:13:70:24 | obj[path[0]] | -| lib.js:70:13:70:24 | obj[path[0]] | -| lib.js:70:17:70:20 | path | -| lib.js:70:17:70:23 | path[0] | -| lib.js:83:7:83:25 | path | -| lib.js:83:14:83:22 | arguments | -| lib.js:83:14:83:22 | arguments | -| lib.js:83:14:83:25 | arguments[1] | -| lib.js:86:7:86:26 | proto | -| lib.js:86:15:86:26 | obj[path[0]] | -| lib.js:86:19:86:22 | path | -| lib.js:86:19:86:25 | path[0] | -| lib.js:87:10:87:14 | proto | -| lib.js:87:10:87:14 | proto | -| lib.js:90:43:90:46 | path | -| lib.js:90:43:90:46 | path | -| lib.js:91:7:91:28 | maybeProto | -| lib.js:91:20:91:28 | obj[path] | -| lib.js:91:24:91:27 | path | -| lib.js:92:3:92:12 | maybeProto | -| lib.js:92:3:92:12 | maybeProto | -| lib.js:95:3:95:12 | maybeProto | -| lib.js:95:3:95:12 | maybeProto | -| lib.js:104:7:104:24 | one | -| lib.js:104:13:104:21 | arguments | -| lib.js:104:13:104:21 | arguments | -| lib.js:104:13:104:24 | arguments[1] | -| lib.js:108:3:108:10 | obj[one] | -| lib.js:108:3:108:10 | obj[one] | -| lib.js:108:7:108:9 | one | -| lib.js:118:29:118:32 | path | -| lib.js:118:29:118:32 | path | -| lib.js:119:13:119:24 | obj[path[0]] | -| lib.js:119:13:119:24 | obj[path[0]] | -| lib.js:119:17:119:20 | path | -| lib.js:119:17:119:23 | path[0] | -| lib.js:127:14:127:17 | path | -| lib.js:127:14:127:17 | path | -| lib.js:128:9:128:20 | obj[path[0]] | -| lib.js:128:9:128:20 | obj[path[0]] | -| lib.js:128:13:128:16 | path | -| lib.js:128:13:128:19 | path[0] | -| otherlib/src/otherlibimpl.js:1:37:1:40 | path | -| otherlib/src/otherlibimpl.js:1:37:1:40 | path | -| otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | -| otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | -| otherlib/src/otherlibimpl.js:2:7:2:10 | path | -| otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | -| sublib/other.js:5:28:5:31 | path | -| sublib/other.js:5:28:5:31 | path | -| sublib/other.js:6:7:6:18 | obj[path[0]] | -| sublib/other.js:6:7:6:18 | obj[path[0]] | -| sublib/other.js:6:11:6:14 | path | -| sublib/other.js:6:11:6:17 | path[0] | -| sublib/sub.js:1:37:1:40 | path | -| sublib/sub.js:1:37:1:40 | path | -| sublib/sub.js:2:3:2:14 | obj[path[0]] | -| sublib/sub.js:2:3:2:14 | obj[path[0]] | -| sublib/sub.js:2:7:2:10 | path | -| sublib/sub.js:2:7:2:13 | path[0] | -| tst.js:5:9:5:38 | taint | -| tst.js:5:17:5:38 | String( ... y.data) | -| tst.js:5:24:5:37 | req.query.data | -| tst.js:5:24:5:37 | req.query.data | -| tst.js:8:5:8:17 | object[taint] | -| tst.js:8:5:8:17 | object[taint] | -| tst.js:8:12:8:16 | taint | -| tst.js:9:5:9:17 | object[taint] | -| tst.js:9:5:9:17 | object[taint] | -| tst.js:9:12:9:16 | taint | -| tst.js:12:18:12:30 | object[taint] | -| tst.js:12:25:12:29 | taint | -| tst.js:14:5:14:32 | unsafeG ... taint) | -| tst.js:14:5:14:32 | unsafeG ... taint) | -| tst.js:14:27:14:31 | taint | -| tst.js:33:23:33:25 | obj | -| tst.js:34:5:34:7 | obj | -| tst.js:34:5:34:7 | obj | -| tst.js:39:9:39:11 | obj | -| tst.js:39:9:39:11 | obj | -| tst.js:45:9:45:11 | obj | -| tst.js:45:9:45:11 | obj | -| tst.js:48:9:48:11 | obj | -| tst.js:48:9:48:11 | obj | -| tst.js:77:9:77:38 | taint | -| tst.js:77:17:77:38 | String( ... y.data) | -| tst.js:77:24:77:37 | req.query.data | -| tst.js:77:24:77:37 | req.query.data | -| tst.js:80:5:80:17 | object[taint] | -| tst.js:80:5:80:17 | object[taint] | -| tst.js:80:12:80:16 | taint | -| tst.js:82:5:82:22 | object["" + taint] | -| tst.js:82:5:82:22 | object["" + taint] | -| tst.js:82:12:82:21 | "" + taint | -| tst.js:82:17:82:21 | taint | -| tst.js:87:9:87:21 | object[taint] | -| tst.js:87:9:87:21 | object[taint] | -| tst.js:87:16:87:20 | taint | -| tst.js:94:5:94:37 | obj[req ... ', '')] | -| tst.js:94:5:94:37 | obj[req ... ', '')] | -| tst.js:94:9:94:19 | req.query.x | -| tst.js:94:9:94:19 | req.query.x | -| tst.js:94:9:94:36 | req.que ... _', '') | -| tst.js:97:5:97:46 | obj[req ... g, '')] | -| tst.js:97:5:97:46 | obj[req ... g, '')] | -| tst.js:97:9:97:19 | req.query.x | -| tst.js:97:9:97:19 | req.query.x | -| tst.js:97:9:97:45 | req.que ... /g, '') | -| tst.js:102:9:102:38 | taint | -| tst.js:102:17:102:38 | String( ... y.data) | -| tst.js:102:24:102:37 | req.query.data | -| tst.js:102:24:102:37 | req.query.data | -| tst.js:105:5:105:17 | object[taint] | -| tst.js:105:5:105:17 | object[taint] | -| tst.js:105:12:105:16 | taint | edges | lib.js:1:38:1:40 | obj | lib.js:6:7:6:9 | obj | -| lib.js:1:38:1:40 | obj | lib.js:6:7:6:9 | obj | -| lib.js:1:43:1:46 | path | lib.js:2:21:2:24 | path | -| lib.js:1:43:1:46 | path | lib.js:2:21:2:24 | path | | lib.js:1:43:1:46 | path | lib.js:2:21:2:24 | path | -| lib.js:1:43:1:46 | path | lib.js:11:35:11:38 | path | -| lib.js:1:43:1:46 | path | lib.js:11:35:11:38 | path | -| lib.js:1:43:1:46 | path | lib.js:11:35:11:38 | path | | lib.js:2:7:2:27 | currentPath | lib.js:11:21:11:31 | currentPath | -| lib.js:2:7:2:27 | currentPath | lib.js:11:21:11:31 | currentPath | -| lib.js:2:21:2:24 | path | lib.js:2:21:2:27 | path[0] | | lib.js:2:21:2:24 | path | lib.js:2:21:2:27 | path[0] | | lib.js:2:21:2:27 | path[0] | lib.js:2:7:2:27 | currentPath | -| lib.js:2:21:2:27 | path[0] | lib.js:2:7:2:27 | currentPath | | lib.js:11:17:11:32 | obj[currentPath] | lib.js:1:38:1:40 | obj | -| lib.js:11:17:11:32 | obj[currentPath] | lib.js:1:38:1:40 | obj | -| lib.js:11:21:11:31 | currentPath | lib.js:11:17:11:32 | obj[currentPath] | | lib.js:11:21:11:31 | currentPath | lib.js:11:17:11:32 | obj[currentPath] | -| lib.js:11:35:11:38 | path | lib.js:11:35:11:47 | path.slice(1) | -| lib.js:11:35:11:38 | path | lib.js:11:35:11:47 | path.slice(1) | -| lib.js:11:35:11:47 | path.slice(1) | lib.js:1:43:1:46 | path | -| lib.js:11:35:11:47 | path.slice(1) | lib.js:1:43:1:46 | path | -| lib.js:14:38:14:41 | path | lib.js:15:7:15:10 | path | | lib.js:14:38:14:41 | path | lib.js:15:7:15:10 | path | | lib.js:15:7:15:10 | path | lib.js:15:7:15:13 | path[0] | | lib.js:15:7:15:13 | path[0] | lib.js:15:3:15:14 | obj[path[0]] | -| lib.js:15:7:15:13 | path[0] | lib.js:15:3:15:14 | obj[path[0]] | | lib.js:20:7:20:25 | path | lib.js:22:7:22:10 | path | | lib.js:20:14:20:22 | arguments | lib.js:20:14:20:25 | arguments[1] | -| lib.js:20:14:20:22 | arguments | lib.js:20:14:20:25 | arguments[1] | | lib.js:20:14:20:25 | arguments[1] | lib.js:20:7:20:25 | path | | lib.js:22:7:22:10 | path | lib.js:22:7:22:13 | path[0] | | lib.js:22:7:22:13 | path[0] | lib.js:22:3:22:14 | obj[path[0]] | -| lib.js:22:7:22:13 | path[0] | lib.js:22:3:22:14 | obj[path[0]] | -| lib.js:25:44:25:47 | path | lib.js:26:14:26:17 | path | | lib.js:25:44:25:47 | path | lib.js:26:14:26:17 | path | | lib.js:26:14:26:17 | path | lib.js:26:14:26:20 | path[0] | | lib.js:26:14:26:20 | path[0] | lib.js:26:10:26:21 | obj[path[0]] | -| lib.js:26:14:26:20 | path[0] | lib.js:26:10:26:21 | obj[path[0]] | | lib.js:30:9:30:52 | args | lib.js:32:14:32:17 | args | | lib.js:30:16:30:52 | Array.p ... uments) | lib.js:30:9:30:52 | args | -| lib.js:30:43:30:51 | arguments | lib.js:30:16:30:52 | Array.p ... uments) | -| lib.js:30:43:30:51 | arguments | lib.js:30:16:30:52 | Array.p ... uments) | +| lib.js:30:16:30:52 | reflective call | lib.js:30:16:30:52 | Array.p ... uments) | +| lib.js:30:43:30:51 | arguments | lib.js:30:16:30:52 | reflective call | | lib.js:32:7:32:20 | path | lib.js:34:7:34:10 | path | | lib.js:32:14:32:17 | args | lib.js:32:14:32:20 | args[1] | | lib.js:32:14:32:20 | args[1] | lib.js:32:7:32:20 | path | | lib.js:34:7:34:10 | path | lib.js:34:7:34:13 | path[0] | | lib.js:34:7:34:13 | path[0] | lib.js:34:3:34:14 | obj[path[0]] | -| lib.js:34:7:34:13 | path[0] | lib.js:34:3:34:14 | obj[path[0]] | | lib.js:38:9:38:36 | args | lib.js:40:14:40:17 | args | | lib.js:38:16:38:36 | Array.f ... uments) | lib.js:38:9:38:36 | args | | lib.js:38:27:38:35 | arguments | lib.js:38:16:38:36 | Array.f ... uments) | -| lib.js:38:27:38:35 | arguments | lib.js:38:16:38:36 | Array.f ... uments) | | lib.js:40:7:40:20 | path | lib.js:42:7:42:10 | path | | lib.js:40:14:40:17 | args | lib.js:40:14:40:20 | args[1] | | lib.js:40:14:40:20 | args[1] | lib.js:40:7:40:20 | path | | lib.js:42:7:42:10 | path | lib.js:42:7:42:13 | path[0] | | lib.js:42:7:42:13 | path[0] | lib.js:42:3:42:14 | obj[path[0]] | -| lib.js:42:7:42:13 | path[0] | lib.js:42:3:42:14 | obj[path[0]] | -| lib.js:45:13:45:13 | s | lib.js:46:10:46:10 | s | -| lib.js:45:13:45:13 | s | lib.js:46:10:46:10 | s | -| lib.js:46:10:46:10 | s | lib.js:52:16:52:22 | id("x") | -| lib.js:52:9:52:22 | path | lib.js:55:15:55:18 | path | -| lib.js:52:16:52:22 | id("x") | lib.js:52:9:52:22 | path | -| lib.js:55:15:55:18 | path | lib.js:55:15:55:21 | path[0] | -| lib.js:55:15:55:21 | path[0] | lib.js:55:11:55:22 | obj[path[0]] | -| lib.js:55:15:55:21 | path[0] | lib.js:55:11:55:22 | obj[path[0]] | -| lib.js:59:18:59:18 | s | lib.js:61:17:61:17 | s | -| lib.js:59:18:59:18 | s | lib.js:61:17:61:17 | s | -| lib.js:61:17:61:17 | s | lib.js:68:11:68:26 | path | -| lib.js:61:17:61:17 | s | lib.js:68:18:68:26 | this.path | -| lib.js:61:17:61:17 | s | lib.js:70:17:70:20 | path | -| lib.js:68:11:68:26 | path | lib.js:70:17:70:20 | path | -| lib.js:68:18:68:26 | this.path | lib.js:68:11:68:26 | path | -| lib.js:70:17:70:20 | path | lib.js:70:17:70:23 | path[0] | -| lib.js:70:17:70:23 | path[0] | lib.js:70:13:70:24 | obj[path[0]] | -| lib.js:70:17:70:23 | path[0] | lib.js:70:13:70:24 | obj[path[0]] | | lib.js:83:7:83:25 | path | lib.js:86:19:86:22 | path | | lib.js:83:14:83:22 | arguments | lib.js:83:14:83:25 | arguments[1] | -| lib.js:83:14:83:22 | arguments | lib.js:83:14:83:25 | arguments[1] | | lib.js:83:14:83:25 | arguments[1] | lib.js:83:7:83:25 | path | | lib.js:86:7:86:26 | proto | lib.js:87:10:87:14 | proto | -| lib.js:86:7:86:26 | proto | lib.js:87:10:87:14 | proto | | lib.js:86:15:86:26 | obj[path[0]] | lib.js:86:7:86:26 | proto | | lib.js:86:19:86:22 | path | lib.js:86:19:86:25 | path[0] | | lib.js:86:19:86:25 | path[0] | lib.js:86:15:86:26 | obj[path[0]] | | lib.js:90:43:90:46 | path | lib.js:91:24:91:27 | path | -| lib.js:90:43:90:46 | path | lib.js:91:24:91:27 | path | | lib.js:91:7:91:28 | maybeProto | lib.js:92:3:92:12 | maybeProto | -| lib.js:91:7:91:28 | maybeProto | lib.js:92:3:92:12 | maybeProto | -| lib.js:91:7:91:28 | maybeProto | lib.js:95:3:95:12 | maybeProto | | lib.js:91:7:91:28 | maybeProto | lib.js:95:3:95:12 | maybeProto | | lib.js:91:20:91:28 | obj[path] | lib.js:91:7:91:28 | maybeProto | | lib.js:91:24:91:27 | path | lib.js:91:20:91:28 | obj[path] | | lib.js:104:7:104:24 | one | lib.js:108:7:108:9 | one | | lib.js:104:13:104:21 | arguments | lib.js:104:13:104:24 | arguments[1] | -| lib.js:104:13:104:21 | arguments | lib.js:104:13:104:24 | arguments[1] | | lib.js:104:13:104:24 | arguments[1] | lib.js:104:7:104:24 | one | | lib.js:108:7:108:9 | one | lib.js:108:3:108:10 | obj[one] | -| lib.js:108:7:108:9 | one | lib.js:108:3:108:10 | obj[one] | -| lib.js:118:29:118:32 | path | lib.js:119:17:119:20 | path | | lib.js:118:29:118:32 | path | lib.js:119:17:119:20 | path | | lib.js:119:17:119:20 | path | lib.js:119:17:119:23 | path[0] | | lib.js:119:17:119:23 | path[0] | lib.js:119:13:119:24 | obj[path[0]] | -| lib.js:119:17:119:23 | path[0] | lib.js:119:13:119:24 | obj[path[0]] | -| lib.js:127:14:127:17 | path | lib.js:128:13:128:16 | path | | lib.js:127:14:127:17 | path | lib.js:128:13:128:16 | path | | lib.js:128:13:128:16 | path | lib.js:128:13:128:19 | path[0] | | lib.js:128:13:128:19 | path[0] | lib.js:128:9:128:20 | obj[path[0]] | -| lib.js:128:13:128:19 | path[0] | lib.js:128:9:128:20 | obj[path[0]] | -| otherlib/src/otherlibimpl.js:1:37:1:40 | path | otherlib/src/otherlibimpl.js:2:7:2:10 | path | | otherlib/src/otherlibimpl.js:1:37:1:40 | path | otherlib/src/otherlibimpl.js:2:7:2:10 | path | | otherlib/src/otherlibimpl.js:2:7:2:10 | path | otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | | otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | -| otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | -| sublib/other.js:5:28:5:31 | path | sublib/other.js:6:11:6:14 | path | | sublib/other.js:5:28:5:31 | path | sublib/other.js:6:11:6:14 | path | | sublib/other.js:6:11:6:14 | path | sublib/other.js:6:11:6:17 | path[0] | | sublib/other.js:6:11:6:17 | path[0] | sublib/other.js:6:7:6:18 | obj[path[0]] | -| sublib/other.js:6:11:6:17 | path[0] | sublib/other.js:6:7:6:18 | obj[path[0]] | -| sublib/sub.js:1:37:1:40 | path | sublib/sub.js:2:7:2:10 | path | | sublib/sub.js:1:37:1:40 | path | sublib/sub.js:2:7:2:10 | path | | sublib/sub.js:2:7:2:10 | path | sublib/sub.js:2:7:2:13 | path[0] | | sublib/sub.js:2:7:2:13 | path[0] | sublib/sub.js:2:3:2:14 | obj[path[0]] | -| sublib/sub.js:2:7:2:13 | path[0] | sublib/sub.js:2:3:2:14 | obj[path[0]] | | tst.js:5:9:5:38 | taint | tst.js:8:12:8:16 | taint | | tst.js:5:9:5:38 | taint | tst.js:9:12:9:16 | taint | | tst.js:5:9:5:38 | taint | tst.js:12:25:12:29 | taint | | tst.js:5:9:5:38 | taint | tst.js:14:27:14:31 | taint | | tst.js:5:17:5:38 | String( ... y.data) | tst.js:5:9:5:38 | taint | | tst.js:5:24:5:37 | req.query.data | tst.js:5:17:5:38 | String( ... y.data) | -| tst.js:5:24:5:37 | req.query.data | tst.js:5:17:5:38 | String( ... y.data) | | tst.js:8:12:8:16 | taint | tst.js:8:5:8:17 | object[taint] | -| tst.js:8:12:8:16 | taint | tst.js:8:5:8:17 | object[taint] | -| tst.js:9:12:9:16 | taint | tst.js:9:5:9:17 | object[taint] | | tst.js:9:12:9:16 | taint | tst.js:9:5:9:17 | object[taint] | | tst.js:12:18:12:30 | object[taint] | tst.js:33:23:33:25 | obj | | tst.js:12:25:12:29 | taint | tst.js:12:18:12:30 | object[taint] | | tst.js:14:27:14:31 | taint | tst.js:14:5:14:32 | unsafeG ... taint) | -| tst.js:14:27:14:31 | taint | tst.js:14:5:14:32 | unsafeG ... taint) | -| tst.js:33:23:33:25 | obj | tst.js:34:5:34:7 | obj | +| tst.js:14:27:14:31 | taint | tst.js:55:29:55:32 | prop | | tst.js:33:23:33:25 | obj | tst.js:34:5:34:7 | obj | | tst.js:33:23:33:25 | obj | tst.js:39:9:39:11 | obj | -| tst.js:33:23:33:25 | obj | tst.js:39:9:39:11 | obj | | tst.js:33:23:33:25 | obj | tst.js:45:9:45:11 | obj | -| tst.js:33:23:33:25 | obj | tst.js:45:9:45:11 | obj | -| tst.js:33:23:33:25 | obj | tst.js:48:9:48:11 | obj | | tst.js:33:23:33:25 | obj | tst.js:48:9:48:11 | obj | +| tst.js:55:29:55:32 | prop | tst.js:56:22:56:25 | prop | +| tst.js:56:18:56:26 | obj[prop] | tst.js:56:12:56:33 | obj ? o ... : null | +| tst.js:56:22:56:25 | prop | tst.js:56:18:56:26 | obj[prop] | | tst.js:77:9:77:38 | taint | tst.js:80:12:80:16 | taint | | tst.js:77:9:77:38 | taint | tst.js:82:17:82:21 | taint | | tst.js:77:9:77:38 | taint | tst.js:87:16:87:20 | taint | | tst.js:77:17:77:38 | String( ... y.data) | tst.js:77:9:77:38 | taint | | tst.js:77:24:77:37 | req.query.data | tst.js:77:17:77:38 | String( ... y.data) | -| tst.js:77:24:77:37 | req.query.data | tst.js:77:17:77:38 | String( ... y.data) | -| tst.js:80:12:80:16 | taint | tst.js:80:5:80:17 | object[taint] | | tst.js:80:12:80:16 | taint | tst.js:80:5:80:17 | object[taint] | | tst.js:82:12:82:21 | "" + taint | tst.js:82:5:82:22 | object["" + taint] | -| tst.js:82:12:82:21 | "" + taint | tst.js:82:5:82:22 | object["" + taint] | | tst.js:82:17:82:21 | taint | tst.js:82:12:82:21 | "" + taint | | tst.js:87:16:87:20 | taint | tst.js:87:9:87:21 | object[taint] | -| tst.js:87:16:87:20 | taint | tst.js:87:9:87:21 | object[taint] | -| tst.js:94:9:94:19 | req.query.x | tst.js:94:9:94:36 | req.que ... _', '') | | tst.js:94:9:94:19 | req.query.x | tst.js:94:9:94:36 | req.que ... _', '') | | tst.js:94:9:94:36 | req.que ... _', '') | tst.js:94:5:94:37 | obj[req ... ', '')] | -| tst.js:94:9:94:36 | req.que ... _', '') | tst.js:94:5:94:37 | obj[req ... ', '')] | -| tst.js:97:9:97:19 | req.query.x | tst.js:97:9:97:45 | req.que ... /g, '') | | tst.js:97:9:97:19 | req.query.x | tst.js:97:9:97:45 | req.que ... /g, '') | | tst.js:97:9:97:45 | req.que ... /g, '') | tst.js:97:5:97:46 | obj[req ... g, '')] | -| tst.js:97:9:97:45 | req.que ... /g, '') | tst.js:97:5:97:46 | obj[req ... g, '')] | | tst.js:102:9:102:38 | taint | tst.js:105:12:105:16 | taint | | tst.js:102:17:102:38 | String( ... y.data) | tst.js:102:9:102:38 | taint | | tst.js:102:24:102:37 | req.query.data | tst.js:102:17:102:38 | String( ... y.data) | -| tst.js:102:24:102:37 | req.query.data | tst.js:102:17:102:38 | String( ... y.data) | -| tst.js:105:12:105:16 | taint | tst.js:105:5:105:17 | object[taint] | | tst.js:105:12:105:16 | taint | tst.js:105:5:105:17 | object[taint] | +nodes +| lib.js:1:38:1:40 | obj | semmle.label | obj | +| lib.js:1:43:1:46 | path | semmle.label | path | +| lib.js:2:7:2:27 | currentPath | semmle.label | currentPath | +| lib.js:2:21:2:24 | path | semmle.label | path | +| lib.js:2:21:2:27 | path[0] | semmle.label | path[0] | +| lib.js:6:7:6:9 | obj | semmle.label | obj | +| lib.js:11:17:11:32 | obj[currentPath] | semmle.label | obj[currentPath] | +| lib.js:11:21:11:31 | currentPath | semmle.label | currentPath | +| lib.js:14:38:14:41 | path | semmle.label | path | +| lib.js:15:3:15:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:15:7:15:10 | path | semmle.label | path | +| lib.js:15:7:15:13 | path[0] | semmle.label | path[0] | +| lib.js:20:7:20:25 | path | semmle.label | path | +| lib.js:20:14:20:22 | arguments | semmle.label | arguments | +| lib.js:20:14:20:25 | arguments[1] | semmle.label | arguments[1] | +| lib.js:22:3:22:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:22:7:22:10 | path | semmle.label | path | +| lib.js:22:7:22:13 | path[0] | semmle.label | path[0] | +| lib.js:25:44:25:47 | path | semmle.label | path | +| lib.js:26:10:26:21 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:26:14:26:17 | path | semmle.label | path | +| lib.js:26:14:26:20 | path[0] | semmle.label | path[0] | +| lib.js:30:9:30:52 | args | semmle.label | args | +| lib.js:30:16:30:52 | Array.p ... uments) | semmle.label | Array.p ... uments) | +| lib.js:30:16:30:52 | reflective call | semmle.label | reflective call | +| lib.js:30:43:30:51 | arguments | semmle.label | arguments | +| lib.js:32:7:32:20 | path | semmle.label | path | +| lib.js:32:14:32:17 | args | semmle.label | args | +| lib.js:32:14:32:20 | args[1] | semmle.label | args[1] | +| lib.js:34:3:34:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:34:7:34:10 | path | semmle.label | path | +| lib.js:34:7:34:13 | path[0] | semmle.label | path[0] | +| lib.js:38:9:38:36 | args | semmle.label | args | +| lib.js:38:16:38:36 | Array.f ... uments) | semmle.label | Array.f ... uments) | +| lib.js:38:27:38:35 | arguments | semmle.label | arguments | +| lib.js:40:7:40:20 | path | semmle.label | path | +| lib.js:40:14:40:17 | args | semmle.label | args | +| lib.js:40:14:40:20 | args[1] | semmle.label | args[1] | +| lib.js:42:3:42:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:42:7:42:10 | path | semmle.label | path | +| lib.js:42:7:42:13 | path[0] | semmle.label | path[0] | +| lib.js:83:7:83:25 | path | semmle.label | path | +| lib.js:83:14:83:22 | arguments | semmle.label | arguments | +| lib.js:83:14:83:25 | arguments[1] | semmle.label | arguments[1] | +| lib.js:86:7:86:26 | proto | semmle.label | proto | +| lib.js:86:15:86:26 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:86:19:86:22 | path | semmle.label | path | +| lib.js:86:19:86:25 | path[0] | semmle.label | path[0] | +| lib.js:87:10:87:14 | proto | semmle.label | proto | +| lib.js:90:43:90:46 | path | semmle.label | path | +| lib.js:91:7:91:28 | maybeProto | semmle.label | maybeProto | +| lib.js:91:20:91:28 | obj[path] | semmle.label | obj[path] | +| lib.js:91:24:91:27 | path | semmle.label | path | +| lib.js:92:3:92:12 | maybeProto | semmle.label | maybeProto | +| lib.js:95:3:95:12 | maybeProto | semmle.label | maybeProto | +| lib.js:104:7:104:24 | one | semmle.label | one | +| lib.js:104:13:104:21 | arguments | semmle.label | arguments | +| lib.js:104:13:104:24 | arguments[1] | semmle.label | arguments[1] | +| lib.js:108:3:108:10 | obj[one] | semmle.label | obj[one] | +| lib.js:108:7:108:9 | one | semmle.label | one | +| lib.js:118:29:118:32 | path | semmle.label | path | +| lib.js:119:13:119:24 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:119:17:119:20 | path | semmle.label | path | +| lib.js:119:17:119:23 | path[0] | semmle.label | path[0] | +| lib.js:127:14:127:17 | path | semmle.label | path | +| lib.js:128:9:128:20 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:128:13:128:16 | path | semmle.label | path | +| lib.js:128:13:128:19 | path[0] | semmle.label | path[0] | +| otherlib/src/otherlibimpl.js:1:37:1:40 | path | semmle.label | path | +| otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| otherlib/src/otherlibimpl.js:2:7:2:10 | path | semmle.label | path | +| otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | semmle.label | path[0] | +| sublib/other.js:5:28:5:31 | path | semmle.label | path | +| sublib/other.js:6:7:6:18 | obj[path[0]] | semmle.label | obj[path[0]] | +| sublib/other.js:6:11:6:14 | path | semmle.label | path | +| sublib/other.js:6:11:6:17 | path[0] | semmle.label | path[0] | +| sublib/sub.js:1:37:1:40 | path | semmle.label | path | +| sublib/sub.js:2:3:2:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| sublib/sub.js:2:7:2:10 | path | semmle.label | path | +| sublib/sub.js:2:7:2:13 | path[0] | semmle.label | path[0] | +| tst.js:5:9:5:38 | taint | semmle.label | taint | +| tst.js:5:17:5:38 | String( ... y.data) | semmle.label | String( ... y.data) | +| tst.js:5:24:5:37 | req.query.data | semmle.label | req.query.data | +| tst.js:8:5:8:17 | object[taint] | semmle.label | object[taint] | +| tst.js:8:12:8:16 | taint | semmle.label | taint | +| tst.js:9:5:9:17 | object[taint] | semmle.label | object[taint] | +| tst.js:9:12:9:16 | taint | semmle.label | taint | +| tst.js:12:18:12:30 | object[taint] | semmle.label | object[taint] | +| tst.js:12:25:12:29 | taint | semmle.label | taint | +| tst.js:14:5:14:32 | unsafeG ... taint) | semmle.label | unsafeG ... taint) | +| tst.js:14:27:14:31 | taint | semmle.label | taint | +| tst.js:33:23:33:25 | obj | semmle.label | obj | +| tst.js:34:5:34:7 | obj | semmle.label | obj | +| tst.js:39:9:39:11 | obj | semmle.label | obj | +| tst.js:45:9:45:11 | obj | semmle.label | obj | +| tst.js:48:9:48:11 | obj | semmle.label | obj | +| tst.js:55:29:55:32 | prop | semmle.label | prop | +| tst.js:56:12:56:33 | obj ? o ... : null | semmle.label | obj ? o ... : null | +| tst.js:56:18:56:26 | obj[prop] | semmle.label | obj[prop] | +| tst.js:56:22:56:25 | prop | semmle.label | prop | +| tst.js:77:9:77:38 | taint | semmle.label | taint | +| tst.js:77:17:77:38 | String( ... y.data) | semmle.label | String( ... y.data) | +| tst.js:77:24:77:37 | req.query.data | semmle.label | req.query.data | +| tst.js:80:5:80:17 | object[taint] | semmle.label | object[taint] | +| tst.js:80:12:80:16 | taint | semmle.label | taint | +| tst.js:82:5:82:22 | object["" + taint] | semmle.label | object["" + taint] | +| tst.js:82:12:82:21 | "" + taint | semmle.label | "" + taint | +| tst.js:82:17:82:21 | taint | semmle.label | taint | +| tst.js:87:9:87:21 | object[taint] | semmle.label | object[taint] | +| tst.js:87:16:87:20 | taint | semmle.label | taint | +| tst.js:94:5:94:37 | obj[req ... ', '')] | semmle.label | obj[req ... ', '')] | +| tst.js:94:9:94:19 | req.query.x | semmle.label | req.query.x | +| tst.js:94:9:94:36 | req.que ... _', '') | semmle.label | req.que ... _', '') | +| tst.js:97:5:97:46 | obj[req ... g, '')] | semmle.label | obj[req ... g, '')] | +| tst.js:97:9:97:19 | req.query.x | semmle.label | req.query.x | +| tst.js:97:9:97:45 | req.que ... /g, '') | semmle.label | req.que ... /g, '') | +| tst.js:102:9:102:38 | taint | semmle.label | taint | +| tst.js:102:17:102:38 | String( ... y.data) | semmle.label | String( ... y.data) | +| tst.js:102:24:102:37 | req.query.data | semmle.label | req.query.data | +| tst.js:105:5:105:17 | object[taint] | semmle.label | object[taint] | +| tst.js:105:12:105:16 | taint | semmle.label | taint | +subpaths +| tst.js:14:27:14:31 | taint | tst.js:55:29:55:32 | prop | tst.js:56:12:56:33 | obj ? o ... : null | tst.js:14:5:14:32 | unsafeG ... taint) | #select | lib.js:6:7:6:9 | obj | lib.js:1:43:1:46 | path | lib.js:6:7:6:9 | obj | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:1:43:1:46 | path | library input | | lib.js:15:3:15:14 | obj[path[0]] | lib.js:14:38:14:41 | path | lib.js:15:3:15:14 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:14:38:14:41 | path | library input | @@ -373,7 +232,6 @@ edges | lib.js:26:10:26:21 | obj[path[0]] | lib.js:25:44:25:47 | path | lib.js:26:10:26:21 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:25:44:25:47 | path | library input | | lib.js:34:3:34:14 | obj[path[0]] | lib.js:30:43:30:51 | arguments | lib.js:34:3:34:14 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:30:43:30:51 | arguments | library input | | lib.js:42:3:42:14 | obj[path[0]] | lib.js:38:27:38:35 | arguments | lib.js:42:3:42:14 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:38:27:38:35 | arguments | library input | -| lib.js:70:13:70:24 | obj[path[0]] | lib.js:59:18:59:18 | s | lib.js:70:13:70:24 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:59:18:59:18 | s | library input | | lib.js:87:10:87:14 | proto | lib.js:83:14:83:22 | arguments | lib.js:87:10:87:14 | proto | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:83:14:83:22 | arguments | library input | | lib.js:108:3:108:10 | obj[one] | lib.js:104:13:104:21 | arguments | lib.js:108:3:108:10 | obj[one] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:104:13:104:21 | arguments | library input | | lib.js:119:13:119:24 | obj[path[0]] | lib.js:118:29:118:32 | path | lib.js:119:13:119:24 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:118:29:118:32 | path | library input | From adf7d5409dfffd39db78deee210c93bc8a32dc89 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:37:13 +0200 Subject: [PATCH 058/223] JS: Port PrototypePollutingFunction --- .../CWE-915/PrototypePollutingFunction.ql | 182 +- .../PrototypePollutingFunction.expected | 3690 ++++------------- .../PrototypePollutingFunction/tests.js | 21 +- 3 files changed, 874 insertions(+), 3019 deletions(-) diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql index fa2fd3da0216..161763d341ea 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql @@ -17,11 +17,10 @@ */ import javascript -import DataFlow -import PathGraph import semmle.javascript.DynamicPropertyAccess private import semmle.javascript.dataflow.InferredTypes +// WIN: gained TP in Lucifier/r.js:2757, though not sure why it wasn't flagged to start with. /** * A call of form `x.split(".")` where `x` is a parameter. * @@ -30,14 +29,14 @@ private import semmle.javascript.dataflow.InferredTypes class SplitCall extends StringSplitCall { SplitCall() { this.getSeparator() = "." and - this.getBaseString().getALocalSource() instanceof ParameterNode + this.getBaseString().getALocalSource() instanceof DataFlow::ParameterNode } } /** * Holds if `pred -> succ` should preserve polluted property names. */ -predicate copyArrayStep(SourceNode pred, SourceNode succ) { +predicate copyArrayStep(DataFlow::SourceNode pred, DataFlow::SourceNode succ) { // x -> [...x] exists(SpreadElement spread | pred.flowsTo(spread.getOperand().flow()) and @@ -45,7 +44,7 @@ predicate copyArrayStep(SourceNode pred, SourceNode succ) { ) or // `x -> y` in `y.push( x[i] )` - exists(MethodCallNode push | + exists(DataFlow::MethodCallNode push | push = succ.getAMethodCall("push") and ( getAnEnumeratedArrayElement(pred).flowsTo(push.getAnArgument()) @@ -55,7 +54,7 @@ predicate copyArrayStep(SourceNode pred, SourceNode succ) { ) or // x -> x.concat(...) - exists(MethodCallNode concat_ | + exists(DataFlow::MethodCallNode concat_ | concat_.getMethodName() = "concat" and (pred = concat_.getReceiver() or pred = concat_.getAnArgument()) and succ = concat_ @@ -66,21 +65,21 @@ predicate copyArrayStep(SourceNode pred, SourceNode succ) { * Holds if `node` may refer to a `SplitCall` or a copy thereof, possibly * returned through a function call. */ -predicate isSplitArray(SourceNode node) { +predicate isSplitArray(DataFlow::SourceNode node) { node instanceof SplitCall or - exists(SourceNode pred | isSplitArray(pred) | + exists(DataFlow::SourceNode pred | isSplitArray(pred) | copyArrayStep(pred, node) or - pred.flowsToExpr(node.(CallNode).getACallee().getAReturnedExpr()) + pred.flowsToExpr(node.(DataFlow::CallNode).getACallee().getAReturnedExpr()) ) } /** * A property name originating from a `x.split(".")` call. */ -class SplitPropName extends SourceNode { - SourceNode array; +class SplitPropName extends DataFlow::SourceNode { + DataFlow::SourceNode array; SplitPropName() { isSplitArray(array) and @@ -90,7 +89,7 @@ class SplitPropName extends SourceNode { /** * Gets the array from which this property name was obtained (the result from `split`). */ - SourceNode getArray() { result = array } + DataFlow::SourceNode getArray() { result = array } /** Gets an element accessed on the same underlying array. */ SplitPropName getAnAlias() { result.getArray() = this.getArray() } @@ -117,18 +116,18 @@ predicate isPollutedPropNameSource(DataFlow::Node node) { * Holds if `node` may flow from a source of polluted propery names, possibly * into function calls (but not returns). */ -predicate isPollutedPropName(Node node) { +predicate isPollutedPropName(DataFlow::Node node) { isPollutedPropNameSource(node) or - exists(Node pred | isPollutedPropName(pred) | + exists(DataFlow::Node pred | isPollutedPropName(pred) | node = pred.getASuccessor() or - argumentPassingStep(_, pred, _, node) + DataFlow::argumentPassingStep(_, pred, _, node) or // Handle one level of callbacks - exists(FunctionNode function, ParameterNode callback, int i | + exists(DataFlow::FunctionNode function, DataFlow::ParameterNode callback, int i | pred = callback.getAnInvocation().getArgument(i) and - argumentPassingStep(_, function, _, callback) and + DataFlow::argumentPassingStep(_, function, _, callback) and node = function.getParameter(i) ) ) @@ -138,8 +137,8 @@ predicate isPollutedPropName(Node node) { * Holds if `node` may refer to `Object.prototype` obtained through dynamic property * read of a property obtained through property enumeration. */ -predicate isPotentiallyObjectPrototype(SourceNode node) { - exists(Node base, Node key | +predicate isPotentiallyObjectPrototype(DataFlow::SourceNode node) { + exists(DataFlow::Node base, DataFlow::Node key | dynamicPropReadStep(base, key, node) and isPollutedPropName(key) and // Ignore cases where the properties of `base` are enumerated, to avoid FPs @@ -149,8 +148,8 @@ predicate isPotentiallyObjectPrototype(SourceNode node) { not arePropertiesEnumerated(base.getALocalSource()) ) or - exists(Node use | isPotentiallyObjectPrototype(use.getALocalSource()) | - argumentPassingStep(_, use, _, node) + exists(DataFlow::Node use | isPotentiallyObjectPrototype(use.getALocalSource()) | + DataFlow::argumentPassingStep(_, use, _, node) ) } @@ -197,7 +196,7 @@ string unsafePropName() { * A flow label representing an unsafe property name, or an object obtained * by using such a property in a dynamic read. */ -class UnsafePropLabel extends FlowLabel { +class UnsafePropLabel extends DataFlow::FlowLabel { UnsafePropLabel() { this = unsafePropName() } } @@ -233,10 +232,10 @@ class UnsafePropLabel extends FlowLabel { * for coinciding paths afterwards. This means this configuration can't be used as * a standalone configuration like in most path queries. */ -class PropNameTracking extends DataFlow::Configuration { - PropNameTracking() { this = "PropNameTracking" } +module PropNameTrackingConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node node, FlowLabel label) { + predicate isSource(DataFlow::Node node, DataFlow::FlowLabel label) { label instanceof UnsafePropLabel and ( isPollutedPropNameSource(node) @@ -245,7 +244,7 @@ class PropNameTracking extends DataFlow::Configuration { ) } - override predicate isSink(DataFlow::Node node, FlowLabel label) { + predicate isSink(DataFlow::Node node, DataFlow::FlowLabel label) { label instanceof UnsafePropLabel and ( dynamicPropWrite(node, _, _) or @@ -254,14 +253,19 @@ class PropNameTracking extends DataFlow::Configuration { ) } - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, FlowLabel predlbl, FlowLabel succlbl + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::FlowLabel predlbl, DataFlow::Node succ, + DataFlow::FlowLabel succlbl ) { predlbl instanceof UnsafePropLabel and succlbl = predlbl and ( // Step through `p -> x[p]` - exists(PropRead read | + exists(DataFlow::PropRead read | pred = read.getPropertyNameExpr().flow() and not read.(DynamicPropRead).hasDominatingAssignment() and succ = read @@ -276,29 +280,33 @@ class PropNameTracking extends DataFlow::Configuration { ) } - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) - or - node instanceof DataFlow::VarAccessBarrier + predicate isBarrier(DataFlow::Node node) { + node instanceof DataFlow::VarAccessBarrier or + node = DataFlow::MakeBarrierGuard::getABarrierNode() } +} - override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { - node instanceof DenyListEqualityGuard or - node instanceof AllowListEqualityGuard or - node instanceof HasOwnPropertyGuard or - node instanceof InExprGuard or - node instanceof InstanceOfGuard or - node instanceof TypeofGuard or - node instanceof DenyListInclusionGuard or - node instanceof AllowListInclusionGuard or - node instanceof IsPlainObjectGuard - } +module PropNameTracking = DataFlow::GlobalWithState; + +/** + * A barrier guard for prototype pollution. + */ +abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } } /** * A sanitizer guard of form `x === "__proto__"` or `x === "constructor"`. */ -class DenyListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNode { +class DenyListEqualityGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; string propName; @@ -307,7 +315,7 @@ class DenyListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNode propName = unsafePropName() } - override predicate blocks(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getAnOperand() and outcome = astNode.getPolarity().booleanNot() and label = propName @@ -317,7 +325,7 @@ class DenyListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNode /** * An equality test with something other than `__proto__` or `constructor`. */ -class AllowListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNode { +class AllowListEqualityGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; AllowListEqualityGuard() { @@ -325,7 +333,7 @@ class AllowListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNod astNode.getAnOperand() instanceof Literal } - override predicate blocks(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getAnOperand() and outcome = astNode.getPolarity() and label instanceof UnsafePropLabel @@ -339,7 +347,7 @@ class AllowListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNod * but the destination object generally doesn't. It is therefore only a sanitizer when * used on the destination object. */ -class HasOwnPropertyGuard extends DataFlow::BarrierGuardNode instanceof HasOwnPropertyCall { +class HasOwnPropertyGuard extends BarrierGuard instanceof HasOwnPropertyCall { HasOwnPropertyGuard() { // Try to avoid `src.hasOwnProperty` by requiring that the receiver // does not locally have its properties enumerated. Typically there is no @@ -347,7 +355,7 @@ class HasOwnPropertyGuard extends DataFlow::BarrierGuardNode instanceof HasOwnPr not arePropertiesEnumerated(super.getObject().getALocalSource()) } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = super.getProperty().asExpr() and outcome = true } } @@ -358,7 +366,7 @@ class HasOwnPropertyGuard extends DataFlow::BarrierGuardNode instanceof HasOwnPr * Since `"__proto__" in obj` and `"constructor" in obj` is true for most objects, * this is seen as a sanitizer for `key` in the false outcome. */ -class InExprGuard extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { +class InExprGuard extends BarrierGuard, DataFlow::ValueNode { override InExpr astNode; InExprGuard() { @@ -366,7 +374,7 @@ class InExprGuard extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { not arePropertiesEnumerated(astNode.getRightOperand().flow().getALocalSource()) } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = astNode.getLeftOperand() and outcome = false } } @@ -379,10 +387,10 @@ class InExprGuard extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { * It is still possible to get to `Function.prototype` through `constructor.constructor.prototype` * so we do not block the `constructor` label. */ -class InstanceOfGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode { +class InstanceOfGuard extends BarrierGuard, DataFlow::ValueNode { override InstanceOfExpr astNode; - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getLeftOperand() and outcome = true and label = "__proto__" } } @@ -393,14 +401,14 @@ class InstanceOfGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::Value * The former blocks the `constructor` label as that payload must pass through a function, * and the latter blocks the `__proto__` label as that only passes through objects. */ -class TypeofGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode { +class TypeofGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; TypeofTag tag; TypeofGuard() { TaintTracking::isTypeofGuard(astNode, operand, tag) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = operand and outcome = astNode.getPolarity() and ( @@ -428,7 +436,7 @@ class TypeofGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode /** * A check of form `["__proto__"].includes(x)` or similar. */ -class DenyListInclusionGuard extends DataFlow::LabeledBarrierGuardNode, InclusionTest { +class DenyListInclusionGuard extends BarrierGuard, InclusionTest { UnsafePropLabel label; DenyListInclusionGuard() { @@ -438,7 +446,7 @@ class DenyListInclusionGuard extends DataFlow::LabeledBarrierGuardNode, Inclusio ) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { outcome = this.getPolarity().booleanNot() and e = this.getContainedNode().asExpr() and label = lbl @@ -448,7 +456,7 @@ class DenyListInclusionGuard extends DataFlow::LabeledBarrierGuardNode, Inclusio /** * A check of form `xs.includes(x)` or similar, which sanitizes `x` in the true case. */ -class AllowListInclusionGuard extends DataFlow::LabeledBarrierGuardNode { +class AllowListInclusionGuard extends BarrierGuard { AllowListInclusionGuard() { this instanceof TaintTracking::PositiveIndexOfSanitizer or @@ -456,7 +464,7 @@ class AllowListInclusionGuard extends DataFlow::LabeledBarrierGuardNode { not this = any(MembershipCandidate::ObjectPropertyNameMembershipCandidate c).getTest() // handled with more precision in `HasOwnPropertyGuard` } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { this.(TaintTracking::AdditionalSanitizerGuardNode).sanitizes(outcome, e) and lbl instanceof UnsafePropLabel } @@ -467,14 +475,14 @@ class AllowListInclusionGuard extends DataFlow::LabeledBarrierGuardNode { * payload in the true case, since it rejects objects with a non-standard `constructor` * property. */ -class IsPlainObjectGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::CallNode { +class IsPlainObjectGuard extends BarrierGuard, DataFlow::CallNode { IsPlainObjectGuard() { exists(string name | name = "is-plain-object" or name = "is-extendable" | - this = moduleImport(name).getACall() + this = DataFlow::moduleImport(name).getACall() ) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { e = this.getArgument(0).asExpr() and outcome = true and lbl = "constructor" @@ -507,26 +515,26 @@ string deriveExprName(DataFlow::Node node) { * In most cases this will result in an alert, the exception being the case where * `base` does not have a prototype at all. */ -predicate isPrototypePollutingAssignment(Node base, Node prop, Node rhs, Node propNameSource) { +predicate isPrototypePollutingAssignment( + DataFlow::Node base, DataFlow::Node prop, DataFlow::Node rhs, DataFlow::Node propNameSource +) { dynamicPropWrite(base, prop, rhs) and isPollutedPropNameSource(propNameSource) and - exists(PropNameTracking cfg | - cfg.hasFlow(propNameSource, base) and - if propNameSource instanceof EnumeratedPropName - then - cfg.hasFlow(propNameSource, prop) and - cfg.hasFlow([propNameSource, AccessPath::getAnAliasedSourceNode(propNameSource)] - .(EnumeratedPropName) - .getASourceProp(), rhs) - else ( - cfg.hasFlow(propNameSource.(SplitPropName).getAnAlias(), prop) and - rhs.getALocalSource() instanceof ParameterNode - ) + PropNameTracking::flow(propNameSource, base) and + if propNameSource instanceof EnumeratedPropName + then + PropNameTracking::flow(propNameSource, prop) and + PropNameTracking::flow([propNameSource, AccessPath::getAnAliasedSourceNode(propNameSource)] + .(EnumeratedPropName) + .getASourceProp(), rhs) + else ( + PropNameTracking::flow(propNameSource.(SplitPropName).getAnAlias(), prop) and + rhs.getALocalSource() instanceof DataFlow::ParameterNode ) } /** Gets a data flow node leading to the base of a prototype-polluting assignment. */ -private DataFlow::SourceNode getANodeLeadingToBase(DataFlow::TypeBackTracker t, Node base) { +private DataFlow::SourceNode getANodeLeadingToBase(DataFlow::TypeBackTracker t, DataFlow::Node base) { t.start() and isPrototypePollutingAssignment(base, _, _, _) and result = base.getALocalSource() @@ -542,7 +550,9 @@ private DataFlow::SourceNode getANodeLeadingToBase(DataFlow::TypeBackTracker t, * This dynamic read is where the reference to a built-in prototype object is obtained, * and we need this to ensure that this object actually has a prototype. */ -private DataFlow::SourceNode getANodeLeadingToBaseBase(DataFlow::TypeBackTracker t, Node base) { +private DataFlow::SourceNode getANodeLeadingToBaseBase( + DataFlow::TypeBackTracker t, DataFlow::Node base +) { exists(DynamicPropRead read | read = getANodeLeadingToBase(t, base) and result = read.getBase().getALocalSource() @@ -553,29 +563,31 @@ private DataFlow::SourceNode getANodeLeadingToBaseBase(DataFlow::TypeBackTracker ) } -DataFlow::SourceNode getANodeLeadingToBaseBase(Node base) { +DataFlow::SourceNode getANodeLeadingToBaseBase(DataFlow::Node base) { result = getANodeLeadingToBaseBase(DataFlow::TypeBackTracker::end(), base) } /** A call to `Object.create(null)`. */ -class ObjectCreateNullCall extends CallNode { +class ObjectCreateNullCall extends DataFlow::CallNode { ObjectCreateNullCall() { - this = globalVarRef("Object").getAMemberCall("create") and + this = DataFlow::globalVarRef("Object").getAMemberCall("create") and this.getArgument(0).asExpr() instanceof NullLiteral } } +import DataFlow::DeduplicatePathGraph + from - PropNameTracking cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Node propNameSource, - Node base, string msg, Node col1, Node col2 + PathNode source, PathNode sink, DataFlow::Node propNameSource, DataFlow::Node base, string msg, + DataFlow::Node col1, DataFlow::Node col2 where isPollutedPropName(propNameSource) and - cfg.hasFlowPath(source, sink) and + PropNameTracking::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and isPrototypePollutingAssignment(base, _, _, propNameSource) and sink.getNode() = base and source.getNode() = propNameSource and ( - getANodeLeadingToBaseBase(base) instanceof ObjectLiteralNode + getANodeLeadingToBaseBase(base) instanceof DataFlow::ObjectLiteralNode or not getANodeLeadingToBaseBase(base) instanceof ObjectCreateNullCall ) and diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected index 28a0fc8bd832..e9cf5fe90f6d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected @@ -1,2838 +1,1088 @@ nodes -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | -| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:33:5:35 | key | -| examples/PrototypePollutingFunction.js:5:33:5:35 | key | -| examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| path-assignment.js:8:13:8:25 | key | -| path-assignment.js:8:13:8:25 | key | -| path-assignment.js:8:19:8:25 | keys[i] | -| path-assignment.js:8:19:8:25 | keys[i] | -| path-assignment.js:8:19:8:25 | keys[i] | -| path-assignment.js:13:13:13:32 | target | -| path-assignment.js:13:13:13:32 | target | -| path-assignment.js:13:22:13:27 | target | -| path-assignment.js:13:22:13:27 | target | -| path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:13:29:13:31 | key | -| path-assignment.js:13:29:13:31 | key | -| path-assignment.js:15:13:15:18 | target | -| path-assignment.js:15:13:15:18 | target | -| path-assignment.js:15:13:15:18 | target | -| path-assignment.js:15:20:15:22 | key | -| path-assignment.js:15:20:15:22 | key | -| path-assignment.js:15:20:15:22 | key | -| path-assignment.js:41:13:41:25 | key | -| path-assignment.js:41:13:41:25 | key | -| path-assignment.js:41:19:41:25 | keys[i] | -| path-assignment.js:41:19:41:25 | keys[i] | -| path-assignment.js:41:19:41:25 | keys[i] | -| path-assignment.js:42:9:42:48 | target | -| path-assignment.js:42:9:42:48 | target | -| path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | -| path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | -| path-assignment.js:42:25:42:27 | key | -| path-assignment.js:42:25:42:27 | key | -| path-assignment.js:42:25:42:27 | key | -| path-assignment.js:42:32:42:37 | target | -| path-assignment.js:42:32:42:37 | target | -| path-assignment.js:42:32:42:42 | target[key] | -| path-assignment.js:42:32:42:42 | target[key] | -| path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:39:42:41 | key | -| path-assignment.js:42:39:42:41 | key | -| path-assignment.js:44:5:44:10 | target | -| path-assignment.js:44:5:44:10 | target | -| path-assignment.js:44:5:44:10 | target | -| path-assignment.js:44:12:44:18 | keys[i] | -| path-assignment.js:44:12:44:18 | keys[i] | -| path-assignment.js:44:12:44:18 | keys[i] | -| path-assignment.js:44:12:44:18 | keys[i] | -| path-assignment.js:58:13:58:25 | key | -| path-assignment.js:58:13:58:25 | key | -| path-assignment.js:58:19:58:25 | keys[i] | -| path-assignment.js:58:19:58:25 | keys[i] | -| path-assignment.js:58:19:58:25 | keys[i] | -| path-assignment.js:59:9:59:48 | target | -| path-assignment.js:59:9:59:48 | target | -| path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | -| path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | -| path-assignment.js:59:25:59:27 | key | -| path-assignment.js:59:25:59:27 | key | -| path-assignment.js:59:25:59:27 | key | -| path-assignment.js:59:32:59:37 | target | -| path-assignment.js:59:32:59:37 | target | -| path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:39:59:41 | key | -| path-assignment.js:59:39:59:41 | key | -| path-assignment.js:61:5:61:10 | target | -| path-assignment.js:61:5:61:10 | target | -| path-assignment.js:61:5:61:10 | target | -| path-assignment.js:61:12:61:18 | keys[i] | -| path-assignment.js:61:12:61:18 | keys[i] | -| path-assignment.js:61:12:61:18 | keys[i] | -| path-assignment.js:61:12:61:18 | keys[i] | -| path-assignment.js:68:13:68:25 | key | -| path-assignment.js:68:13:68:25 | key | -| path-assignment.js:68:19:68:25 | keys[i] | -| path-assignment.js:68:19:68:25 | keys[i] | -| path-assignment.js:68:19:68:25 | keys[i] | -| path-assignment.js:69:9:69:48 | target | -| path-assignment.js:69:9:69:48 | target | -| path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | -| path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | -| path-assignment.js:69:25:69:27 | key | -| path-assignment.js:69:25:69:27 | key | -| path-assignment.js:69:25:69:27 | key | -| path-assignment.js:69:32:69:37 | target | -| path-assignment.js:69:32:69:37 | target | -| path-assignment.js:69:32:69:42 | target[key] | -| path-assignment.js:69:32:69:42 | target[key] | -| path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:39:69:41 | key | -| path-assignment.js:69:39:69:41 | key | -| path-assignment.js:71:5:71:10 | target | -| path-assignment.js:71:5:71:10 | target | -| path-assignment.js:71:5:71:10 | target | -| path-assignment.js:71:12:71:18 | keys[i] | -| path-assignment.js:71:12:71:18 | keys[i] | -| path-assignment.js:71:12:71:18 | keys[i] | -| path-assignment.js:71:12:71:18 | keys[i] | -| tests.js:3:25:3:27 | dst | -| tests.js:3:25:3:27 | dst | -| tests.js:3:30:3:32 | src | -| tests.js:3:30:3:32 | src | -| tests.js:4:14:4:16 | key | -| tests.js:4:14:4:16 | key | -| tests.js:4:14:4:16 | key | -| tests.js:6:28:6:30 | dst | -| tests.js:6:28:6:30 | dst | -| tests.js:6:28:6:35 | dst[key] | -| tests.js:6:28:6:35 | dst[key] | -| tests.js:6:28:6:35 | dst[key] | -| tests.js:6:28:6:35 | dst[key] | -| tests.js:6:32:6:34 | key | -| tests.js:6:32:6:34 | key | -| tests.js:6:38:6:40 | src | -| tests.js:6:38:6:40 | src | -| tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:45 | src[key] | -| tests.js:6:42:6:44 | key | -| tests.js:6:42:6:44 | key | -| tests.js:8:13:8:15 | dst | -| tests.js:8:13:8:15 | dst | -| tests.js:8:13:8:15 | dst | -| tests.js:8:17:8:19 | key | -| tests.js:8:17:8:19 | key | -| tests.js:8:17:8:19 | key | -| tests.js:8:24:8:26 | src | -| tests.js:8:24:8:26 | src | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:28:8:30 | key | -| tests.js:8:28:8:30 | key | -| tests.js:13:24:13:26 | dst | -| tests.js:13:24:13:26 | dst | -| tests.js:13:29:13:31 | src | -| tests.js:13:29:13:31 | src | -| tests.js:14:30:14:32 | key | -| tests.js:14:30:14:32 | key | -| tests.js:14:30:14:32 | key | -| tests.js:16:27:16:29 | dst | -| tests.js:16:27:16:29 | dst | -| tests.js:16:27:16:34 | dst[key] | -| tests.js:16:27:16:34 | dst[key] | -| tests.js:16:27:16:34 | dst[key] | -| tests.js:16:27:16:34 | dst[key] | -| tests.js:16:31:16:33 | key | -| tests.js:16:31:16:33 | key | -| tests.js:16:37:16:39 | src | -| tests.js:16:37:16:39 | src | -| tests.js:16:37:16:44 | src[key] | -| tests.js:16:37:16:44 | src[key] | -| tests.js:16:37:16:44 | src[key] | -| tests.js:16:37:16:44 | src[key] | -| tests.js:16:37:16:44 | src[key] | -| tests.js:16:41:16:43 | key | -| tests.js:16:41:16:43 | key | -| tests.js:18:13:18:15 | dst | -| tests.js:18:13:18:15 | dst | -| tests.js:18:13:18:15 | dst | -| tests.js:18:17:18:19 | key | -| tests.js:18:17:18:19 | key | -| tests.js:18:17:18:19 | key | -| tests.js:18:24:18:26 | src | -| tests.js:18:24:18:26 | src | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:28:18:30 | key | -| tests.js:18:28:18:30 | key | -| tests.js:23:19:23:21 | dst | -| tests.js:23:19:23:21 | dst | -| tests.js:25:18:25:20 | key | -| tests.js:25:18:25:20 | key | -| tests.js:25:18:25:20 | key | -| tests.js:26:25:26:27 | dst | -| tests.js:26:25:26:27 | dst | -| tests.js:26:30:26:40 | source[key] | -| tests.js:26:30:26:40 | source[key] | -| tests.js:26:30:26:40 | source[key] | -| tests.js:26:37:26:39 | key | -| tests.js:26:37:26:39 | key | -| tests.js:26:43:26:45 | key | -| tests.js:26:43:26:45 | key | -| tests.js:31:22:31:24 | dst | -| tests.js:31:22:31:24 | dst | -| tests.js:31:27:31:31 | value | -| tests.js:31:27:31:31 | value | -| tests.js:31:34:31:36 | key | -| tests.js:31:34:31:36 | key | -| tests.js:32:9:32:27 | dstValue | -| tests.js:32:9:32:27 | dstValue | -| tests.js:32:20:32:22 | dst | -| tests.js:32:20:32:22 | dst | -| tests.js:32:20:32:27 | dst[key] | -| tests.js:32:20:32:27 | dst[key] | -| tests.js:32:24:32:26 | key | -| tests.js:32:24:32:26 | key | -| tests.js:34:18:34:25 | dstValue | -| tests.js:34:18:34:25 | dstValue | -| tests.js:36:9:36:11 | dst | -| tests.js:36:9:36:11 | dst | -| tests.js:36:9:36:11 | dst | -| tests.js:36:13:36:15 | key | -| tests.js:36:13:36:15 | key | -| tests.js:36:13:36:15 | key | -| tests.js:36:20:36:24 | value | -| tests.js:36:20:36:24 | value | -| tests.js:36:20:36:24 | value | -| tests.js:40:27:40:29 | dst | -| tests.js:40:32:40:34 | src | -| tests.js:40:32:40:34 | src | -| tests.js:41:14:41:16 | key | -| tests.js:41:14:41:16 | key | -| tests.js:44:30:44:32 | dst | -| tests.js:44:30:44:37 | dst[key] | -| tests.js:44:30:44:37 | dst[key] | -| tests.js:44:34:44:36 | key | -| tests.js:44:40:44:42 | src | -| tests.js:44:40:44:42 | src | -| tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:47 | src[key] | -| tests.js:44:44:44:46 | key | -| tests.js:46:13:46:15 | dst | -| tests.js:46:13:46:15 | dst | -| tests.js:46:17:46:19 | key | -| tests.js:46:17:46:19 | key | -| tests.js:46:24:46:26 | src | -| tests.js:46:24:46:26 | src | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:28:46:30 | key | -| tests.js:51:26:51:28 | dst | -| tests.js:51:31:51:33 | src | -| tests.js:51:31:51:33 | src | -| tests.js:52:14:52:16 | key | -| tests.js:52:14:52:16 | key | -| tests.js:55:29:55:31 | dst | -| tests.js:55:29:55:36 | dst[key] | -| tests.js:55:29:55:36 | dst[key] | -| tests.js:55:33:55:35 | key | -| tests.js:55:39:55:41 | src | -| tests.js:55:39:55:41 | src | -| tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:46 | src[key] | -| tests.js:55:43:55:45 | key | -| tests.js:57:13:57:15 | dst | -| tests.js:57:13:57:15 | dst | -| tests.js:57:17:57:19 | key | -| tests.js:57:17:57:19 | key | -| tests.js:57:24:57:26 | src | -| tests.js:57:24:57:26 | src | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:28:57:30 | key | -| tests.js:62:33:62:35 | src | -| tests.js:62:33:62:35 | src | -| tests.js:66:41:66:43 | src | -| tests.js:66:41:66:43 | src | -| tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:48 | src[key] | -| tests.js:68:24:68:26 | src | -| tests.js:68:24:68:26 | src | -| tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | -| tests.js:77:27:77:29 | src | -| tests.js:77:27:77:29 | src | -| tests.js:81:39:81:41 | src | -| tests.js:81:39:81:41 | src | -| tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:46 | src[key] | -| tests.js:83:28:83:30 | src | -| tests.js:83:28:83:30 | src | -| tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | -| tests.js:89:34:89:36 | src | -| tests.js:89:34:89:36 | src | -| tests.js:90:14:90:16 | key | -| tests.js:90:14:90:16 | key | -| tests.js:90:14:90:16 | key | -| tests.js:94:42:94:44 | src | -| tests.js:94:42:94:44 | src | -| tests.js:94:42:94:49 | src[key] | -| tests.js:94:42:94:49 | src[key] | -| tests.js:94:42:94:49 | src[key] | -| tests.js:94:42:94:49 | src[key] | -| tests.js:94:42:94:49 | src[key] | -| tests.js:96:17:96:19 | key | -| tests.js:96:17:96:19 | key | -| tests.js:96:17:96:19 | key | -| tests.js:96:24:96:26 | src | -| tests.js:96:24:96:26 | src | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:28:96:30 | key | -| tests.js:96:28:96:30 | key | -| tests.js:101:32:101:34 | dst | -| tests.js:101:32:101:34 | dst | -| tests.js:101:37:101:39 | src | -| tests.js:101:37:101:39 | src | -| tests.js:102:14:102:16 | key | -| tests.js:102:14:102:16 | key | -| tests.js:102:14:102:16 | key | -| tests.js:107:35:107:37 | dst | -| tests.js:107:35:107:37 | dst | -| tests.js:107:35:107:42 | dst[key] | -| tests.js:107:35:107:42 | dst[key] | -| tests.js:107:35:107:42 | dst[key] | -| tests.js:107:35:107:42 | dst[key] | -| tests.js:107:39:107:41 | key | -| tests.js:107:39:107:41 | key | -| tests.js:107:45:107:47 | src | -| tests.js:107:45:107:47 | src | -| tests.js:107:45:107:52 | src[key] | -| tests.js:107:45:107:52 | src[key] | -| tests.js:107:45:107:52 | src[key] | -| tests.js:107:45:107:52 | src[key] | -| tests.js:107:45:107:52 | src[key] | -| tests.js:107:49:107:51 | key | -| tests.js:107:49:107:51 | key | -| tests.js:109:13:109:15 | dst | -| tests.js:109:13:109:15 | dst | -| tests.js:109:13:109:15 | dst | -| tests.js:109:17:109:19 | key | -| tests.js:109:17:109:19 | key | -| tests.js:109:17:109:19 | key | -| tests.js:109:24:109:26 | src | -| tests.js:109:24:109:26 | src | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:28:109:30 | key | -| tests.js:109:28:109:30 | key | -| tests.js:116:41:116:43 | src | -| tests.js:116:41:116:43 | src | -| tests.js:117:14:117:16 | key | -| tests.js:117:14:117:16 | key | -| tests.js:117:14:117:16 | key | -| tests.js:119:49:119:51 | src | -| tests.js:119:49:119:51 | src | -| tests.js:119:49:119:56 | src[key] | -| tests.js:119:49:119:56 | src[key] | -| tests.js:119:49:119:56 | src[key] | -| tests.js:119:49:119:56 | src[key] | -| tests.js:119:49:119:56 | src[key] | -| tests.js:121:17:121:19 | key | -| tests.js:121:17:121:19 | key | -| tests.js:121:17:121:19 | key | -| tests.js:121:24:121:26 | src | -| tests.js:121:24:121:26 | src | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:28:121:30 | key | -| tests.js:121:28:121:30 | key | -| tests.js:149:31:149:33 | dst | -| tests.js:149:31:149:33 | dst | -| tests.js:149:31:149:33 | dst | -| tests.js:149:31:149:33 | dst | -| tests.js:149:36:149:38 | src | -| tests.js:149:36:149:38 | src | -| tests.js:149:36:149:38 | src | -| tests.js:149:36:149:38 | src | -| tests.js:150:14:150:16 | key | -| tests.js:150:14:150:16 | key | -| tests.js:150:14:150:16 | key | -| tests.js:152:22:152:24 | dst | -| tests.js:152:22:152:24 | dst | -| tests.js:152:22:152:24 | dst | -| tests.js:152:22:152:24 | dst | -| tests.js:152:27:152:29 | src | -| tests.js:152:27:152:29 | src | -| tests.js:152:27:152:29 | src | -| tests.js:152:27:152:29 | src | -| tests.js:152:32:152:34 | key | -| tests.js:152:32:152:34 | key | -| tests.js:154:13:154:15 | dst | -| tests.js:154:13:154:15 | dst | -| tests.js:154:13:154:15 | dst | -| tests.js:154:13:154:15 | dst | -| tests.js:154:13:154:15 | dst | -| tests.js:154:17:154:19 | key | -| tests.js:154:17:154:19 | key | -| tests.js:154:17:154:19 | key | -| tests.js:154:24:154:26 | src | -| tests.js:154:24:154:26 | src | -| tests.js:154:24:154:26 | src | -| tests.js:154:24:154:26 | src | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:28:154:30 | key | -| tests.js:154:28:154:30 | key | -| tests.js:159:36:159:38 | dst | -| tests.js:159:36:159:38 | dst | -| tests.js:159:36:159:38 | dst | -| tests.js:159:36:159:38 | dst | -| tests.js:159:41:159:43 | src | -| tests.js:159:41:159:43 | src | -| tests.js:159:41:159:43 | src | -| tests.js:159:41:159:43 | src | -| tests.js:160:26:160:28 | dst | -| tests.js:160:26:160:28 | dst | -| tests.js:160:26:160:28 | dst | -| tests.js:160:26:160:28 | dst | -| tests.js:160:31:160:33 | src | -| tests.js:160:31:160:33 | src | -| tests.js:160:31:160:33 | src | -| tests.js:160:31:160:33 | src | -| tests.js:160:37:160:39 | dst | -| tests.js:160:37:160:39 | dst | -| tests.js:160:37:160:39 | dst | -| tests.js:160:37:160:39 | dst | -| tests.js:160:42:160:44 | src | -| tests.js:160:42:160:44 | src | -| tests.js:160:42:160:44 | src | -| tests.js:160:42:160:44 | src | -| tests.js:160:47:160:49 | key | -| tests.js:160:47:160:49 | key | -| tests.js:160:47:160:49 | key | -| tests.js:160:47:160:49 | key | -| tests.js:161:35:161:37 | dst | -| tests.js:161:35:161:37 | dst | -| tests.js:161:35:161:37 | dst | -| tests.js:161:35:161:37 | dst | -| tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:42 | dst[key] | -| tests.js:161:39:161:41 | key | -| tests.js:161:39:161:41 | key | -| tests.js:161:39:161:41 | key | -| tests.js:161:39:161:41 | key | -| tests.js:161:45:161:47 | src | -| tests.js:161:45:161:47 | src | -| tests.js:161:45:161:47 | src | -| tests.js:161:45:161:47 | src | -| tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:52 | src[key] | -| tests.js:161:49:161:51 | key | -| tests.js:161:49:161:51 | key | -| tests.js:161:49:161:51 | key | -| tests.js:161:49:161:51 | key | -| tests.js:165:37:165:39 | src | -| tests.js:165:37:165:39 | src | -| tests.js:166:14:166:16 | key | -| tests.js:166:14:166:16 | key | -| tests.js:166:14:166:16 | key | -| tests.js:169:45:169:47 | src | -| tests.js:169:45:169:47 | src | -| tests.js:169:45:169:52 | src[key] | -| tests.js:169:45:169:52 | src[key] | -| tests.js:169:45:169:52 | src[key] | -| tests.js:169:45:169:52 | src[key] | -| tests.js:169:45:169:52 | src[key] | -| tests.js:169:49:169:51 | key | -| tests.js:169:49:169:51 | key | -| tests.js:171:17:171:19 | key | -| tests.js:171:17:171:19 | key | -| tests.js:171:17:171:19 | key | -| tests.js:171:24:171:26 | src | -| tests.js:171:24:171:26 | src | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:28:171:30 | key | -| tests.js:171:28:171:30 | key | -| tests.js:178:33:178:35 | src | -| tests.js:178:33:178:35 | src | -| tests.js:182:41:182:43 | src | -| tests.js:182:41:182:43 | src | -| tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:48 | src[key] | -| tests.js:184:24:184:26 | src | -| tests.js:184:24:184:26 | src | -| tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | -| tests.js:189:32:189:34 | dst | -| tests.js:189:32:189:34 | dst | -| tests.js:189:37:189:39 | src | -| tests.js:189:37:189:39 | src | -| tests.js:192:13:192:25 | key | -| tests.js:192:13:192:25 | key | -| tests.js:192:19:192:25 | keys[i] | -| tests.js:192:19:192:25 | keys[i] | -| tests.js:192:19:192:25 | keys[i] | -| tests.js:194:35:194:37 | dst | -| tests.js:194:35:194:37 | dst | -| tests.js:194:35:194:42 | dst[key] | -| tests.js:194:35:194:42 | dst[key] | -| tests.js:194:35:194:42 | dst[key] | -| tests.js:194:35:194:42 | dst[key] | -| tests.js:194:39:194:41 | key | -| tests.js:194:39:194:41 | key | -| tests.js:194:45:194:47 | src | -| tests.js:194:45:194:47 | src | -| tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:52 | src[key] | -| tests.js:194:49:194:51 | key | -| tests.js:194:49:194:51 | key | -| tests.js:196:13:196:15 | dst | -| tests.js:196:13:196:15 | dst | -| tests.js:196:13:196:15 | dst | -| tests.js:196:17:196:19 | key | -| tests.js:196:17:196:19 | key | -| tests.js:196:17:196:19 | key | -| tests.js:196:24:196:26 | src | -| tests.js:196:24:196:26 | src | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:28:196:30 | key | -| tests.js:196:28:196:30 | key | -| tests.js:201:39:201:41 | dst | -| tests.js:201:39:201:41 | dst | -| tests.js:201:44:201:46 | src | -| tests.js:201:44:201:46 | src | -| tests.js:206:42:206:44 | dst | -| tests.js:206:42:206:44 | dst | -| tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:46:206:52 | keys[i] | -| tests.js:206:46:206:52 | keys[i] | -| tests.js:206:46:206:52 | keys[i] | -| tests.js:206:56:206:58 | src | -| tests.js:206:56:206:58 | src | -| tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:60:206:66 | keys[i] | -| tests.js:206:60:206:66 | keys[i] | -| tests.js:206:60:206:66 | keys[i] | -| tests.js:208:13:208:15 | dst | -| tests.js:208:13:208:15 | dst | -| tests.js:208:13:208:15 | dst | -| tests.js:208:17:208:23 | keys[i] | -| tests.js:208:17:208:23 | keys[i] | -| tests.js:208:17:208:23 | keys[i] | -| tests.js:208:17:208:23 | keys[i] | -| tests.js:208:28:208:30 | src | -| tests.js:208:28:208:30 | src | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | -| tests.js:208:32:208:38 | keys[i] | -| tests.js:208:32:208:38 | keys[i] | -| tests.js:213:23:213:26 | key1 | -| tests.js:213:23:213:26 | key1 | -| tests.js:213:29:213:32 | key2 | -| tests.js:213:29:213:32 | key2 | -| tests.js:213:35:213:39 | value | -| tests.js:213:35:213:39 | value | -| tests.js:217:5:217:13 | map[key1] | -| tests.js:217:5:217:13 | map[key1] | -| tests.js:217:5:217:13 | map[key1] | -| tests.js:217:9:217:12 | key1 | -| tests.js:217:9:217:12 | key1 | -| tests.js:217:15:217:18 | key2 | -| tests.js:217:15:217:18 | key2 | -| tests.js:217:15:217:18 | key2 | -| tests.js:217:23:217:27 | value | -| tests.js:217:23:217:27 | value | -| tests.js:217:23:217:27 | value | -| tests.js:223:14:223:16 | key | -| tests.js:223:14:223:16 | key | -| tests.js:223:14:223:16 | key | -| tests.js:224:23:224:25 | key | -| tests.js:224:23:224:25 | key | -| tests.js:224:33:224:41 | data[key] | -| tests.js:224:33:224:41 | data[key] | -| tests.js:224:33:224:41 | data[key] | -| tests.js:224:38:224:40 | key | -| tests.js:224:38:224:40 | key | -| tests.js:225:28:225:30 | key | -| tests.js:225:28:225:30 | key | -| tests.js:225:33:225:41 | data[key] | -| tests.js:225:33:225:41 | data[key] | -| tests.js:225:33:225:41 | data[key] | -| tests.js:225:38:225:40 | key | -| tests.js:225:38:225:40 | key | -| tests.js:229:26:229:29 | key1 | -| tests.js:229:26:229:29 | key1 | -| tests.js:229:32:229:35 | key2 | -| tests.js:229:32:229:35 | key2 | -| tests.js:229:38:229:42 | value | -| tests.js:229:38:229:42 | value | -| tests.js:233:5:233:13 | map[key1] | -| tests.js:233:5:233:13 | map[key1] | -| tests.js:233:5:233:13 | map[key1] | -| tests.js:233:9:233:12 | key1 | -| tests.js:233:9:233:12 | key1 | -| tests.js:233:15:233:18 | key2 | -| tests.js:233:15:233:18 | key2 | -| tests.js:233:15:233:18 | key2 | -| tests.js:233:23:233:27 | value | -| tests.js:233:23:233:27 | value | -| tests.js:233:23:233:27 | value | -| tests.js:238:14:238:16 | key | -| tests.js:238:14:238:16 | key | -| tests.js:238:14:238:16 | key | -| tests.js:239:24:239:26 | key | -| tests.js:239:24:239:26 | key | -| tests.js:239:34:239:42 | data[key] | -| tests.js:239:34:239:42 | data[key] | -| tests.js:239:34:239:42 | data[key] | -| tests.js:239:39:239:41 | key | -| tests.js:239:39:239:41 | key | -| tests.js:240:31:240:33 | key | -| tests.js:240:31:240:33 | key | -| tests.js:240:36:240:44 | data[key] | -| tests.js:240:36:240:44 | data[key] | -| tests.js:240:36:240:44 | data[key] | -| tests.js:240:41:240:43 | key | -| tests.js:240:41:240:43 | key | -| tests.js:263:27:263:29 | dst | -| tests.js:263:27:263:29 | dst | -| tests.js:265:13:265:26 | key | -| tests.js:265:13:265:26 | key | -| tests.js:265:19:265:26 | entry[0] | -| tests.js:265:19:265:26 | entry[0] | -| tests.js:265:19:265:26 | entry[0] | -| tests.js:266:13:266:28 | value | -| tests.js:266:13:266:28 | value | -| tests.js:266:21:266:28 | entry[1] | -| tests.js:266:21:266:28 | entry[1] | -| tests.js:266:21:266:28 | entry[1] | -| tests.js:268:30:268:32 | dst | -| tests.js:268:30:268:32 | dst | -| tests.js:268:30:268:37 | dst[key] | -| tests.js:268:30:268:37 | dst[key] | -| tests.js:268:30:268:37 | dst[key] | -| tests.js:268:30:268:37 | dst[key] | -| tests.js:268:34:268:36 | key | -| tests.js:268:34:268:36 | key | -| tests.js:270:13:270:15 | dst | -| tests.js:270:13:270:15 | dst | -| tests.js:270:13:270:15 | dst | -| tests.js:270:17:270:19 | key | -| tests.js:270:17:270:19 | key | -| tests.js:270:17:270:19 | key | -| tests.js:270:24:270:28 | value | -| tests.js:270:24:270:28 | value | -| tests.js:270:24:270:28 | value | -| tests.js:275:27:275:29 | dst | -| tests.js:275:27:275:29 | dst | -| tests.js:275:32:275:34 | src | -| tests.js:275:32:275:34 | src | -| tests.js:276:34:276:36 | key | -| tests.js:276:34:276:36 | key | -| tests.js:276:34:276:36 | key | -| tests.js:278:30:278:32 | dst | -| tests.js:278:30:278:32 | dst | -| tests.js:278:30:278:37 | dst[key] | -| tests.js:278:30:278:37 | dst[key] | -| tests.js:278:30:278:37 | dst[key] | -| tests.js:278:30:278:37 | dst[key] | -| tests.js:278:34:278:36 | key | -| tests.js:278:34:278:36 | key | -| tests.js:278:40:278:42 | src | -| tests.js:278:40:278:42 | src | -| tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:47 | src[key] | -| tests.js:278:44:278:46 | key | -| tests.js:278:44:278:46 | key | -| tests.js:280:13:280:15 | dst | -| tests.js:280:13:280:15 | dst | -| tests.js:280:13:280:15 | dst | -| tests.js:280:17:280:19 | key | -| tests.js:280:17:280:19 | key | -| tests.js:280:17:280:19 | key | -| tests.js:280:24:280:26 | src | -| tests.js:280:24:280:26 | src | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:28:280:30 | key | -| tests.js:280:28:280:30 | key | -| tests.js:301:27:301:29 | dst | -| tests.js:301:27:301:29 | dst | -| tests.js:301:32:301:34 | src | -| tests.js:302:14:302:16 | key | -| tests.js:302:14:302:16 | key | -| tests.js:302:14:302:16 | key | -| tests.js:304:17:304:32 | value | -| tests.js:304:17:304:32 | value | -| tests.js:304:17:304:32 | value | -| tests.js:304:25:304:27 | src | -| tests.js:304:25:304:32 | src[key] | -| tests.js:304:25:304:32 | src[key] | -| tests.js:304:25:304:32 | src[key] | -| tests.js:304:25:304:32 | src[key] | -| tests.js:304:29:304:31 | key | -| tests.js:304:29:304:31 | key | -| tests.js:306:34:306:36 | dst | -| tests.js:306:34:306:36 | dst | -| tests.js:306:34:306:41 | dst[key] | -| tests.js:306:34:306:41 | dst[key] | -| tests.js:306:34:306:41 | dst[key] | -| tests.js:306:34:306:41 | dst[key] | -| tests.js:306:38:306:40 | key | -| tests.js:306:38:306:40 | key | -| tests.js:306:44:306:48 | value | -| tests.js:306:44:306:48 | value | -| tests.js:308:17:308:19 | dst | -| tests.js:308:17:308:19 | dst | -| tests.js:308:17:308:19 | dst | -| tests.js:308:21:308:23 | key | -| tests.js:308:21:308:23 | key | -| tests.js:308:21:308:23 | key | -| tests.js:308:28:308:32 | value | -| tests.js:308:28:308:32 | value | -| tests.js:308:28:308:32 | value | -| tests.js:308:28:308:32 | value | -| tests.js:314:31:314:33 | dst | -| tests.js:314:31:314:33 | dst | -| tests.js:314:36:314:38 | src | -| tests.js:315:14:315:16 | key | -| tests.js:315:14:315:16 | key | -| tests.js:315:14:315:16 | key | -| tests.js:318:17:318:32 | value | -| tests.js:318:17:318:32 | value | -| tests.js:318:17:318:32 | value | -| tests.js:318:25:318:27 | src | -| tests.js:318:25:318:32 | src[key] | -| tests.js:318:25:318:32 | src[key] | -| tests.js:318:25:318:32 | src[key] | -| tests.js:318:25:318:32 | src[key] | -| tests.js:318:29:318:31 | key | -| tests.js:318:29:318:31 | key | -| tests.js:320:38:320:40 | dst | -| tests.js:320:38:320:40 | dst | -| tests.js:320:38:320:45 | dst[key] | -| tests.js:320:38:320:45 | dst[key] | -| tests.js:320:38:320:45 | dst[key] | -| tests.js:320:38:320:45 | dst[key] | -| tests.js:320:42:320:44 | key | -| tests.js:320:42:320:44 | key | -| tests.js:320:48:320:52 | value | -| tests.js:320:48:320:52 | value | -| tests.js:322:17:322:19 | dst | -| tests.js:322:17:322:19 | dst | -| tests.js:322:17:322:19 | dst | -| tests.js:322:21:322:23 | key | -| tests.js:322:21:322:23 | key | -| tests.js:322:21:322:23 | key | -| tests.js:322:28:322:32 | value | -| tests.js:322:28:322:32 | value | -| tests.js:322:28:322:32 | value | -| tests.js:322:28:322:32 | value | -| tests.js:328:30:328:32 | src | -| tests.js:328:30:328:32 | src | -| tests.js:336:42:336:44 | src | -| tests.js:336:42:336:44 | src | -| tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:49 | src[key] | -| tests.js:338:28:338:30 | src | -| tests.js:338:28:338:30 | src | -| tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | -| tests.js:348:32:348:37 | target | -| tests.js:348:40:348:45 | source | -| tests.js:350:37:350:39 | key | -| tests.js:350:37:350:39 | key | -| tests.js:355:17:355:22 | target | -| tests.js:355:17:355:22 | target | -| tests.js:355:24:355:26 | key | -| tests.js:355:24:355:26 | key | -| tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:53:355:58 | target | -| tests.js:355:53:355:63 | target[key] | -| tests.js:355:53:355:63 | target[key] | -| tests.js:355:60:355:62 | key | -| tests.js:355:66:355:71 | source | -| tests.js:355:66:355:76 | source[key] | -| tests.js:355:66:355:76 | source[key] | -| tests.js:355:66:355:76 | source[key] | -| tests.js:357:17:357:22 | target | -| tests.js:357:17:357:22 | target | -| tests.js:357:24:357:26 | key | -| tests.js:357:24:357:26 | key | -| tests.js:357:31:357:36 | source | -| tests.js:357:31:357:41 | source[key] | -| tests.js:357:31:357:41 | source[key] | -| tests.js:357:31:357:41 | source[key] | -| tests.js:357:31:357:41 | source[key] | -| tests.js:357:31:357:41 | source[key] | -| tests.js:357:38:357:40 | key | -| tests.js:364:49:364:54 | source | -| tests.js:366:18:366:20 | key | -| tests.js:366:18:366:20 | key | -| tests.js:371:24:371:26 | key | -| tests.js:371:24:371:26 | key | -| tests.js:371:31:371:95 | mergePl ... ptions) | -| tests.js:371:31:371:95 | mergePl ... ptions) | -| tests.js:371:62:371:72 | target[key] | -| tests.js:371:69:371:71 | key | -| tests.js:371:75:371:80 | source | -| tests.js:371:75:371:85 | source[key] | -| tests.js:371:75:371:85 | source[key] | -| tests.js:371:75:371:85 | source[key] | -| tests.js:373:24:373:26 | key | -| tests.js:373:24:373:26 | key | -| tests.js:373:31:373:36 | source | -| tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:41 | source[key] | -| tests.js:373:38:373:40 | key | -| tests.js:381:14:381:16 | key | -| tests.js:381:14:381:16 | key | -| tests.js:381:14:381:16 | key | -| tests.js:383:22:383:24 | key | -| tests.js:383:22:383:24 | key | -| tests.js:383:27:383:34 | obj[key] | -| tests.js:383:27:383:34 | obj[key] | -| tests.js:383:27:383:34 | obj[key] | -| tests.js:383:31:383:33 | key | -| tests.js:383:31:383:33 | key | -| tests.js:388:29:388:31 | dst | -| tests.js:388:29:388:31 | dst | -| tests.js:388:34:388:36 | src | -| tests.js:388:34:388:36 | src | -| tests.js:389:22:389:24 | key | -| tests.js:389:22:389:24 | key | -| tests.js:391:32:391:34 | dst | -| tests.js:391:32:391:34 | dst | -| tests.js:391:32:391:39 | dst[key] | -| tests.js:391:32:391:39 | dst[key] | -| tests.js:391:36:391:38 | key | -| tests.js:391:36:391:38 | key | -| tests.js:391:42:391:44 | src | -| tests.js:391:42:391:44 | src | -| tests.js:391:42:391:49 | src[key] | -| tests.js:391:42:391:49 | src[key] | -| tests.js:391:46:391:48 | key | -| tests.js:391:46:391:48 | key | -| tests.js:393:13:393:15 | dst | -| tests.js:393:13:393:15 | dst | -| tests.js:393:13:393:15 | dst | -| tests.js:393:17:393:19 | key | -| tests.js:393:17:393:19 | key | -| tests.js:393:17:393:19 | key | -| tests.js:393:24:393:26 | src | -| tests.js:393:24:393:26 | src | -| tests.js:393:24:393:31 | src[key] | -| tests.js:393:24:393:31 | src[key] | -| tests.js:393:24:393:31 | src[key] | -| tests.js:393:28:393:30 | key | -| tests.js:393:28:393:30 | key | -| tests.js:398:30:398:32 | dst | -| tests.js:398:30:398:32 | dst | -| tests.js:398:35:398:37 | src | -| tests.js:398:35:398:37 | src | -| tests.js:399:17:399:19 | src | -| tests.js:399:17:399:19 | src | -| tests.js:399:23:399:25 | key | -| tests.js:399:23:399:25 | key | -| tests.js:399:28:399:32 | value | -| tests.js:399:28:399:32 | value | -| tests.js:401:33:401:35 | dst | -| tests.js:401:33:401:35 | dst | -| tests.js:401:33:401:40 | dst[key] | -| tests.js:401:33:401:40 | dst[key] | -| tests.js:401:37:401:39 | key | -| tests.js:401:37:401:39 | key | -| tests.js:401:43:401:47 | value | -| tests.js:401:43:401:47 | value | -| tests.js:403:13:403:15 | dst | -| tests.js:403:13:403:15 | dst | -| tests.js:403:13:403:15 | dst | -| tests.js:403:17:403:19 | key | -| tests.js:403:17:403:19 | key | -| tests.js:403:17:403:19 | key | -| tests.js:403:24:403:28 | value | -| tests.js:403:24:403:28 | value | -| tests.js:403:24:403:28 | value | -| tests.js:412:31:412:33 | dst | -| tests.js:412:31:412:33 | dst | -| tests.js:412:36:412:38 | src | -| tests.js:412:36:412:38 | src | -| tests.js:413:14:413:16 | key | -| tests.js:413:14:413:16 | key | -| tests.js:413:14:413:16 | key | -| tests.js:414:13:414:41 | value | -| tests.js:414:13:414:41 | value | -| tests.js:414:13:414:41 | value | -| tests.js:414:13:414:41 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:33:414:35 | src | -| tests.js:414:33:414:35 | src | -| tests.js:414:38:414:40 | key | -| tests.js:414:38:414:40 | key | -| tests.js:415:13:415:42 | target | -| tests.js:415:13:415:42 | target | -| tests.js:415:13:415:42 | target | -| tests.js:415:13:415:42 | target | -| tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:34:415:36 | dst | -| tests.js:415:34:415:36 | dst | -| tests.js:415:39:415:41 | key | -| tests.js:415:39:415:41 | key | -| tests.js:417:34:417:39 | target | -| tests.js:417:34:417:39 | target | -| tests.js:417:34:417:39 | target | -| tests.js:417:34:417:39 | target | -| tests.js:417:42:417:46 | value | -| tests.js:417:42:417:46 | value | -| tests.js:417:42:417:46 | value | -| tests.js:417:42:417:46 | value | -| tests.js:419:13:419:15 | dst | -| tests.js:419:13:419:15 | dst | -| tests.js:419:13:419:15 | dst | -| tests.js:419:17:419:19 | key | -| tests.js:419:17:419:19 | key | -| tests.js:419:17:419:19 | key | -| tests.js:419:24:419:28 | value | -| tests.js:419:24:419:28 | value | -| tests.js:419:24:419:28 | value | -| tests.js:419:24:419:28 | value | -| tests.js:419:24:419:28 | value | -| tests.js:429:34:429:36 | dst | -| tests.js:429:39:429:41 | src | -| tests.js:429:39:429:41 | src | -| tests.js:430:14:430:16 | key | -| tests.js:430:14:430:16 | key | -| tests.js:430:14:430:16 | key | -| tests.js:431:13:431:44 | value | -| tests.js:431:13:431:44 | value | -| tests.js:431:13:431:44 | value | -| tests.js:431:13:431:44 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:36:431:38 | src | -| tests.js:431:36:431:38 | src | -| tests.js:431:41:431:43 | key | -| tests.js:432:13:432:45 | target | -| tests.js:432:13:432:45 | target | -| tests.js:432:22:432:45 | almostS ... t, key) | -| tests.js:432:22:432:45 | almostS ... t, key) | -| tests.js:432:37:432:39 | dst | -| tests.js:432:42:432:44 | key | -| tests.js:434:37:434:42 | target | -| tests.js:434:37:434:42 | target | -| tests.js:434:45:434:49 | value | -| tests.js:434:45:434:49 | value | -| tests.js:434:45:434:49 | value | -| tests.js:434:45:434:49 | value | -| tests.js:436:13:436:15 | dst | -| tests.js:436:13:436:15 | dst | -| tests.js:436:17:436:19 | key | -| tests.js:436:17:436:19 | key | -| tests.js:436:17:436:19 | key | -| tests.js:436:24:436:28 | value | -| tests.js:436:24:436:28 | value | -| tests.js:436:24:436:28 | value | -| tests.js:436:24:436:28 | value | -| tests.js:436:24:436:28 | value | -| tests.js:446:33:446:35 | src | -| tests.js:446:33:446:35 | src | -| tests.js:447:14:447:16 | key | -| tests.js:447:14:447:16 | key | -| tests.js:447:14:447:16 | key | -| tests.js:448:13:448:38 | value | -| tests.js:448:13:448:38 | value | -| tests.js:448:13:448:38 | value | -| tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:448:30:448:32 | src | -| tests.js:448:30:448:32 | src | -| tests.js:451:39:451:43 | value | -| tests.js:451:39:451:43 | value | -| tests.js:451:39:451:43 | value | -| tests.js:451:39:451:43 | value | -| tests.js:453:17:453:19 | key | -| tests.js:453:17:453:19 | key | -| tests.js:453:17:453:19 | key | -| tests.js:453:24:453:28 | value | -| tests.js:453:24:453:28 | value | -| tests.js:453:24:453:28 | value | -| tests.js:453:24:453:28 | value | -| tests.js:453:24:453:28 | value | -| tests.js:458:26:458:28 | dst | -| tests.js:458:26:458:28 | dst | -| tests.js:458:31:458:33 | src | -| tests.js:458:31:458:33 | src | -| tests.js:460:18:460:22 | value | -| tests.js:460:18:460:22 | value | -| tests.js:460:18:460:22 | value | -| tests.js:460:25:460:27 | key | -| tests.js:460:25:460:27 | key | -| tests.js:460:25:460:27 | key | -| tests.js:462:29:462:31 | dst | -| tests.js:462:29:462:31 | dst | -| tests.js:462:29:462:36 | dst[key] | -| tests.js:462:29:462:36 | dst[key] | -| tests.js:462:29:462:36 | dst[key] | -| tests.js:462:29:462:36 | dst[key] | -| tests.js:462:33:462:35 | key | -| tests.js:462:33:462:35 | key | -| tests.js:462:39:462:41 | src | -| tests.js:462:39:462:41 | src | -| tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:46 | src[key] | -| tests.js:462:43:462:45 | key | -| tests.js:462:43:462:45 | key | -| tests.js:465:30:465:32 | dst | -| tests.js:465:30:465:32 | dst | -| tests.js:465:30:465:32 | dst | -| tests.js:465:34:465:36 | key | -| tests.js:465:34:465:36 | key | -| tests.js:465:34:465:36 | key | -| tests.js:465:41:465:43 | src | -| tests.js:465:41:465:43 | src | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:45:465:47 | key | -| tests.js:465:45:465:47 | key | -| tests.js:466:30:466:32 | dst | -| tests.js:466:30:466:32 | dst | -| tests.js:466:30:466:32 | dst | -| tests.js:466:34:466:36 | key | -| tests.js:466:34:466:36 | key | -| tests.js:466:34:466:36 | key | -| tests.js:466:41:466:46 | o[key] | -| tests.js:466:41:466:46 | o[key] | -| tests.js:466:41:466:46 | o[key] | -| tests.js:466:41:466:46 | o[key] | -| tests.js:466:43:466:45 | key | -| tests.js:466:43:466:45 | key | -| tests.js:467:30:467:32 | dst | -| tests.js:467:30:467:32 | dst | -| tests.js:467:30:467:32 | dst | -| tests.js:467:34:467:36 | key | -| tests.js:467:34:467:36 | key | -| tests.js:467:34:467:36 | key | -| tests.js:467:41:467:45 | value | -| tests.js:467:41:467:45 | value | -| tests.js:467:41:467:45 | value | -| tests.js:472:38:472:40 | dst | -| tests.js:472:38:472:40 | dst | -| tests.js:473:18:473:22 | value | -| tests.js:473:18:473:22 | value | -| tests.js:473:18:473:22 | value | -| tests.js:473:25:473:27 | key | -| tests.js:473:25:473:27 | key | -| tests.js:473:25:473:27 | key | -| tests.js:475:41:475:43 | dst | -| tests.js:475:41:475:43 | dst | -| tests.js:475:41:475:48 | dst[key] | -| tests.js:475:41:475:48 | dst[key] | -| tests.js:475:41:475:48 | dst[key] | -| tests.js:475:41:475:48 | dst[key] | -| tests.js:475:45:475:47 | key | -| tests.js:475:45:475:47 | key | -| tests.js:477:13:477:15 | dst | -| tests.js:477:13:477:15 | dst | -| tests.js:477:13:477:15 | dst | -| tests.js:477:17:477:19 | key | -| tests.js:477:17:477:19 | key | -| tests.js:477:17:477:19 | key | -| tests.js:477:24:477:28 | value | -| tests.js:477:24:477:28 | value | -| tests.js:477:24:477:28 | value | -| tests.js:483:26:483:28 | dst | -| tests.js:483:31:483:33 | src | -| tests.js:483:31:483:33 | src | -| tests.js:484:14:484:16 | key | -| tests.js:484:14:484:16 | key | -| tests.js:487:29:487:31 | dst | -| tests.js:487:29:487:36 | dst[key] | -| tests.js:487:29:487:36 | dst[key] | -| tests.js:487:33:487:35 | key | -| tests.js:487:39:487:41 | src | -| tests.js:487:39:487:46 | src[key] | -| tests.js:487:39:487:46 | src[key] | -| tests.js:487:39:487:46 | src[key] | -| tests.js:487:39:487:46 | src[key] | -| tests.js:487:43:487:45 | key | -| tests.js:489:13:489:15 | dst | -| tests.js:489:13:489:15 | dst | -| tests.js:489:17:489:19 | key | -| tests.js:489:17:489:19 | key | -| tests.js:489:24:489:26 | src | -| tests.js:489:24:489:26 | src | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:28:489:30 | key | -| tests.js:494:32:494:34 | src | -| tests.js:495:14:495:16 | key | -| tests.js:495:14:495:16 | key | -| tests.js:498:13:498:28 | value | -| tests.js:498:13:498:28 | value | -| tests.js:498:13:498:28 | value | -| tests.js:498:21:498:23 | src | -| tests.js:498:21:498:28 | src[key] | -| tests.js:498:21:498:28 | src[key] | -| tests.js:498:21:498:28 | src[key] | -| tests.js:498:21:498:28 | src[key] | -| tests.js:498:25:498:27 | key | -| tests.js:500:38:500:42 | value | -| tests.js:500:38:500:42 | value | -| tests.js:502:17:502:19 | key | -| tests.js:502:17:502:19 | key | -| tests.js:502:24:502:28 | value | -| tests.js:502:24:502:28 | value | -| tests.js:502:24:502:28 | value | -| tests.js:502:24:502:28 | value | -| tests.js:508:30:508:32 | dst | -| tests.js:508:30:508:32 | dst | -| tests.js:508:35:508:37 | src | -| tests.js:508:35:508:37 | src | -| tests.js:511:13:511:25 | key | -| tests.js:511:13:511:25 | key | -| tests.js:511:19:511:25 | keys[i] | -| tests.js:511:19:511:25 | keys[i] | -| tests.js:511:19:511:25 | keys[i] | -| tests.js:513:33:513:35 | dst | -| tests.js:513:33:513:35 | dst | -| tests.js:513:33:513:40 | dst[key] | -| tests.js:513:33:513:40 | dst[key] | -| tests.js:513:33:513:40 | dst[key] | -| tests.js:513:33:513:40 | dst[key] | -| tests.js:513:37:513:39 | key | -| tests.js:513:37:513:39 | key | -| tests.js:513:43:513:45 | src | -| tests.js:513:43:513:45 | src | -| tests.js:513:43:513:50 | src[key] | -| tests.js:513:43:513:50 | src[key] | -| tests.js:513:43:513:50 | src[key] | -| tests.js:513:43:513:50 | src[key] | -| tests.js:513:43:513:50 | src[key] | -| tests.js:513:47:513:49 | key | -| tests.js:513:47:513:49 | key | -| tests.js:516:32:516:34 | src | -| tests.js:516:32:516:34 | src | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:36:516:38 | key | -| tests.js:516:36:516:38 | key | -| tests.js:517:35:517:37 | dst | -| tests.js:517:35:517:37 | dst | -| tests.js:517:35:517:37 | dst | -| tests.js:517:40:517:42 | key | -| tests.js:517:40:517:42 | key | -| tests.js:517:40:517:42 | key | -| tests.js:523:11:523:23 | dst | -| tests.js:523:11:523:23 | dst | -| tests.js:523:17:523:23 | args[0] | -| tests.js:523:17:523:23 | args[0] | -| tests.js:524:11:524:23 | src | -| tests.js:524:11:524:23 | src | -| tests.js:524:17:524:23 | args[1] | -| tests.js:524:17:524:23 | args[1] | -| tests.js:525:14:525:16 | key | -| tests.js:525:14:525:16 | key | -| tests.js:525:14:525:16 | key | -| tests.js:527:35:527:37 | dst | -| tests.js:527:35:527:37 | dst | -| tests.js:527:35:527:42 | dst[key] | -| tests.js:527:35:527:42 | dst[key] | -| tests.js:527:35:527:42 | dst[key] | -| tests.js:527:35:527:42 | dst[key] | -| tests.js:527:39:527:41 | key | -| tests.js:527:39:527:41 | key | -| tests.js:527:45:527:47 | src | -| tests.js:527:45:527:47 | src | -| tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:52 | src[key] | -| tests.js:527:49:527:51 | key | -| tests.js:527:49:527:51 | key | -| tests.js:529:13:529:15 | dst | -| tests.js:529:13:529:15 | dst | -| tests.js:529:13:529:15 | dst | -| tests.js:529:17:529:19 | key | -| tests.js:529:17:529:19 | key | -| tests.js:529:17:529:19 | key | -| tests.js:529:24:529:26 | src | -| tests.js:529:24:529:26 | src | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:28:529:30 | key | -| tests.js:529:28:529:30 | key | -| tests.js:534:31:534:33 | obj | -| tests.js:534:31:534:33 | obj | -| tests.js:534:31:534:33 | obj | -| tests.js:534:31:534:33 | obj | -| tests.js:538:18:538:24 | keys[i] | -| tests.js:538:18:538:24 | keys[i] | -| tests.js:538:18:538:24 | keys[i] | -| tests.js:538:27:538:29 | obj | -| tests.js:538:27:538:29 | obj | -| tests.js:538:27:538:29 | obj | -| tests.js:538:27:538:29 | obj | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:31:538:37 | keys[i] | -| tests.js:538:31:538:37 | keys[i] | -| tests.js:538:31:538:37 | keys[i] | -| tests.js:542:30:542:32 | dst | -| tests.js:542:30:542:32 | dst | -| tests.js:542:30:542:32 | dst | -| tests.js:542:30:542:32 | dst | -| tests.js:542:35:542:37 | src | -| tests.js:542:35:542:37 | src | -| tests.js:542:35:542:37 | src | -| tests.js:542:35:542:37 | src | -| tests.js:543:26:543:28 | src | -| tests.js:543:26:543:28 | src | -| tests.js:543:26:543:28 | src | -| tests.js:543:26:543:28 | src | -| tests.js:543:32:543:34 | key | -| tests.js:543:32:543:34 | key | -| tests.js:543:32:543:34 | key | -| tests.js:543:32:543:34 | key | -| tests.js:543:37:543:41 | value | -| tests.js:543:37:543:41 | value | -| tests.js:543:37:543:41 | value | -| tests.js:543:37:543:41 | value | -| tests.js:545:33:545:35 | dst | -| tests.js:545:33:545:35 | dst | -| tests.js:545:33:545:35 | dst | -| tests.js:545:33:545:35 | dst | -| tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:40 | dst[key] | -| tests.js:545:37:545:39 | key | -| tests.js:545:37:545:39 | key | -| tests.js:545:37:545:39 | key | -| tests.js:545:37:545:39 | key | -| tests.js:545:43:545:47 | value | -| tests.js:545:43:545:47 | value | -| tests.js:545:43:545:47 | value | -| tests.js:545:43:545:47 | value | -| tests.js:547:13:547:15 | dst | -| tests.js:547:13:547:15 | dst | -| tests.js:547:13:547:15 | dst | -| tests.js:547:13:547:15 | dst | -| tests.js:547:13:547:15 | dst | -| tests.js:547:17:547:19 | key | -| tests.js:547:17:547:19 | key | -| tests.js:547:17:547:19 | key | -| tests.js:547:17:547:19 | key | -| tests.js:547:17:547:19 | key | -| tests.js:547:24:547:28 | value | -| tests.js:547:24:547:28 | value | -| tests.js:547:24:547:28 | value | -| tests.js:547:24:547:28 | value | -| tests.js:547:24:547:28 | value | -| tests.js:552:35:552:37 | src | -| tests.js:552:35:552:37 | src | -| tests.js:553:14:553:16 | key | -| tests.js:553:14:553:16 | key | -| tests.js:553:14:553:16 | key | -| tests.js:557:43:557:45 | src | -| tests.js:557:43:557:45 | src | -| tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:50 | src[key] | -| tests.js:559:17:559:19 | key | -| tests.js:559:17:559:19 | key | -| tests.js:559:17:559:19 | key | -| tests.js:559:24:559:26 | src | -| tests.js:559:24:559:26 | src | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:28:559:30 | key | -| tests.js:559:28:559:30 | key | -| tests.js:564:35:564:37 | src | -| tests.js:564:35:564:37 | src | -| tests.js:565:14:565:16 | key | -| tests.js:565:14:565:16 | key | -| tests.js:565:14:565:16 | key | -| tests.js:569:43:569:45 | src | -| tests.js:569:43:569:45 | src | -| tests.js:569:43:569:50 | src[key] | -| tests.js:569:43:569:50 | src[key] | -| tests.js:569:43:569:50 | src[key] | -| tests.js:569:43:569:50 | src[key] | -| tests.js:569:43:569:50 | src[key] | -| tests.js:571:17:571:19 | key | -| tests.js:571:17:571:19 | key | -| tests.js:571:17:571:19 | key | -| tests.js:571:24:571:26 | src | -| tests.js:571:24:571:26 | src | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:28:571:30 | key | -| tests.js:571:28:571:30 | key | -| tests.js:576:30:576:32 | src | -| tests.js:576:30:576:32 | src | -| tests.js:577:14:577:16 | key | -| tests.js:577:14:577:16 | key | -| tests.js:577:14:577:16 | key | -| tests.js:580:38:580:40 | src | -| tests.js:580:38:580:40 | src | -| tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:45 | src[key] | -| tests.js:582:17:582:19 | key | -| tests.js:582:17:582:19 | key | -| tests.js:582:17:582:19 | key | -| tests.js:582:24:582:26 | src | -| tests.js:582:24:582:26 | src | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:28:582:30 | key | -| tests.js:582:28:582:30 | key | +| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | semmle.label | dst | +| examples/PrototypePollutingFunction.js:1:21:1:23 | src | semmle.label | src | +| examples/PrototypePollutingFunction.js:2:14:2:16 | key | semmle.label | key | +| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | semmle.label | dst | +| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | semmle.label | dst[key] | +| examples/PrototypePollutingFunction.js:5:23:5:25 | key | semmle.label | key | +| examples/PrototypePollutingFunction.js:5:29:5:31 | src | semmle.label | src | +| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction.js:5:33:5:35 | key | semmle.label | key | +| examples/PrototypePollutingFunction.js:7:13:7:15 | dst | semmle.label | dst | +| examples/PrototypePollutingFunction.js:7:17:7:19 | key | semmle.label | key | +| examples/PrototypePollutingFunction.js:7:24:7:26 | src | semmle.label | src | +| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction.js:7:28:7:30 | key | semmle.label | key | +| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | semmle.label | key | +| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | semmle.label | key | +| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | semmle.label | key | +| path-assignment.js:8:13:8:25 | key | semmle.label | key | +| path-assignment.js:8:19:8:25 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:13:13:13:32 | target | semmle.label | target | +| path-assignment.js:13:22:13:27 | target | semmle.label | target | +| path-assignment.js:13:22:13:32 | target[key] | semmle.label | target[key] | +| path-assignment.js:13:29:13:31 | key | semmle.label | key | +| path-assignment.js:15:13:15:18 | target | semmle.label | target | +| path-assignment.js:15:20:15:22 | key | semmle.label | key | +| path-assignment.js:41:13:41:25 | key | semmle.label | key | +| path-assignment.js:41:19:41:25 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:42:9:42:48 | target | semmle.label | target | +| path-assignment.js:42:18:42:23 | target | semmle.label | target | +| path-assignment.js:42:25:42:27 | key | semmle.label | key | +| path-assignment.js:42:32:42:37 | target | semmle.label | target | +| path-assignment.js:42:32:42:42 | target[key] | semmle.label | target[key] | +| path-assignment.js:42:32:42:48 | target[key] \|\| {} | semmle.label | target[key] \|\| {} | +| path-assignment.js:42:39:42:41 | key | semmle.label | key | +| path-assignment.js:44:5:44:10 | target | semmle.label | target | +| path-assignment.js:44:12:44:18 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:58:13:58:25 | key | semmle.label | key | +| path-assignment.js:58:19:58:25 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:59:9:59:48 | target | semmle.label | target | +| path-assignment.js:59:18:59:23 | target | semmle.label | target | +| path-assignment.js:59:25:59:27 | key | semmle.label | key | +| path-assignment.js:59:32:59:37 | target | semmle.label | target | +| path-assignment.js:59:32:59:42 | target[key] | semmle.label | target[key] | +| path-assignment.js:59:32:59:48 | target[key] \|\| {} | semmle.label | target[key] \|\| {} | +| path-assignment.js:59:39:59:41 | key | semmle.label | key | +| path-assignment.js:61:5:61:10 | target | semmle.label | target | +| path-assignment.js:61:12:61:18 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:68:13:68:25 | key | semmle.label | key | +| path-assignment.js:68:19:68:25 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:69:9:69:48 | target | semmle.label | target | +| path-assignment.js:69:18:69:23 | target | semmle.label | target | +| path-assignment.js:69:25:69:27 | key | semmle.label | key | +| path-assignment.js:69:32:69:37 | target | semmle.label | target | +| path-assignment.js:69:32:69:42 | target[key] | semmle.label | target[key] | +| path-assignment.js:69:32:69:48 | target[key] \|\| {} | semmle.label | target[key] \|\| {} | +| path-assignment.js:69:39:69:41 | key | semmle.label | key | +| path-assignment.js:71:5:71:10 | target | semmle.label | target | +| path-assignment.js:71:12:71:18 | keys[i] | semmle.label | keys[i] | +| tests.js:3:25:3:27 | dst | semmle.label | dst | +| tests.js:3:30:3:32 | src | semmle.label | src | +| tests.js:4:14:4:16 | key | semmle.label | key | +| tests.js:6:28:6:30 | dst | semmle.label | dst | +| tests.js:6:28:6:35 | dst[key] | semmle.label | dst[key] | +| tests.js:6:32:6:34 | key | semmle.label | key | +| tests.js:6:38:6:40 | src | semmle.label | src | +| tests.js:6:38:6:45 | src[key] | semmle.label | src[key] | +| tests.js:6:42:6:44 | key | semmle.label | key | +| tests.js:8:13:8:15 | dst | semmle.label | dst | +| tests.js:8:17:8:19 | key | semmle.label | key | +| tests.js:8:24:8:26 | src | semmle.label | src | +| tests.js:8:24:8:31 | src[key] | semmle.label | src[key] | +| tests.js:8:28:8:30 | key | semmle.label | key | +| tests.js:13:24:13:26 | dst | semmle.label | dst | +| tests.js:13:29:13:31 | src | semmle.label | src | +| tests.js:14:17:14:19 | src | semmle.label | src | +| tests.js:14:30:14:32 | key | semmle.label | key | +| tests.js:16:27:16:29 | dst | semmle.label | dst | +| tests.js:16:27:16:34 | dst[key] | semmle.label | dst[key] | +| tests.js:16:31:16:33 | key | semmle.label | key | +| tests.js:16:37:16:39 | src | semmle.label | src | +| tests.js:16:37:16:44 | src[key] | semmle.label | src[key] | +| tests.js:16:41:16:43 | key | semmle.label | key | +| tests.js:18:13:18:15 | dst | semmle.label | dst | +| tests.js:18:17:18:19 | key | semmle.label | key | +| tests.js:18:24:18:26 | src | semmle.label | src | +| tests.js:18:24:18:31 | src[key] | semmle.label | src[key] | +| tests.js:18:28:18:30 | key | semmle.label | key | +| tests.js:23:19:23:21 | dst | semmle.label | dst | +| tests.js:25:18:25:20 | key | semmle.label | key | +| tests.js:26:25:26:27 | dst | semmle.label | dst | +| tests.js:26:30:26:40 | source[key] | semmle.label | source[key] | +| tests.js:26:37:26:39 | key | semmle.label | key | +| tests.js:26:43:26:45 | key | semmle.label | key | +| tests.js:31:22:31:24 | dst | semmle.label | dst | +| tests.js:31:27:31:31 | value | semmle.label | value | +| tests.js:31:34:31:36 | key | semmle.label | key | +| tests.js:32:9:32:27 | dstValue | semmle.label | dstValue | +| tests.js:32:20:32:22 | dst | semmle.label | dst | +| tests.js:32:20:32:27 | dst[key] | semmle.label | dst[key] | +| tests.js:32:24:32:26 | key | semmle.label | key | +| tests.js:34:18:34:25 | dstValue | semmle.label | dstValue | +| tests.js:36:9:36:11 | dst | semmle.label | dst | +| tests.js:36:13:36:15 | key | semmle.label | key | +| tests.js:36:20:36:24 | value | semmle.label | value | +| tests.js:40:27:40:29 | dst | semmle.label | dst | +| tests.js:40:32:40:34 | src | semmle.label | src | +| tests.js:41:14:41:16 | key | semmle.label | key | +| tests.js:44:30:44:32 | dst | semmle.label | dst | +| tests.js:44:30:44:37 | dst[key] | semmle.label | dst[key] | +| tests.js:44:34:44:36 | key | semmle.label | key | +| tests.js:44:40:44:42 | src | semmle.label | src | +| tests.js:44:40:44:47 | src[key] | semmle.label | src[key] | +| tests.js:44:44:44:46 | key | semmle.label | key | +| tests.js:46:13:46:15 | dst | semmle.label | dst | +| tests.js:46:17:46:19 | key | semmle.label | key | +| tests.js:46:24:46:26 | src | semmle.label | src | +| tests.js:46:24:46:31 | src[key] | semmle.label | src[key] | +| tests.js:46:28:46:30 | key | semmle.label | key | +| tests.js:51:26:51:28 | dst | semmle.label | dst | +| tests.js:51:31:51:33 | src | semmle.label | src | +| tests.js:52:14:52:16 | key | semmle.label | key | +| tests.js:55:29:55:31 | dst | semmle.label | dst | +| tests.js:55:29:55:36 | dst[key] | semmle.label | dst[key] | +| tests.js:55:33:55:35 | key | semmle.label | key | +| tests.js:55:39:55:41 | src | semmle.label | src | +| tests.js:55:39:55:46 | src[key] | semmle.label | src[key] | +| tests.js:55:43:55:45 | key | semmle.label | key | +| tests.js:57:13:57:15 | dst | semmle.label | dst | +| tests.js:57:17:57:19 | key | semmle.label | key | +| tests.js:57:24:57:26 | src | semmle.label | src | +| tests.js:57:24:57:31 | src[key] | semmle.label | src[key] | +| tests.js:57:28:57:30 | key | semmle.label | key | +| tests.js:62:33:62:35 | src | semmle.label | src | +| tests.js:66:41:66:43 | src | semmle.label | src | +| tests.js:66:41:66:48 | src[key] | semmle.label | src[key] | +| tests.js:68:24:68:26 | src | semmle.label | src | +| tests.js:68:24:68:31 | src[key] | semmle.label | src[key] | +| tests.js:77:27:77:29 | src | semmle.label | src | +| tests.js:81:39:81:41 | src | semmle.label | src | +| tests.js:81:39:81:46 | src[key] | semmle.label | src[key] | +| tests.js:83:28:83:30 | src | semmle.label | src | +| tests.js:83:28:83:35 | src[key] | semmle.label | src[key] | +| tests.js:89:34:89:36 | src | semmle.label | src | +| tests.js:90:14:90:16 | key | semmle.label | key | +| tests.js:94:42:94:44 | src | semmle.label | src | +| tests.js:94:42:94:49 | src[key] | semmle.label | src[key] | +| tests.js:96:17:96:19 | key | semmle.label | key | +| tests.js:96:24:96:26 | src | semmle.label | src | +| tests.js:96:24:96:31 | src[key] | semmle.label | src[key] | +| tests.js:96:28:96:30 | key | semmle.label | key | +| tests.js:101:32:101:34 | dst | semmle.label | dst | +| tests.js:101:37:101:39 | src | semmle.label | src | +| tests.js:102:14:102:16 | key | semmle.label | key | +| tests.js:107:35:107:37 | dst | semmle.label | dst | +| tests.js:107:35:107:42 | dst[key] | semmle.label | dst[key] | +| tests.js:107:39:107:41 | key | semmle.label | key | +| tests.js:107:45:107:47 | src | semmle.label | src | +| tests.js:107:45:107:52 | src[key] | semmle.label | src[key] | +| tests.js:107:49:107:51 | key | semmle.label | key | +| tests.js:109:13:109:15 | dst | semmle.label | dst | +| tests.js:109:17:109:19 | key | semmle.label | key | +| tests.js:109:24:109:26 | src | semmle.label | src | +| tests.js:109:24:109:31 | src[key] | semmle.label | src[key] | +| tests.js:109:28:109:30 | key | semmle.label | key | +| tests.js:116:41:116:43 | src | semmle.label | src | +| tests.js:117:14:117:16 | key | semmle.label | key | +| tests.js:119:49:119:51 | src | semmle.label | src | +| tests.js:119:49:119:56 | src[key] | semmle.label | src[key] | +| tests.js:121:17:121:19 | key | semmle.label | key | +| tests.js:121:24:121:26 | src | semmle.label | src | +| tests.js:121:24:121:31 | src[key] | semmle.label | src[key] | +| tests.js:121:28:121:30 | key | semmle.label | key | +| tests.js:149:31:149:33 | dst | semmle.label | dst | +| tests.js:149:36:149:38 | src | semmle.label | src | +| tests.js:150:14:150:16 | key | semmle.label | key | +| tests.js:152:22:152:24 | dst | semmle.label | dst | +| tests.js:152:27:152:29 | src | semmle.label | src | +| tests.js:152:32:152:34 | key | semmle.label | key | +| tests.js:154:13:154:15 | dst | semmle.label | dst | +| tests.js:154:17:154:19 | key | semmle.label | key | +| tests.js:154:24:154:26 | src | semmle.label | src | +| tests.js:154:24:154:31 | src[key] | semmle.label | src[key] | +| tests.js:154:28:154:30 | key | semmle.label | key | +| tests.js:159:36:159:38 | dst | semmle.label | dst | +| tests.js:159:41:159:43 | src | semmle.label | src | +| tests.js:160:26:160:28 | dst | semmle.label | dst | +| tests.js:160:31:160:33 | src | semmle.label | src | +| tests.js:160:37:160:39 | dst | semmle.label | dst | +| tests.js:160:42:160:44 | src | semmle.label | src | +| tests.js:160:47:160:49 | key | semmle.label | key | +| tests.js:161:35:161:37 | dst | semmle.label | dst | +| tests.js:161:35:161:42 | dst[key] | semmle.label | dst[key] | +| tests.js:161:39:161:41 | key | semmle.label | key | +| tests.js:161:45:161:47 | src | semmle.label | src | +| tests.js:161:45:161:52 | src[key] | semmle.label | src[key] | +| tests.js:161:49:161:51 | key | semmle.label | key | +| tests.js:165:37:165:39 | src | semmle.label | src | +| tests.js:166:14:166:16 | key | semmle.label | key | +| tests.js:169:45:169:47 | src | semmle.label | src | +| tests.js:169:45:169:52 | src[key] | semmle.label | src[key] | +| tests.js:169:49:169:51 | key | semmle.label | key | +| tests.js:171:17:171:19 | key | semmle.label | key | +| tests.js:171:24:171:26 | src | semmle.label | src | +| tests.js:171:24:171:31 | src[key] | semmle.label | src[key] | +| tests.js:171:28:171:30 | key | semmle.label | key | +| tests.js:178:33:178:35 | src | semmle.label | src | +| tests.js:182:41:182:43 | src | semmle.label | src | +| tests.js:182:41:182:48 | src[key] | semmle.label | src[key] | +| tests.js:184:24:184:26 | src | semmle.label | src | +| tests.js:184:24:184:31 | src[key] | semmle.label | src[key] | +| tests.js:189:32:189:34 | dst | semmle.label | dst | +| tests.js:189:37:189:39 | src | semmle.label | src | +| tests.js:192:13:192:25 | key | semmle.label | key | +| tests.js:192:19:192:25 | keys[i] | semmle.label | keys[i] | +| tests.js:194:35:194:37 | dst | semmle.label | dst | +| tests.js:194:35:194:42 | dst[key] | semmle.label | dst[key] | +| tests.js:194:39:194:41 | key | semmle.label | key | +| tests.js:194:45:194:47 | src | semmle.label | src | +| tests.js:194:45:194:52 | src[key] | semmle.label | src[key] | +| tests.js:194:49:194:51 | key | semmle.label | key | +| tests.js:196:13:196:15 | dst | semmle.label | dst | +| tests.js:196:17:196:19 | key | semmle.label | key | +| tests.js:196:24:196:26 | src | semmle.label | src | +| tests.js:196:24:196:31 | src[key] | semmle.label | src[key] | +| tests.js:196:28:196:30 | key | semmle.label | key | +| tests.js:201:39:201:41 | dst | semmle.label | dst | +| tests.js:201:44:201:46 | src | semmle.label | src | +| tests.js:206:42:206:44 | dst | semmle.label | dst | +| tests.js:206:42:206:53 | dst[keys[i]] | semmle.label | dst[keys[i]] | +| tests.js:206:46:206:52 | keys[i] | semmle.label | keys[i] | +| tests.js:206:56:206:58 | src | semmle.label | src | +| tests.js:206:56:206:67 | src[keys[i]] | semmle.label | src[keys[i]] | +| tests.js:206:60:206:66 | keys[i] | semmle.label | keys[i] | +| tests.js:208:13:208:15 | dst | semmle.label | dst | +| tests.js:208:17:208:23 | keys[i] | semmle.label | keys[i] | +| tests.js:208:28:208:30 | src | semmle.label | src | +| tests.js:208:28:208:39 | src[keys[i]] | semmle.label | src[keys[i]] | +| tests.js:208:32:208:38 | keys[i] | semmle.label | keys[i] | +| tests.js:213:23:213:26 | key1 | semmle.label | key1 | +| tests.js:213:29:213:32 | key2 | semmle.label | key2 | +| tests.js:213:35:213:39 | value | semmle.label | value | +| tests.js:217:5:217:13 | map[key1] | semmle.label | map[key1] | +| tests.js:217:9:217:12 | key1 | semmle.label | key1 | +| tests.js:217:15:217:18 | key2 | semmle.label | key2 | +| tests.js:217:23:217:27 | value | semmle.label | value | +| tests.js:223:14:223:16 | key | semmle.label | key | +| tests.js:224:23:224:25 | key | semmle.label | key | +| tests.js:224:33:224:41 | data[key] | semmle.label | data[key] | +| tests.js:224:38:224:40 | key | semmle.label | key | +| tests.js:225:28:225:30 | key | semmle.label | key | +| tests.js:225:33:225:41 | data[key] | semmle.label | data[key] | +| tests.js:225:38:225:40 | key | semmle.label | key | +| tests.js:229:26:229:29 | key1 | semmle.label | key1 | +| tests.js:229:32:229:35 | key2 | semmle.label | key2 | +| tests.js:229:38:229:42 | value | semmle.label | value | +| tests.js:233:5:233:13 | map[key1] | semmle.label | map[key1] | +| tests.js:233:9:233:12 | key1 | semmle.label | key1 | +| tests.js:233:15:233:18 | key2 | semmle.label | key2 | +| tests.js:233:23:233:27 | value | semmle.label | value | +| tests.js:238:14:238:16 | key | semmle.label | key | +| tests.js:239:24:239:26 | key | semmle.label | key | +| tests.js:239:34:239:42 | data[key] | semmle.label | data[key] | +| tests.js:239:39:239:41 | key | semmle.label | key | +| tests.js:240:31:240:33 | key | semmle.label | key | +| tests.js:240:36:240:44 | data[key] | semmle.label | data[key] | +| tests.js:240:41:240:43 | key | semmle.label | key | +| tests.js:263:27:263:29 | dst | semmle.label | dst | +| tests.js:265:13:265:26 | key | semmle.label | key | +| tests.js:265:19:265:26 | entry[0] | semmle.label | entry[0] | +| tests.js:266:13:266:28 | value | semmle.label | value | +| tests.js:266:21:266:28 | entry[1] | semmle.label | entry[1] | +| tests.js:268:30:268:32 | dst | semmle.label | dst | +| tests.js:268:30:268:37 | dst[key] | semmle.label | dst[key] | +| tests.js:268:34:268:36 | key | semmle.label | key | +| tests.js:270:13:270:15 | dst | semmle.label | dst | +| tests.js:270:17:270:19 | key | semmle.label | key | +| tests.js:270:24:270:28 | value | semmle.label | value | +| tests.js:275:27:275:29 | dst | semmle.label | dst | +| tests.js:275:32:275:34 | src | semmle.label | src | +| tests.js:276:21:276:23 | src | semmle.label | src | +| tests.js:276:34:276:36 | key | semmle.label | key | +| tests.js:278:30:278:32 | dst | semmle.label | dst | +| tests.js:278:30:278:37 | dst[key] | semmle.label | dst[key] | +| tests.js:278:34:278:36 | key | semmle.label | key | +| tests.js:278:40:278:42 | src | semmle.label | src | +| tests.js:278:40:278:47 | src[key] | semmle.label | src[key] | +| tests.js:278:44:278:46 | key | semmle.label | key | +| tests.js:280:13:280:15 | dst | semmle.label | dst | +| tests.js:280:17:280:19 | key | semmle.label | key | +| tests.js:280:24:280:26 | src | semmle.label | src | +| tests.js:280:24:280:31 | src[key] | semmle.label | src[key] | +| tests.js:280:28:280:30 | key | semmle.label | key | +| tests.js:301:27:301:29 | dst | semmle.label | dst | +| tests.js:301:32:301:34 | src | semmle.label | src | +| tests.js:302:14:302:16 | key | semmle.label | key | +| tests.js:304:17:304:32 | value | semmle.label | value | +| tests.js:304:17:304:32 | value | semmle.label | value | +| tests.js:304:17:304:32 | value | semmle.label | value | +| tests.js:304:25:304:27 | src | semmle.label | src | +| tests.js:304:25:304:32 | src[key] | semmle.label | src[key] | +| tests.js:304:25:304:32 | src[key] | semmle.label | src[key] | +| tests.js:304:25:304:32 | src[key] | semmle.label | src[key] | +| tests.js:304:29:304:31 | key | semmle.label | key | +| tests.js:306:34:306:36 | dst | semmle.label | dst | +| tests.js:306:34:306:41 | dst[key] | semmle.label | dst[key] | +| tests.js:306:38:306:40 | key | semmle.label | key | +| tests.js:306:44:306:48 | value | semmle.label | value | +| tests.js:306:44:306:48 | value | semmle.label | value | +| tests.js:308:17:308:19 | dst | semmle.label | dst | +| tests.js:308:21:308:23 | key | semmle.label | key | +| tests.js:308:28:308:32 | value | semmle.label | value | +| tests.js:314:31:314:33 | dst | semmle.label | dst | +| tests.js:314:36:314:38 | src | semmle.label | src | +| tests.js:315:14:315:16 | key | semmle.label | key | +| tests.js:318:17:318:32 | value | semmle.label | value | +| tests.js:318:17:318:32 | value | semmle.label | value | +| tests.js:318:17:318:32 | value | semmle.label | value | +| tests.js:318:25:318:27 | src | semmle.label | src | +| tests.js:318:25:318:32 | src[key] | semmle.label | src[key] | +| tests.js:318:25:318:32 | src[key] | semmle.label | src[key] | +| tests.js:318:25:318:32 | src[key] | semmle.label | src[key] | +| tests.js:318:29:318:31 | key | semmle.label | key | +| tests.js:320:38:320:40 | dst | semmle.label | dst | +| tests.js:320:38:320:45 | dst[key] | semmle.label | dst[key] | +| tests.js:320:42:320:44 | key | semmle.label | key | +| tests.js:320:48:320:52 | value | semmle.label | value | +| tests.js:320:48:320:52 | value | semmle.label | value | +| tests.js:322:17:322:19 | dst | semmle.label | dst | +| tests.js:322:21:322:23 | key | semmle.label | key | +| tests.js:322:28:322:32 | value | semmle.label | value | +| tests.js:328:25:328:27 | dst | semmle.label | dst | +| tests.js:328:30:328:32 | src | semmle.label | src | +| tests.js:329:14:329:16 | key | semmle.label | key | +| tests.js:336:32:336:34 | dst | semmle.label | dst | +| tests.js:336:32:336:39 | dst[key] | semmle.label | dst[key] | +| tests.js:336:36:336:38 | key | semmle.label | key | +| tests.js:336:42:336:44 | src | semmle.label | src | +| tests.js:336:42:336:49 | src[key] | semmle.label | src[key] | +| tests.js:336:46:336:48 | key | semmle.label | key | +| tests.js:338:17:338:19 | dst | semmle.label | dst | +| tests.js:338:21:338:23 | key | semmle.label | key | +| tests.js:338:28:338:30 | src | semmle.label | src | +| tests.js:338:28:338:35 | src[key] | semmle.label | src[key] | +| tests.js:338:32:338:34 | key | semmle.label | key | +| tests.js:348:32:348:37 | target | semmle.label | target | +| tests.js:348:40:348:45 | source | semmle.label | source | +| tests.js:349:26:349:31 | target | semmle.label | target | +| tests.js:349:54:349:59 | source | semmle.label | source | +| tests.js:350:21:350:26 | source | semmle.label | source | +| tests.js:350:37:350:39 | key | semmle.label | key | +| tests.js:355:17:355:22 | target | semmle.label | target | +| tests.js:355:24:355:26 | key | semmle.label | key | +| tests.js:355:31:355:86 | mergePl ... ptions) | semmle.label | mergePl ... ptions) | +| tests.js:355:53:355:58 | target | semmle.label | target | +| tests.js:355:53:355:63 | target[key] | semmle.label | target[key] | +| tests.js:355:60:355:62 | key | semmle.label | key | +| tests.js:355:66:355:71 | source | semmle.label | source | +| tests.js:355:66:355:76 | source[key] | semmle.label | source[key] | +| tests.js:357:17:357:22 | target | semmle.label | target | +| tests.js:357:24:357:26 | key | semmle.label | key | +| tests.js:357:31:357:36 | source | semmle.label | source | +| tests.js:357:31:357:41 | source[key] | semmle.label | source[key] | +| tests.js:357:38:357:40 | key | semmle.label | key | +| tests.js:361:12:361:17 | target | semmle.label | target | +| tests.js:364:41:364:46 | target | semmle.label | target | +| tests.js:364:49:364:54 | source | semmle.label | source | +| tests.js:366:18:366:20 | key | semmle.label | key | +| tests.js:371:24:371:26 | key | semmle.label | key | +| tests.js:371:31:371:95 | mergePl ... ptions) | semmle.label | mergePl ... ptions) | +| tests.js:371:62:371:72 | target[key] | semmle.label | target[key] | +| tests.js:371:69:371:71 | key | semmle.label | key | +| tests.js:371:75:371:80 | source | semmle.label | source | +| tests.js:371:75:371:85 | source[key] | semmle.label | source[key] | +| tests.js:373:24:373:26 | key | semmle.label | key | +| tests.js:373:31:373:36 | source | semmle.label | source | +| tests.js:373:31:373:41 | source[key] | semmle.label | source[key] | +| tests.js:373:38:373:40 | key | semmle.label | key | +| tests.js:377:12:377:17 | target | semmle.label | target | +| tests.js:380:22:380:24 | obj | semmle.label | obj | +| tests.js:380:27:380:34 | callback [dst] | semmle.label | callback [dst] | +| tests.js:380:27:380:34 | callback [dst] | semmle.label | callback [dst] | +| tests.js:380:27:380:34 | callback [dst] | semmle.label | callback [dst] | +| tests.js:380:27:380:34 | callback [dst] | semmle.label | callback [dst] | +| tests.js:380:27:380:34 | callback [src] | semmle.label | callback [src] | +| tests.js:381:14:381:16 | key | semmle.label | key | +| tests.js:383:13:383:20 | callback [dst] | semmle.label | callback [dst] | +| tests.js:383:13:383:20 | callback [dst] | semmle.label | callback [dst] | +| tests.js:383:13:383:20 | callback [dst] | semmle.label | callback [dst] | +| tests.js:383:13:383:20 | callback [dst] | semmle.label | callback [dst] | +| tests.js:383:13:383:20 | callback [src] | semmle.label | callback [src] | +| tests.js:383:22:383:24 | key | semmle.label | key | +| tests.js:383:27:383:29 | obj | semmle.label | obj | +| tests.js:383:27:383:34 | obj[key] | semmle.label | obj[key] | +| tests.js:383:31:383:33 | key | semmle.label | key | +| tests.js:388:29:388:31 | dst | semmle.label | dst | +| tests.js:388:29:388:31 | dst | semmle.label | dst | +| tests.js:388:34:388:36 | src | semmle.label | src | +| tests.js:389:17:389:19 | src | semmle.label | src | +| tests.js:389:22:389:24 | key | semmle.label | key | +| tests.js:391:32:391:34 | dst | semmle.label | dst | +| tests.js:391:32:391:34 | dst | semmle.label | dst | +| tests.js:391:32:391:39 | dst[key] | semmle.label | dst[key] | +| tests.js:391:32:391:39 | dst[key] | semmle.label | dst[key] | +| tests.js:391:36:391:38 | key | semmle.label | key | +| tests.js:391:42:391:44 | src | semmle.label | src | +| tests.js:391:42:391:49 | src[key] | semmle.label | src[key] | +| tests.js:391:46:391:48 | key | semmle.label | key | +| tests.js:393:13:393:15 | dst | semmle.label | dst | +| tests.js:393:17:393:19 | key | semmle.label | key | +| tests.js:393:24:393:26 | src | semmle.label | src | +| tests.js:393:24:393:31 | src[key] | semmle.label | src[key] | +| tests.js:393:28:393:30 | key | semmle.label | key | +| tests.js:398:30:398:32 | dst | semmle.label | dst | +| tests.js:398:30:398:32 | dst | semmle.label | dst | +| tests.js:398:35:398:37 | src | semmle.label | src | +| tests.js:399:17:399:19 | src | semmle.label | src | +| tests.js:399:23:399:25 | key | semmle.label | key | +| tests.js:399:28:399:32 | value | semmle.label | value | +| tests.js:401:33:401:35 | dst | semmle.label | dst | +| tests.js:401:33:401:35 | dst | semmle.label | dst | +| tests.js:401:33:401:40 | dst[key] | semmle.label | dst[key] | +| tests.js:401:33:401:40 | dst[key] | semmle.label | dst[key] | +| tests.js:401:37:401:39 | key | semmle.label | key | +| tests.js:401:43:401:47 | value | semmle.label | value | +| tests.js:403:13:403:15 | dst | semmle.label | dst | +| tests.js:403:17:403:19 | key | semmle.label | key | +| tests.js:403:24:403:28 | value | semmle.label | value | +| tests.js:408:22:408:24 | obj | semmle.label | obj | +| tests.js:408:27:408:29 | key | semmle.label | key | +| tests.js:409:12:409:14 | obj | semmle.label | obj | +| tests.js:409:12:409:19 | obj[key] | semmle.label | obj[key] | +| tests.js:409:16:409:18 | key | semmle.label | key | +| tests.js:412:31:412:33 | dst | semmle.label | dst | +| tests.js:412:36:412:38 | src | semmle.label | src | +| tests.js:413:14:413:16 | key | semmle.label | key | +| tests.js:414:13:414:41 | value | semmle.label | value | +| tests.js:414:21:414:41 | wrapped ... c, key) | semmle.label | wrapped ... c, key) | +| tests.js:414:33:414:35 | src | semmle.label | src | +| tests.js:414:38:414:40 | key | semmle.label | key | +| tests.js:415:13:415:42 | target | semmle.label | target | +| tests.js:415:22:415:42 | wrapped ... t, key) | semmle.label | wrapped ... t, key) | +| tests.js:415:34:415:36 | dst | semmle.label | dst | +| tests.js:415:39:415:41 | key | semmle.label | key | +| tests.js:417:34:417:39 | target | semmle.label | target | +| tests.js:417:42:417:46 | value | semmle.label | value | +| tests.js:419:13:419:15 | dst | semmle.label | dst | +| tests.js:419:17:419:19 | key | semmle.label | key | +| tests.js:419:24:419:28 | value | semmle.label | value | +| tests.js:424:25:424:27 | obj | semmle.label | obj | +| tests.js:424:30:424:32 | key | semmle.label | key | +| tests.js:426:12:426:14 | obj | semmle.label | obj | +| tests.js:426:12:426:19 | obj[key] | semmle.label | obj[key] | +| tests.js:426:16:426:18 | key | semmle.label | key | +| tests.js:429:34:429:36 | dst | semmle.label | dst | +| tests.js:429:39:429:41 | src | semmle.label | src | +| tests.js:430:14:430:16 | key | semmle.label | key | +| tests.js:431:13:431:44 | value | semmle.label | value | +| tests.js:431:21:431:44 | almostS ... c, key) | semmle.label | almostS ... c, key) | +| tests.js:431:36:431:38 | src | semmle.label | src | +| tests.js:431:41:431:43 | key | semmle.label | key | +| tests.js:432:13:432:45 | target | semmle.label | target | +| tests.js:432:22:432:45 | almostS ... t, key) | semmle.label | almostS ... t, key) | +| tests.js:432:37:432:39 | dst | semmle.label | dst | +| tests.js:432:42:432:44 | key | semmle.label | key | +| tests.js:434:37:434:42 | target | semmle.label | target | +| tests.js:434:45:434:49 | value | semmle.label | value | +| tests.js:436:13:436:15 | dst | semmle.label | dst | +| tests.js:436:17:436:19 | key | semmle.label | key | +| tests.js:436:24:436:28 | value | semmle.label | value | +| tests.js:441:19:441:21 | obj | semmle.label | obj | +| tests.js:443:12:443:14 | obj | semmle.label | obj | +| tests.js:443:12:443:19 | obj[key] | semmle.label | obj[key] | +| tests.js:446:33:446:35 | src | semmle.label | src | +| tests.js:447:14:447:16 | key | semmle.label | key | +| tests.js:448:13:448:38 | value | semmle.label | value | +| tests.js:448:21:448:38 | safeRead(src, key) | semmle.label | safeRead(src, key) | +| tests.js:448:30:448:32 | src | semmle.label | src | +| tests.js:451:39:451:43 | value | semmle.label | value | +| tests.js:453:17:453:19 | key | semmle.label | key | +| tests.js:453:24:453:28 | value | semmle.label | value | +| tests.js:458:26:458:28 | dst | semmle.label | dst | +| tests.js:458:31:458:33 | src | semmle.label | src | +| tests.js:460:12:460:14 | src | semmle.label | src | +| tests.js:460:18:460:22 | value | semmle.label | value | +| tests.js:460:25:460:27 | key | semmle.label | key | +| tests.js:462:29:462:31 | dst | semmle.label | dst | +| tests.js:462:29:462:36 | dst[key] | semmle.label | dst[key] | +| tests.js:462:33:462:35 | key | semmle.label | key | +| tests.js:462:39:462:41 | src | semmle.label | src | +| tests.js:462:39:462:46 | src[key] | semmle.label | src[key] | +| tests.js:462:43:462:45 | key | semmle.label | key | +| tests.js:465:30:465:32 | dst | semmle.label | dst | +| tests.js:465:34:465:36 | key | semmle.label | key | +| tests.js:465:41:465:43 | src | semmle.label | src | +| tests.js:465:41:465:48 | src[key] | semmle.label | src[key] | +| tests.js:465:45:465:47 | key | semmle.label | key | +| tests.js:466:30:466:32 | dst | semmle.label | dst | +| tests.js:466:34:466:36 | key | semmle.label | key | +| tests.js:466:41:466:46 | o[key] | semmle.label | o[key] | +| tests.js:466:43:466:45 | key | semmle.label | key | +| tests.js:467:30:467:32 | dst | semmle.label | dst | +| tests.js:467:34:467:36 | key | semmle.label | key | +| tests.js:467:41:467:45 | value | semmle.label | value | +| tests.js:472:38:472:40 | dst | semmle.label | dst | +| tests.js:473:18:473:22 | value | semmle.label | value | +| tests.js:473:25:473:27 | key | semmle.label | key | +| tests.js:475:41:475:43 | dst | semmle.label | dst | +| tests.js:475:41:475:48 | dst[key] | semmle.label | dst[key] | +| tests.js:475:45:475:47 | key | semmle.label | key | +| tests.js:477:13:477:15 | dst | semmle.label | dst | +| tests.js:477:17:477:19 | key | semmle.label | key | +| tests.js:477:24:477:28 | value | semmle.label | value | +| tests.js:483:26:483:28 | dst | semmle.label | dst | +| tests.js:483:31:483:33 | src | semmle.label | src | +| tests.js:483:31:483:33 | src | semmle.label | src | +| tests.js:484:14:484:16 | key | semmle.label | key | +| tests.js:487:29:487:31 | dst | semmle.label | dst | +| tests.js:487:29:487:36 | dst[key] | semmle.label | dst[key] | +| tests.js:487:33:487:35 | key | semmle.label | key | +| tests.js:487:39:487:41 | src | semmle.label | src | +| tests.js:487:39:487:46 | src[key] | semmle.label | src[key] | +| tests.js:487:39:487:46 | src[key] | semmle.label | src[key] | +| tests.js:487:39:487:46 | src[key] | semmle.label | src[key] | +| tests.js:487:43:487:45 | key | semmle.label | key | +| tests.js:489:13:489:15 | dst | semmle.label | dst | +| tests.js:489:17:489:19 | key | semmle.label | key | +| tests.js:489:24:489:26 | src | semmle.label | src | +| tests.js:489:24:489:31 | src[key] | semmle.label | src[key] | +| tests.js:489:28:489:30 | key | semmle.label | key | +| tests.js:494:32:494:34 | src | semmle.label | src | +| tests.js:495:14:495:16 | key | semmle.label | key | +| tests.js:498:13:498:28 | value | semmle.label | value | +| tests.js:498:13:498:28 | value | semmle.label | value | +| tests.js:498:13:498:28 | value | semmle.label | value | +| tests.js:498:21:498:23 | src | semmle.label | src | +| tests.js:498:21:498:28 | src[key] | semmle.label | src[key] | +| tests.js:498:21:498:28 | src[key] | semmle.label | src[key] | +| tests.js:498:21:498:28 | src[key] | semmle.label | src[key] | +| tests.js:498:25:498:27 | key | semmle.label | key | +| tests.js:500:38:500:42 | value | semmle.label | value | +| tests.js:500:38:500:42 | value | semmle.label | value | +| tests.js:502:17:502:19 | key | semmle.label | key | +| tests.js:502:24:502:28 | value | semmle.label | value | +| tests.js:508:30:508:32 | dst | semmle.label | dst | +| tests.js:508:35:508:37 | src | semmle.label | src | +| tests.js:511:13:511:25 | key | semmle.label | key | +| tests.js:511:19:511:25 | keys[i] | semmle.label | keys[i] | +| tests.js:513:33:513:35 | dst | semmle.label | dst | +| tests.js:513:33:513:40 | dst[key] | semmle.label | dst[key] | +| tests.js:513:37:513:39 | key | semmle.label | key | +| tests.js:513:43:513:45 | src | semmle.label | src | +| tests.js:513:43:513:50 | src[key] | semmle.label | src[key] | +| tests.js:513:47:513:49 | key | semmle.label | key | +| tests.js:516:32:516:34 | src | semmle.label | src | +| tests.js:516:32:516:39 | src[key] | semmle.label | src[key] | +| tests.js:516:36:516:38 | key | semmle.label | key | +| tests.js:517:35:517:37 | dst | semmle.label | dst | +| tests.js:517:40:517:42 | key | semmle.label | key | +| tests.js:525:14:525:16 | key | semmle.label | key | +| tests.js:529:17:529:19 | key | semmle.label | key | +| tests.js:529:24:529:31 | src[key] | semmle.label | src[key] | +| tests.js:529:28:529:30 | key | semmle.label | key | +| tests.js:534:31:534:33 | obj | semmle.label | obj | +| tests.js:534:36:534:43 | callback [dst] | semmle.label | callback [dst] | +| tests.js:538:9:538:16 | callback [dst] | semmle.label | callback [dst] | +| tests.js:538:18:538:24 | keys[i] | semmle.label | keys[i] | +| tests.js:538:27:538:29 | obj | semmle.label | obj | +| tests.js:538:27:538:38 | obj[keys[i]] | semmle.label | obj[keys[i]] | +| tests.js:538:31:538:37 | keys[i] | semmle.label | keys[i] | +| tests.js:542:30:542:32 | dst | semmle.label | dst | +| tests.js:542:35:542:37 | src | semmle.label | src | +| tests.js:543:26:543:28 | src | semmle.label | src | +| tests.js:543:32:543:34 | key | semmle.label | key | +| tests.js:543:37:543:41 | value | semmle.label | value | +| tests.js:545:33:545:35 | dst | semmle.label | dst | +| tests.js:545:33:545:40 | dst[key] | semmle.label | dst[key] | +| tests.js:545:37:545:39 | key | semmle.label | key | +| tests.js:545:43:545:47 | value | semmle.label | value | +| tests.js:547:13:547:15 | dst | semmle.label | dst | +| tests.js:547:17:547:19 | key | semmle.label | key | +| tests.js:547:24:547:28 | value | semmle.label | value | +| tests.js:552:35:552:37 | src | semmle.label | src | +| tests.js:553:14:553:16 | key | semmle.label | key | +| tests.js:557:43:557:45 | src | semmle.label | src | +| tests.js:557:43:557:50 | src[key] | semmle.label | src[key] | +| tests.js:559:17:559:19 | key | semmle.label | key | +| tests.js:559:24:559:26 | src | semmle.label | src | +| tests.js:559:24:559:31 | src[key] | semmle.label | src[key] | +| tests.js:559:28:559:30 | key | semmle.label | key | +| tests.js:564:35:564:37 | src | semmle.label | src | +| tests.js:565:14:565:16 | key | semmle.label | key | +| tests.js:569:43:569:45 | src | semmle.label | src | +| tests.js:569:43:569:50 | src[key] | semmle.label | src[key] | +| tests.js:571:17:571:19 | key | semmle.label | key | +| tests.js:571:24:571:26 | src | semmle.label | src | +| tests.js:571:24:571:31 | src[key] | semmle.label | src[key] | +| tests.js:571:28:571:30 | key | semmle.label | key | +| tests.js:576:30:576:32 | src | semmle.label | src | +| tests.js:577:14:577:16 | key | semmle.label | key | +| tests.js:580:38:580:40 | src | semmle.label | src | +| tests.js:580:38:580:45 | src[key] | semmle.label | src[key] | +| tests.js:582:17:582:19 | key | semmle.label | key | +| tests.js:582:24:582:26 | src | semmle.label | src | +| tests.js:582:24:582:31 | src[key] | semmle.label | src[key] | +| tests.js:582:28:582:30 | key | semmle.label | key | +| tests.js:591:25:591:27 | obj | semmle.label | obj | +| tests.js:592:7:592:9 | obj | semmle.label | obj | +| tests.js:592:21:592:23 | obj | semmle.label | obj | +| tests.js:593:10:593:12 | obj | semmle.label | obj | +| tests.js:600:31:600:34 | dest | semmle.label | dest | +| tests.js:600:37:600:42 | source | semmle.label | source | +| tests.js:601:16:601:18 | key | semmle.label | key | +| tests.js:603:34:603:37 | dest | semmle.label | dest | +| tests.js:603:34:603:42 | dest[key] | semmle.label | dest[key] | +| tests.js:603:39:603:41 | key | semmle.label | key | +| tests.js:603:45:603:50 | source | semmle.label | source | +| tests.js:603:45:603:55 | source[key] | semmle.label | source[key] | +| tests.js:603:52:603:54 | key | semmle.label | key | +| tests.js:605:13:605:16 | dest | semmle.label | dest | +| tests.js:605:18:605:20 | key | semmle.label | key | +| tests.js:605:25:605:51 | capture ... e[key]) | semmle.label | capture ... e[key]) | +| tests.js:605:40:605:45 | source | semmle.label | source | +| tests.js:605:40:605:50 | source[key] | semmle.label | source[key] | +| tests.js:605:47:605:49 | key | semmle.label | key | edges | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:5:19:5:21 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:5:19:5:21 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | | examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:7:24:7:26 | src | | examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:7:24:7:26 | src | | examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | | examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | | examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | | examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | | examples/PrototypePollutingFunction.js:5:19:5:21 | dst | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:5:23:5:25 | key | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | | examples/PrototypePollutingFunction.js:5:23:5:25 | key | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | | examples/PrototypePollutingFunction.js:5:29:5:31 | src | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:31 | src | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | | examples/PrototypePollutingFunction.js:5:33:5:35 | key | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:33:5:35 | key | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | | examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | | examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | | examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | | examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | | examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | | examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | | examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | | examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | | examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | | examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:13:29:13:31 | key | | path-assignment.js:8:13:8:25 | key | path-assignment.js:13:29:13:31 | key | | path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | -| path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | -| path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | -| path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | | path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | | path-assignment.js:13:13:13:32 | target | path-assignment.js:13:22:13:27 | target | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:13:22:13:27 | target | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | | path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | | path-assignment.js:13:22:13:27 | target | path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:13:22:13:27 | target | path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:13:22:13:32 | target[key] | path-assignment.js:13:13:13:32 | target | | path-assignment.js:13:22:13:32 | target[key] | path-assignment.js:13:13:13:32 | target | | path-assignment.js:13:29:13:31 | key | path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:13:29:13:31 | key | path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | | path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | | path-assignment.js:41:13:41:25 | key | path-assignment.js:42:39:42:41 | key | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:39:42:41 | key | -| path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | | path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | -| path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | -| path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | | path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:32:42:37 | target | | path-assignment.js:42:9:42:48 | target | path-assignment.js:42:32:42:37 | target | | path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | -| path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | path-assignment.js:42:9:42:48 | target | -| path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | path-assignment.js:42:9:42:48 | target | -| path-assignment.js:42:32:42:37 | target | path-assignment.js:42:32:42:42 | target[key] | | path-assignment.js:42:32:42:37 | target | path-assignment.js:42:32:42:42 | target[key] | +| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:9:42:48 | target | | path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:48 | target[key] \|\| {} | path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | -| path-assignment.js:42:32:42:48 | target[key] \|\| {} | path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | -| path-assignment.js:42:39:42:41 | key | path-assignment.js:42:32:42:42 | target[key] | | path-assignment.js:42:39:42:41 | key | path-assignment.js:42:32:42:42 | target[key] | -| path-assignment.js:44:12:44:18 | keys[i] | path-assignment.js:44:12:44:18 | keys[i] | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | | path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:39:59:41 | key | | path-assignment.js:58:13:58:25 | key | path-assignment.js:59:39:59:41 | key | | path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | -| path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | -| path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | -| path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | | path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | | path-assignment.js:59:9:59:48 | target | path-assignment.js:59:32:59:37 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:32:59:37 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | | path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | -| path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | path-assignment.js:59:9:59:48 | target | -| path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | path-assignment.js:59:9:59:48 | target | | path-assignment.js:59:32:59:37 | target | path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:59:32:59:37 | target | path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | +| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:9:59:48 | target | | path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:32:59:48 | target[key] \|\| {} | path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | -| path-assignment.js:59:32:59:48 | target[key] \|\| {} | path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | | path-assignment.js:59:39:59:41 | key | path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:59:39:59:41 | key | path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:61:12:61:18 | keys[i] | path-assignment.js:61:12:61:18 | keys[i] | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | | path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | | path-assignment.js:68:13:68:25 | key | path-assignment.js:69:39:69:41 | key | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:39:69:41 | key | -| path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | -| path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | -| path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | | path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | | path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:32:69:37 | target | | path-assignment.js:69:9:69:48 | target | path-assignment.js:69:32:69:37 | target | | path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | -| path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | path-assignment.js:69:9:69:48 | target | -| path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | path-assignment.js:69:9:69:48 | target | -| path-assignment.js:69:32:69:37 | target | path-assignment.js:69:32:69:42 | target[key] | | path-assignment.js:69:32:69:37 | target | path-assignment.js:69:32:69:42 | target[key] | +| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:9:69:48 | target | | path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:48 | target[key] \|\| {} | path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | -| path-assignment.js:69:32:69:48 | target[key] \|\| {} | path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | -| path-assignment.js:69:39:69:41 | key | path-assignment.js:69:32:69:42 | target[key] | | path-assignment.js:69:39:69:41 | key | path-assignment.js:69:32:69:42 | target[key] | -| path-assignment.js:71:12:71:18 | keys[i] | path-assignment.js:71:12:71:18 | keys[i] | | tests.js:3:25:3:27 | dst | tests.js:6:28:6:30 | dst | -| tests.js:3:25:3:27 | dst | tests.js:6:28:6:30 | dst | -| tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | -| tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | -| tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | | tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | | tests.js:3:30:3:32 | src | tests.js:6:38:6:40 | src | -| tests.js:3:30:3:32 | src | tests.js:6:38:6:40 | src | -| tests.js:3:30:3:32 | src | tests.js:8:24:8:26 | src | | tests.js:3:30:3:32 | src | tests.js:8:24:8:26 | src | | tests.js:4:14:4:16 | key | tests.js:6:32:6:34 | key | -| tests.js:4:14:4:16 | key | tests.js:6:32:6:34 | key | -| tests.js:4:14:4:16 | key | tests.js:6:32:6:34 | key | -| tests.js:4:14:4:16 | key | tests.js:6:32:6:34 | key | -| tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | -| tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | -| tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | | tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | | tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | -| tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | | tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | -| tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | -| tests.js:6:28:6:30 | dst | tests.js:6:28:6:35 | dst[key] | | tests.js:6:28:6:30 | dst | tests.js:6:28:6:35 | dst[key] | | tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | -| tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | -| tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | -| tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | -| tests.js:6:32:6:34 | key | tests.js:6:28:6:35 | dst[key] | | tests.js:6:32:6:34 | key | tests.js:6:28:6:35 | dst[key] | | tests.js:6:38:6:40 | src | tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:40 | src | tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | | tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | | tests.js:6:42:6:44 | key | tests.js:6:38:6:45 | src[key] | -| tests.js:6:42:6:44 | key | tests.js:6:38:6:45 | src[key] | -| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | | tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | tests.js:8:24:8:31 | src[key] | | tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | -| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | -| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | -| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | -| tests.js:13:24:13:26 | dst | tests.js:16:27:16:29 | dst | | tests.js:13:24:13:26 | dst | tests.js:16:27:16:29 | dst | | tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | -| tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | -| tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | -| tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | -| tests.js:13:29:13:31 | src | tests.js:16:37:16:39 | src | -| tests.js:13:29:13:31 | src | tests.js:16:37:16:39 | src | -| tests.js:13:29:13:31 | src | tests.js:18:24:18:26 | src | -| tests.js:13:29:13:31 | src | tests.js:18:24:18:26 | src | -| tests.js:14:30:14:32 | key | tests.js:16:31:16:33 | key | +| tests.js:13:29:13:31 | src | tests.js:14:17:14:19 | src | +| tests.js:14:17:14:19 | src | tests.js:16:37:16:39 | src | +| tests.js:14:17:14:19 | src | tests.js:18:24:18:26 | src | | tests.js:14:30:14:32 | key | tests.js:16:31:16:33 | key | -| tests.js:14:30:14:32 | key | tests.js:16:31:16:33 | key | -| tests.js:14:30:14:32 | key | tests.js:16:31:16:33 | key | -| tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | -| tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | | tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | -| tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | | tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | -| tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | -| tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | | tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | | tests.js:16:27:16:29 | dst | tests.js:16:27:16:34 | dst[key] | -| tests.js:16:27:16:29 | dst | tests.js:16:27:16:34 | dst[key] | -| tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | -| tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | -| tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | | tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | | tests.js:16:31:16:33 | key | tests.js:16:27:16:34 | dst[key] | -| tests.js:16:31:16:33 | key | tests.js:16:27:16:34 | dst[key] | -| tests.js:16:37:16:39 | src | tests.js:16:37:16:44 | src[key] | | tests.js:16:37:16:39 | src | tests.js:16:37:16:44 | src[key] | | tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:41:16:43 | key | tests.js:16:37:16:44 | src[key] | | tests.js:16:41:16:43 | key | tests.js:16:37:16:44 | src[key] | | tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | tests.js:18:24:18:31 | src[key] | -| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | -| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | -| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | | tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | | tests.js:23:19:23:21 | dst | tests.js:26:25:26:27 | dst | -| tests.js:23:19:23:21 | dst | tests.js:26:25:26:27 | dst | -| tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | -| tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | -| tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | | tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | | tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | -| tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | -| tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | -| tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | -| tests.js:26:25:26:27 | dst | tests.js:31:22:31:24 | dst | | tests.js:26:25:26:27 | dst | tests.js:31:22:31:24 | dst | | tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | -| tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | -| tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | -| tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | -| tests.js:26:37:26:39 | key | tests.js:26:30:26:40 | source[key] | | tests.js:26:37:26:39 | key | tests.js:26:30:26:40 | source[key] | | tests.js:26:43:26:45 | key | tests.js:31:34:31:36 | key | -| tests.js:26:43:26:45 | key | tests.js:31:34:31:36 | key | -| tests.js:31:22:31:24 | dst | tests.js:32:20:32:22 | dst | | tests.js:31:22:31:24 | dst | tests.js:32:20:32:22 | dst | | tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | -| tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | -| tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | -| tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | -| tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | -| tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | -| tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | | tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | | tests.js:31:34:31:36 | key | tests.js:32:24:32:26 | key | -| tests.js:31:34:31:36 | key | tests.js:32:24:32:26 | key | -| tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | -| tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | -| tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | | tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | | tests.js:32:9:32:27 | dstValue | tests.js:34:18:34:25 | dstValue | -| tests.js:32:9:32:27 | dstValue | tests.js:34:18:34:25 | dstValue | -| tests.js:32:20:32:22 | dst | tests.js:32:20:32:27 | dst[key] | | tests.js:32:20:32:22 | dst | tests.js:32:20:32:27 | dst[key] | | tests.js:32:20:32:27 | dst[key] | tests.js:32:9:32:27 | dstValue | -| tests.js:32:20:32:27 | dst[key] | tests.js:32:9:32:27 | dstValue | -| tests.js:32:24:32:26 | key | tests.js:32:20:32:27 | dst[key] | | tests.js:32:24:32:26 | key | tests.js:32:20:32:27 | dst[key] | | tests.js:34:18:34:25 | dstValue | tests.js:23:19:23:21 | dst | -| tests.js:34:18:34:25 | dstValue | tests.js:23:19:23:21 | dst | | tests.js:40:27:40:29 | dst | tests.js:44:30:44:32 | dst | | tests.js:40:27:40:29 | dst | tests.js:46:13:46:15 | dst | -| tests.js:40:27:40:29 | dst | tests.js:46:13:46:15 | dst | | tests.js:40:32:40:34 | src | tests.js:44:40:44:42 | src | -| tests.js:40:32:40:34 | src | tests.js:44:40:44:42 | src | -| tests.js:40:32:40:34 | src | tests.js:46:24:46:26 | src | | tests.js:40:32:40:34 | src | tests.js:46:24:46:26 | src | | tests.js:41:14:41:16 | key | tests.js:44:34:44:36 | key | -| tests.js:41:14:41:16 | key | tests.js:44:34:44:36 | key | -| tests.js:41:14:41:16 | key | tests.js:44:44:44:46 | key | | tests.js:41:14:41:16 | key | tests.js:44:44:44:46 | key | | tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | -| tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | -| tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | -| tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | -| tests.js:41:14:41:16 | key | tests.js:46:28:46:30 | key | | tests.js:41:14:41:16 | key | tests.js:46:28:46:30 | key | | tests.js:44:30:44:32 | dst | tests.js:44:30:44:37 | dst[key] | | tests.js:44:30:44:37 | dst[key] | tests.js:40:27:40:29 | dst | -| tests.js:44:30:44:37 | dst[key] | tests.js:40:27:40:29 | dst | | tests.js:44:34:44:36 | key | tests.js:44:30:44:37 | dst[key] | | tests.js:44:40:44:42 | src | tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:42 | src | tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | | tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | | tests.js:44:44:44:46 | key | tests.js:44:40:44:47 | src[key] | | tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | tests.js:46:24:46:31 | src[key] | -| tests.js:46:28:46:30 | key | tests.js:46:24:46:31 | src[key] | | tests.js:46:28:46:30 | key | tests.js:46:24:46:31 | src[key] | | tests.js:51:26:51:28 | dst | tests.js:55:29:55:31 | dst | | tests.js:51:26:51:28 | dst | tests.js:57:13:57:15 | dst | -| tests.js:51:26:51:28 | dst | tests.js:57:13:57:15 | dst | | tests.js:51:31:51:33 | src | tests.js:55:39:55:41 | src | -| tests.js:51:31:51:33 | src | tests.js:55:39:55:41 | src | -| tests.js:51:31:51:33 | src | tests.js:57:24:57:26 | src | | tests.js:51:31:51:33 | src | tests.js:57:24:57:26 | src | | tests.js:52:14:52:16 | key | tests.js:55:33:55:35 | key | -| tests.js:52:14:52:16 | key | tests.js:55:33:55:35 | key | -| tests.js:52:14:52:16 | key | tests.js:55:43:55:45 | key | | tests.js:52:14:52:16 | key | tests.js:55:43:55:45 | key | | tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | -| tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | -| tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | -| tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | -| tests.js:52:14:52:16 | key | tests.js:57:28:57:30 | key | | tests.js:52:14:52:16 | key | tests.js:57:28:57:30 | key | | tests.js:55:29:55:31 | dst | tests.js:55:29:55:36 | dst[key] | | tests.js:55:29:55:36 | dst[key] | tests.js:51:26:51:28 | dst | -| tests.js:55:29:55:36 | dst[key] | tests.js:51:26:51:28 | dst | | tests.js:55:33:55:35 | key | tests.js:55:29:55:36 | dst[key] | | tests.js:55:39:55:41 | src | tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:41 | src | tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | | tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | | tests.js:55:43:55:45 | key | tests.js:55:39:55:46 | src[key] | | tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | tests.js:57:24:57:31 | src[key] | -| tests.js:57:28:57:30 | key | tests.js:57:24:57:31 | src[key] | | tests.js:57:28:57:30 | key | tests.js:57:24:57:31 | src[key] | | tests.js:62:33:62:35 | src | tests.js:66:41:66:43 | src | -| tests.js:62:33:62:35 | src | tests.js:66:41:66:43 | src | -| tests.js:62:33:62:35 | src | tests.js:68:24:68:26 | src | | tests.js:62:33:62:35 | src | tests.js:68:24:68:26 | src | | tests.js:66:41:66:43 | src | tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:43 | src | tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | | tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | | tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | tests.js:68:24:68:31 | src[key] | -| tests.js:77:27:77:29 | src | tests.js:81:39:81:41 | src | | tests.js:77:27:77:29 | src | tests.js:81:39:81:41 | src | | tests.js:77:27:77:29 | src | tests.js:83:28:83:30 | src | -| tests.js:77:27:77:29 | src | tests.js:83:28:83:30 | src | | tests.js:81:39:81:41 | src | tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:41 | src | tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | | tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | | tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | tests.js:83:28:83:35 | src[key] | -| tests.js:89:34:89:36 | src | tests.js:94:42:94:44 | src | | tests.js:89:34:89:36 | src | tests.js:94:42:94:44 | src | | tests.js:89:34:89:36 | src | tests.js:96:24:96:26 | src | -| tests.js:89:34:89:36 | src | tests.js:96:24:96:26 | src | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | | tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | -| tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | | tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | -| tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | -| tests.js:94:42:94:44 | src | tests.js:94:42:94:49 | src[key] | | tests.js:94:42:94:44 | src | tests.js:94:42:94:49 | src[key] | | tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | | tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | tests.js:96:24:96:31 | src[key] | -| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | -| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | -| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | | tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | | tests.js:101:32:101:34 | dst | tests.js:107:35:107:37 | dst | -| tests.js:101:32:101:34 | dst | tests.js:107:35:107:37 | dst | -| tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | -| tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | -| tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | | tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | | tests.js:101:37:101:39 | src | tests.js:107:45:107:47 | src | -| tests.js:101:37:101:39 | src | tests.js:107:45:107:47 | src | -| tests.js:101:37:101:39 | src | tests.js:109:24:109:26 | src | | tests.js:101:37:101:39 | src | tests.js:109:24:109:26 | src | | tests.js:102:14:102:16 | key | tests.js:107:39:107:41 | key | -| tests.js:102:14:102:16 | key | tests.js:107:39:107:41 | key | -| tests.js:102:14:102:16 | key | tests.js:107:39:107:41 | key | -| tests.js:102:14:102:16 | key | tests.js:107:39:107:41 | key | -| tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | | tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | -| tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | -| tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | | tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | -| tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | -| tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | | tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | | tests.js:107:35:107:37 | dst | tests.js:107:35:107:42 | dst[key] | -| tests.js:107:35:107:37 | dst | tests.js:107:35:107:42 | dst[key] | -| tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | -| tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | -| tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | | tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | | tests.js:107:39:107:41 | key | tests.js:107:35:107:42 | dst[key] | -| tests.js:107:39:107:41 | key | tests.js:107:35:107:42 | dst[key] | -| tests.js:107:45:107:47 | src | tests.js:107:45:107:52 | src[key] | | tests.js:107:45:107:47 | src | tests.js:107:45:107:52 | src[key] | | tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | | tests.js:107:49:107:51 | key | tests.js:107:45:107:52 | src[key] | -| tests.js:107:49:107:51 | key | tests.js:107:45:107:52 | src[key] | -| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | | tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | tests.js:109:24:109:31 | src[key] | | tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | -| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | -| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | -| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | -| tests.js:116:41:116:43 | src | tests.js:119:49:119:51 | src | | tests.js:116:41:116:43 | src | tests.js:119:49:119:51 | src | | tests.js:116:41:116:43 | src | tests.js:121:24:121:26 | src | -| tests.js:116:41:116:43 | src | tests.js:121:24:121:26 | src | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | | tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | | tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | -| tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | -| tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | -| tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | -| tests.js:119:49:119:51 | src | tests.js:119:49:119:56 | src[key] | | tests.js:119:49:119:51 | src | tests.js:119:49:119:56 | src[key] | | tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | | tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | tests.js:121:24:121:31 | src[key] | | tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | -| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | -| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | -| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | -| tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | | tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | -| tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | -| tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | | tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | -| tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | | tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | -| tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | -| tests.js:149:36:149:38 | src | tests.js:154:24:154:26 | src | -| tests.js:149:36:149:38 | src | tests.js:154:24:154:26 | src | -| tests.js:149:36:149:38 | src | tests.js:154:24:154:26 | src | | tests.js:149:36:149:38 | src | tests.js:154:24:154:26 | src | | tests.js:150:14:150:16 | key | tests.js:152:32:152:34 | key | -| tests.js:150:14:150:16 | key | tests.js:152:32:152:34 | key | -| tests.js:150:14:150:16 | key | tests.js:152:32:152:34 | key | -| tests.js:150:14:150:16 | key | tests.js:152:32:152:34 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | | tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:28:154:30 | key | -| tests.js:150:14:150:16 | key | tests.js:154:28:154:30 | key | | tests.js:150:14:150:16 | key | tests.js:154:28:154:30 | key | -| tests.js:150:14:150:16 | key | tests.js:154:28:154:30 | key | -| tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | -| tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | -| tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | | tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | | tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | -| tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | -| tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | -| tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | -| tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | | tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | -| tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | -| tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | | tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | tests.js:154:24:154:31 | src[key] | -| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | -| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | | tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | -| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | -| tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | -| tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | -| tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | | tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | | tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | -| tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | -| tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | -| tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | -| tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | | tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | -| tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | -| tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | -| tests.js:160:26:160:28 | dst | tests.js:160:37:160:39 | dst | -| tests.js:160:26:160:28 | dst | tests.js:160:37:160:39 | dst | -| tests.js:160:26:160:28 | dst | tests.js:160:37:160:39 | dst | -| tests.js:160:26:160:28 | dst | tests.js:160:37:160:39 | dst | -| tests.js:160:31:160:33 | src | tests.js:149:36:149:38 | src | | tests.js:160:31:160:33 | src | tests.js:149:36:149:38 | src | -| tests.js:160:31:160:33 | src | tests.js:149:36:149:38 | src | -| tests.js:160:31:160:33 | src | tests.js:149:36:149:38 | src | -| tests.js:160:31:160:33 | src | tests.js:160:42:160:44 | src | -| tests.js:160:31:160:33 | src | tests.js:160:42:160:44 | src | -| tests.js:160:31:160:33 | src | tests.js:160:42:160:44 | src | -| tests.js:160:31:160:33 | src | tests.js:160:42:160:44 | src | -| tests.js:160:37:160:39 | dst | tests.js:161:35:161:37 | dst | -| tests.js:160:37:160:39 | dst | tests.js:161:35:161:37 | dst | | tests.js:160:37:160:39 | dst | tests.js:161:35:161:37 | dst | -| tests.js:160:37:160:39 | dst | tests.js:161:35:161:37 | dst | -| tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | -| tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | -| tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | | tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | | tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | -| tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | -| tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | -| tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | -| tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | | tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | -| tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | -| tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | -| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | | tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | -| tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | | tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | -| tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | -| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | | tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | | tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | | tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | -| tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | -| tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | -| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | -| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | -| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | | tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | | tests.js:165:37:165:39 | src | tests.js:169:45:169:47 | src | -| tests.js:165:37:165:39 | src | tests.js:169:45:169:47 | src | -| tests.js:165:37:165:39 | src | tests.js:171:24:171:26 | src | | tests.js:165:37:165:39 | src | tests.js:171:24:171:26 | src | | tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | -| tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | -| tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | -| tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | | tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | -| tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | | tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | -| tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | -| tests.js:169:45:169:47 | src | tests.js:169:45:169:52 | src[key] | | tests.js:169:45:169:47 | src | tests.js:169:45:169:52 | src[key] | | tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:49:169:51 | key | tests.js:169:45:169:52 | src[key] | | tests.js:169:49:169:51 | key | tests.js:169:45:169:52 | src[key] | | tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | tests.js:171:24:171:31 | src[key] | -| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | -| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | -| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | | tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | | tests.js:178:33:178:35 | src | tests.js:182:41:182:43 | src | -| tests.js:178:33:178:35 | src | tests.js:182:41:182:43 | src | -| tests.js:178:33:178:35 | src | tests.js:184:24:184:26 | src | | tests.js:178:33:178:35 | src | tests.js:184:24:184:26 | src | | tests.js:182:41:182:43 | src | tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:43 | src | tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | | tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | | tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | tests.js:184:24:184:31 | src[key] | -| tests.js:189:32:189:34 | dst | tests.js:194:35:194:37 | dst | | tests.js:189:32:189:34 | dst | tests.js:194:35:194:37 | dst | | tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | -| tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | -| tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | -| tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | -| tests.js:189:37:189:39 | src | tests.js:194:45:194:47 | src | | tests.js:189:37:189:39 | src | tests.js:194:45:194:47 | src | | tests.js:189:37:189:39 | src | tests.js:196:24:196:26 | src | -| tests.js:189:37:189:39 | src | tests.js:196:24:196:26 | src | | tests.js:192:13:192:25 | key | tests.js:194:39:194:41 | key | -| tests.js:192:13:192:25 | key | tests.js:194:39:194:41 | key | -| tests.js:192:13:192:25 | key | tests.js:194:49:194:51 | key | | tests.js:192:13:192:25 | key | tests.js:194:49:194:51 | key | | tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | -| tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | -| tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | -| tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | -| tests.js:192:13:192:25 | key | tests.js:196:28:196:30 | key | | tests.js:192:13:192:25 | key | tests.js:196:28:196:30 | key | | tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | -| tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | -| tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | -| tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | -| tests.js:194:35:194:37 | dst | tests.js:194:35:194:42 | dst[key] | | tests.js:194:35:194:37 | dst | tests.js:194:35:194:42 | dst[key] | | tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | -| tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | -| tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | -| tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | -| tests.js:194:39:194:41 | key | tests.js:194:35:194:42 | dst[key] | | tests.js:194:39:194:41 | key | tests.js:194:35:194:42 | dst[key] | | tests.js:194:45:194:47 | src | tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:47 | src | tests.js:194:45:194:52 | src[key] | | tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:49:194:51 | key | tests.js:194:45:194:52 | src[key] | | tests.js:194:49:194:51 | key | tests.js:194:45:194:52 | src[key] | | tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | tests.js:196:24:196:31 | src[key] | -| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | -| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | -| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | | tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | | tests.js:201:39:201:41 | dst | tests.js:206:42:206:44 | dst | -| tests.js:201:39:201:41 | dst | tests.js:206:42:206:44 | dst | -| tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | -| tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | | tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | -| tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | -| tests.js:201:44:201:46 | src | tests.js:206:56:206:58 | src | | tests.js:201:44:201:46 | src | tests.js:206:56:206:58 | src | | tests.js:201:44:201:46 | src | tests.js:208:28:208:30 | src | -| tests.js:201:44:201:46 | src | tests.js:208:28:208:30 | src | -| tests.js:206:42:206:44 | dst | tests.js:206:42:206:53 | dst[keys[i]] | | tests.js:206:42:206:44 | dst | tests.js:206:42:206:53 | dst[keys[i]] | | tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | -| tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | -| tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | -| tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | -| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | | tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | | tests.js:206:56:206:58 | src | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:58 | src | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | | tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | | tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:208:17:208:23 | keys[i] | tests.js:208:17:208:23 | keys[i] | | tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | | tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:213:23:213:26 | key1 | tests.js:217:9:217:12 | key1 | | tests.js:213:23:213:26 | key1 | tests.js:217:9:217:12 | key1 | | tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | -| tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | -| tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | -| tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | -| tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | -| tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | | tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | -| tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | -| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | -| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | -| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | | tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | | tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | -| tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | -| tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | -| tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | -| tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | | tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | -| tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | -| tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | -| tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | | tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | -| tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | -| tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | -| tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | -| tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | | tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | -| tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | -| tests.js:224:23:224:25 | key | tests.js:213:23:213:26 | key1 | | tests.js:224:23:224:25 | key | tests.js:213:23:213:26 | key1 | | tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:224:38:224:40 | key | tests.js:224:33:224:41 | data[key] | | tests.js:224:38:224:40 | key | tests.js:224:33:224:41 | data[key] | | tests.js:225:28:225:30 | key | tests.js:213:29:213:32 | key2 | -| tests.js:225:28:225:30 | key | tests.js:213:29:213:32 | key2 | -| tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | | tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:225:38:225:40 | key | tests.js:225:33:225:41 | data[key] | | tests.js:225:38:225:40 | key | tests.js:225:33:225:41 | data[key] | | tests.js:229:26:229:29 | key1 | tests.js:233:9:233:12 | key1 | -| tests.js:229:26:229:29 | key1 | tests.js:233:9:233:12 | key1 | -| tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | -| tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | -| tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | | tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | | tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | -| tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | -| tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | -| tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | -| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | | tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | -| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | -| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | -| tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | -| tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | | tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | -| tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | -| tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | -| tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | -| tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | | tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | | tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | -| tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | -| tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | -| tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | -| tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | -| tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | -| tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | | tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | | tests.js:239:24:239:26 | key | tests.js:229:26:229:29 | key1 | -| tests.js:239:24:239:26 | key | tests.js:229:26:229:29 | key1 | -| tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | | tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | | tests.js:239:39:239:41 | key | tests.js:239:34:239:42 | data[key] | -| tests.js:239:39:239:41 | key | tests.js:239:34:239:42 | data[key] | -| tests.js:240:31:240:33 | key | tests.js:229:32:229:35 | key2 | | tests.js:240:31:240:33 | key | tests.js:229:32:229:35 | key2 | | tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | | tests.js:240:41:240:43 | key | tests.js:240:36:240:44 | data[key] | -| tests.js:240:41:240:43 | key | tests.js:240:36:240:44 | data[key] | -| tests.js:263:27:263:29 | dst | tests.js:268:30:268:32 | dst | | tests.js:263:27:263:29 | dst | tests.js:268:30:268:32 | dst | | tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | -| tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | -| tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | -| tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | -| tests.js:265:13:265:26 | key | tests.js:268:34:268:36 | key | | tests.js:265:13:265:26 | key | tests.js:268:34:268:36 | key | | tests.js:265:13:265:26 | key | tests.js:270:17:270:19 | key | -| tests.js:265:13:265:26 | key | tests.js:270:17:270:19 | key | -| tests.js:265:13:265:26 | key | tests.js:270:17:270:19 | key | -| tests.js:265:13:265:26 | key | tests.js:270:17:270:19 | key | -| tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | -| tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | -| tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | | tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | | tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | -| tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | -| tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | -| tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | | tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | -| tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | -| tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | -| tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | -| tests.js:268:30:268:32 | dst | tests.js:268:30:268:37 | dst[key] | | tests.js:268:30:268:32 | dst | tests.js:268:30:268:37 | dst[key] | | tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | -| tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | -| tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | -| tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | -| tests.js:268:34:268:36 | key | tests.js:268:30:268:37 | dst[key] | | tests.js:268:34:268:36 | key | tests.js:268:30:268:37 | dst[key] | | tests.js:275:27:275:29 | dst | tests.js:278:30:278:32 | dst | -| tests.js:275:27:275:29 | dst | tests.js:278:30:278:32 | dst | -| tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | -| tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | -| tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | | tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | -| tests.js:275:32:275:34 | src | tests.js:278:40:278:42 | src | -| tests.js:275:32:275:34 | src | tests.js:278:40:278:42 | src | -| tests.js:275:32:275:34 | src | tests.js:280:24:280:26 | src | -| tests.js:275:32:275:34 | src | tests.js:280:24:280:26 | src | -| tests.js:276:34:276:36 | key | tests.js:278:34:278:36 | key | -| tests.js:276:34:276:36 | key | tests.js:278:34:278:36 | key | -| tests.js:276:34:276:36 | key | tests.js:278:34:278:36 | key | +| tests.js:275:32:275:34 | src | tests.js:276:21:276:23 | src | +| tests.js:276:21:276:23 | src | tests.js:278:40:278:42 | src | +| tests.js:276:21:276:23 | src | tests.js:280:24:280:26 | src | | tests.js:276:34:276:36 | key | tests.js:278:34:278:36 | key | | tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | -| tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | -| tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | -| tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | | tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | -| tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | -| tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | | tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | | tests.js:278:30:278:32 | dst | tests.js:278:30:278:37 | dst[key] | -| tests.js:278:30:278:32 | dst | tests.js:278:30:278:37 | dst[key] | -| tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | -| tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | | tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | -| tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | -| tests.js:278:34:278:36 | key | tests.js:278:30:278:37 | dst[key] | | tests.js:278:34:278:36 | key | tests.js:278:30:278:37 | dst[key] | | tests.js:278:40:278:42 | src | tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:42 | src | tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | | tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | | tests.js:278:44:278:46 | key | tests.js:278:40:278:47 | src[key] | -| tests.js:278:44:278:46 | key | tests.js:278:40:278:47 | src[key] | -| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | | tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | tests.js:280:24:280:31 | src[key] | -| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | -| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | -| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | | tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | | tests.js:301:27:301:29 | dst | tests.js:306:34:306:36 | dst | -| tests.js:301:27:301:29 | dst | tests.js:306:34:306:36 | dst | -| tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | -| tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | -| tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | | tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | | tests.js:301:32:301:34 | src | tests.js:304:25:304:27 | src | | tests.js:302:14:302:16 | key | tests.js:304:29:304:31 | key | -| tests.js:302:14:302:16 | key | tests.js:304:29:304:31 | key | -| tests.js:302:14:302:16 | key | tests.js:304:29:304:31 | key | -| tests.js:302:14:302:16 | key | tests.js:304:29:304:31 | key | -| tests.js:302:14:302:16 | key | tests.js:306:38:306:40 | key | | tests.js:302:14:302:16 | key | tests.js:306:38:306:40 | key | -| tests.js:302:14:302:16 | key | tests.js:306:38:306:40 | key | -| tests.js:302:14:302:16 | key | tests.js:306:38:306:40 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | | tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | | tests.js:304:17:304:32 | value | tests.js:306:44:306:48 | value | | tests.js:304:17:304:32 | value | tests.js:306:44:306:48 | value | | tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | | tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | | tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | | tests.js:304:25:304:27 | src | tests.js:304:25:304:32 | src[key] | | tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | | tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | | tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | -| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | -| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | | tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | | tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | | tests.js:306:34:306:36 | dst | tests.js:306:34:306:41 | dst[key] | -| tests.js:306:34:306:36 | dst | tests.js:306:34:306:41 | dst[key] | -| tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | -| tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | -| tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | | tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | | tests.js:306:38:306:40 | key | tests.js:306:34:306:41 | dst[key] | -| tests.js:306:38:306:40 | key | tests.js:306:34:306:41 | dst[key] | | tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | | tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | | tests.js:314:31:314:33 | dst | tests.js:320:38:320:40 | dst | -| tests.js:314:31:314:33 | dst | tests.js:320:38:320:40 | dst | -| tests.js:314:31:314:33 | dst | tests.js:322:17:322:19 | dst | -| tests.js:314:31:314:33 | dst | tests.js:322:17:322:19 | dst | -| tests.js:314:31:314:33 | dst | tests.js:322:17:322:19 | dst | | tests.js:314:31:314:33 | dst | tests.js:322:17:322:19 | dst | | tests.js:314:36:314:38 | src | tests.js:318:25:318:27 | src | | tests.js:315:14:315:16 | key | tests.js:318:29:318:31 | key | -| tests.js:315:14:315:16 | key | tests.js:318:29:318:31 | key | -| tests.js:315:14:315:16 | key | tests.js:318:29:318:31 | key | -| tests.js:315:14:315:16 | key | tests.js:318:29:318:31 | key | -| tests.js:315:14:315:16 | key | tests.js:320:42:320:44 | key | | tests.js:315:14:315:16 | key | tests.js:320:42:320:44 | key | -| tests.js:315:14:315:16 | key | tests.js:320:42:320:44 | key | -| tests.js:315:14:315:16 | key | tests.js:320:42:320:44 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | | tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | | tests.js:318:17:318:32 | value | tests.js:320:48:320:52 | value | | tests.js:318:17:318:32 | value | tests.js:320:48:320:52 | value | | tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | | tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | | tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | | tests.js:318:25:318:27 | src | tests.js:318:25:318:32 | src[key] | | tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | | tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | | tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | -| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | -| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | | tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | | tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | | tests.js:320:38:320:40 | dst | tests.js:320:38:320:45 | dst[key] | -| tests.js:320:38:320:40 | dst | tests.js:320:38:320:45 | dst[key] | -| tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | -| tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | | tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | -| tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | -| tests.js:320:42:320:44 | key | tests.js:320:38:320:45 | dst[key] | | tests.js:320:42:320:44 | key | tests.js:320:38:320:45 | dst[key] | | tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | | tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | +| tests.js:328:25:328:27 | dst | tests.js:336:32:336:34 | dst | +| tests.js:328:25:328:27 | dst | tests.js:338:17:338:19 | dst | | tests.js:328:30:328:32 | src | tests.js:336:42:336:44 | src | -| tests.js:328:30:328:32 | src | tests.js:336:42:336:44 | src | -| tests.js:328:30:328:32 | src | tests.js:338:28:338:30 | src | | tests.js:328:30:328:32 | src | tests.js:338:28:338:30 | src | +| tests.js:329:14:329:16 | key | tests.js:336:36:336:38 | key | +| tests.js:329:14:329:16 | key | tests.js:336:46:336:48 | key | +| tests.js:329:14:329:16 | key | tests.js:338:21:338:23 | key | +| tests.js:329:14:329:16 | key | tests.js:338:32:338:34 | key | +| tests.js:336:32:336:34 | dst | tests.js:336:32:336:39 | dst[key] | +| tests.js:336:32:336:39 | dst[key] | tests.js:328:25:328:27 | dst | +| tests.js:336:36:336:38 | key | tests.js:336:32:336:39 | dst[key] | | tests.js:336:42:336:44 | src | tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:44 | src | tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | | tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | +| tests.js:336:46:336:48 | key | tests.js:336:42:336:49 | src[key] | | tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | tests.js:338:28:338:35 | src[key] | -| tests.js:348:32:348:37 | target | tests.js:355:17:355:22 | target | -| tests.js:348:32:348:37 | target | tests.js:355:17:355:22 | target | -| tests.js:348:32:348:37 | target | tests.js:355:53:355:58 | target | -| tests.js:348:32:348:37 | target | tests.js:357:17:357:22 | target | -| tests.js:348:32:348:37 | target | tests.js:357:17:357:22 | target | -| tests.js:348:40:348:45 | source | tests.js:355:66:355:71 | source | -| tests.js:348:40:348:45 | source | tests.js:357:31:357:36 | source | -| tests.js:350:37:350:39 | key | tests.js:355:24:355:26 | key | -| tests.js:350:37:350:39 | key | tests.js:355:24:355:26 | key | -| tests.js:350:37:350:39 | key | tests.js:355:24:355:26 | key | +| tests.js:338:32:338:34 | key | tests.js:338:28:338:35 | src[key] | +| tests.js:348:32:348:37 | target | tests.js:349:26:349:31 | target | +| tests.js:348:32:348:37 | target | tests.js:361:12:361:17 | target | +| tests.js:348:40:348:45 | source | tests.js:349:54:349:59 | source | +| tests.js:348:40:348:45 | source | tests.js:350:21:350:26 | source | +| tests.js:349:26:349:31 | target | tests.js:355:17:355:22 | target | +| tests.js:349:26:349:31 | target | tests.js:355:53:355:58 | target | +| tests.js:349:26:349:31 | target | tests.js:357:17:357:22 | target | +| tests.js:349:26:349:31 | target | tests.js:361:12:361:17 | target | +| tests.js:349:54:349:59 | source | tests.js:350:21:350:26 | source | +| tests.js:350:21:350:26 | source | tests.js:355:66:355:71 | source | +| tests.js:350:21:350:26 | source | tests.js:357:31:357:36 | source | | tests.js:350:37:350:39 | key | tests.js:355:24:355:26 | key | | tests.js:350:37:350:39 | key | tests.js:355:60:355:62 | key | -| tests.js:350:37:350:39 | key | tests.js:355:60:355:62 | key | -| tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | -| tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | -| tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | | tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | | tests.js:350:37:350:39 | key | tests.js:357:38:357:40 | key | -| tests.js:350:37:350:39 | key | tests.js:357:38:357:40 | key | | tests.js:355:53:355:58 | target | tests.js:355:53:355:63 | target[key] | | tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | -| tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | -| tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | | tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | | tests.js:355:60:355:62 | key | tests.js:355:53:355:63 | target[key] | | tests.js:355:66:355:71 | source | tests.js:355:66:355:76 | source[key] | | tests.js:355:66:355:76 | source[key] | tests.js:348:40:348:45 | source | -| tests.js:355:66:355:76 | source[key] | tests.js:348:40:348:45 | source | -| tests.js:355:66:355:76 | source[key] | tests.js:348:40:348:45 | source | -| tests.js:357:31:357:36 | source | tests.js:357:31:357:41 | source[key] | | tests.js:357:31:357:36 | source | tests.js:357:31:357:41 | source[key] | -| tests.js:357:31:357:41 | source[key] | tests.js:357:31:357:41 | source[key] | -| tests.js:357:38:357:40 | key | tests.js:357:31:357:41 | source[key] | | tests.js:357:38:357:40 | key | tests.js:357:31:357:41 | source[key] | +| tests.js:364:41:364:46 | target | tests.js:377:12:377:17 | target | | tests.js:364:49:364:54 | source | tests.js:371:75:371:80 | source | | tests.js:364:49:364:54 | source | tests.js:373:31:373:36 | source | | tests.js:366:18:366:20 | key | tests.js:371:24:371:26 | key | -| tests.js:366:18:366:20 | key | tests.js:371:24:371:26 | key | -| tests.js:366:18:366:20 | key | tests.js:371:24:371:26 | key | -| tests.js:366:18:366:20 | key | tests.js:371:24:371:26 | key | | tests.js:366:18:366:20 | key | tests.js:371:69:371:71 | key | -| tests.js:366:18:366:20 | key | tests.js:371:69:371:71 | key | -| tests.js:366:18:366:20 | key | tests.js:373:24:373:26 | key | -| tests.js:366:18:366:20 | key | tests.js:373:24:373:26 | key | -| tests.js:366:18:366:20 | key | tests.js:373:24:373:26 | key | | tests.js:366:18:366:20 | key | tests.js:373:24:373:26 | key | | tests.js:366:18:366:20 | key | tests.js:373:38:373:40 | key | -| tests.js:366:18:366:20 | key | tests.js:373:38:373:40 | key | -| tests.js:371:62:371:72 | target[key] | tests.js:371:31:371:95 | mergePl ... ptions) | +| tests.js:371:62:371:72 | target[key] | tests.js:364:41:364:46 | target | | tests.js:371:62:371:72 | target[key] | tests.js:371:31:371:95 | mergePl ... ptions) | | tests.js:371:69:371:71 | key | tests.js:371:62:371:72 | target[key] | | tests.js:371:75:371:80 | source | tests.js:371:75:371:85 | source[key] | | tests.js:371:75:371:85 | source[key] | tests.js:364:49:364:54 | source | -| tests.js:371:75:371:85 | source[key] | tests.js:364:49:364:54 | source | -| tests.js:371:75:371:85 | source[key] | tests.js:364:49:364:54 | source | | tests.js:373:31:373:36 | source | tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:36 | source | tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:41 | source[key] | tests.js:373:31:373:41 | source[key] | -| tests.js:373:38:373:40 | key | tests.js:373:31:373:41 | source[key] | | tests.js:373:38:373:40 | key | tests.js:373:31:373:41 | source[key] | +| tests.js:380:22:380:24 | obj | tests.js:383:27:383:29 | obj | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | +| tests.js:380:27:380:34 | callback [src] | tests.js:383:13:383:20 | callback [src] | | tests.js:381:14:381:16 | key | tests.js:383:22:383:24 | key | -| tests.js:381:14:381:16 | key | tests.js:383:22:383:24 | key | -| tests.js:381:14:381:16 | key | tests.js:383:22:383:24 | key | -| tests.js:381:14:381:16 | key | tests.js:383:22:383:24 | key | -| tests.js:381:14:381:16 | key | tests.js:383:31:383:33 | key | -| tests.js:381:14:381:16 | key | tests.js:383:31:383:33 | key | -| tests.js:381:14:381:16 | key | tests.js:383:31:383:33 | key | | tests.js:381:14:381:16 | key | tests.js:383:31:383:33 | key | +| tests.js:383:13:383:20 | callback [dst] | tests.js:391:32:391:34 | dst | +| tests.js:383:13:383:20 | callback [dst] | tests.js:391:32:391:34 | dst | +| tests.js:383:13:383:20 | callback [dst] | tests.js:393:13:393:15 | dst | +| tests.js:383:13:383:20 | callback [dst] | tests.js:393:13:393:15 | dst | +| tests.js:383:13:383:20 | callback [dst] | tests.js:401:33:401:35 | dst | +| tests.js:383:13:383:20 | callback [dst] | tests.js:401:33:401:35 | dst | +| tests.js:383:13:383:20 | callback [dst] | tests.js:403:13:403:15 | dst | +| tests.js:383:13:383:20 | callback [dst] | tests.js:403:13:403:15 | dst | +| tests.js:383:13:383:20 | callback [src] | tests.js:391:42:391:44 | src | +| tests.js:383:13:383:20 | callback [src] | tests.js:393:24:393:26 | src | | tests.js:383:22:383:24 | key | tests.js:389:22:389:24 | key | -| tests.js:383:22:383:24 | key | tests.js:389:22:389:24 | key | -| tests.js:383:22:383:24 | key | tests.js:399:23:399:25 | key | | tests.js:383:22:383:24 | key | tests.js:399:23:399:25 | key | +| tests.js:383:27:383:29 | obj | tests.js:383:27:383:34 | obj[key] | | tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | -| tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | -| tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | -| tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | -| tests.js:383:31:383:33 | key | tests.js:383:27:383:34 | obj[key] | | tests.js:383:31:383:33 | key | tests.js:383:27:383:34 | obj[key] | +| tests.js:388:29:388:31 | dst | tests.js:380:27:380:34 | callback [dst] | +| tests.js:388:29:388:31 | dst | tests.js:380:27:380:34 | callback [dst] | | tests.js:388:29:388:31 | dst | tests.js:391:32:391:34 | dst | | tests.js:388:29:388:31 | dst | tests.js:391:32:391:34 | dst | | tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | | tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | -| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | -| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | -| tests.js:388:34:388:36 | src | tests.js:391:42:391:44 | src | -| tests.js:388:34:388:36 | src | tests.js:391:42:391:44 | src | -| tests.js:388:34:388:36 | src | tests.js:393:24:393:26 | src | -| tests.js:388:34:388:36 | src | tests.js:393:24:393:26 | src | +| tests.js:388:34:388:36 | src | tests.js:389:17:389:19 | src | +| tests.js:389:17:389:19 | src | tests.js:380:27:380:34 | callback [src] | +| tests.js:389:17:389:19 | src | tests.js:391:42:391:44 | src | +| tests.js:389:17:389:19 | src | tests.js:393:24:393:26 | src | | tests.js:389:22:389:24 | key | tests.js:391:36:391:38 | key | -| tests.js:389:22:389:24 | key | tests.js:391:36:391:38 | key | -| tests.js:389:22:389:24 | key | tests.js:391:46:391:48 | key | | tests.js:389:22:389:24 | key | tests.js:391:46:391:48 | key | | tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | -| tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | -| tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | -| tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | -| tests.js:389:22:389:24 | key | tests.js:393:28:393:30 | key | | tests.js:389:22:389:24 | key | tests.js:393:28:393:30 | key | | tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | | tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | @@ -2841,40 +1091,21 @@ edges | tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | | tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | | tests.js:391:42:391:44 | src | tests.js:391:42:391:49 | src[key] | -| tests.js:391:42:391:44 | src | tests.js:391:42:391:49 | src[key] | -| tests.js:391:42:391:49 | src[key] | tests.js:388:34:388:36 | src | | tests.js:391:42:391:49 | src[key] | tests.js:388:34:388:36 | src | | tests.js:391:46:391:48 | key | tests.js:391:42:391:49 | src[key] | -| tests.js:391:46:391:48 | key | tests.js:391:42:391:49 | src[key] | -| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | -| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | -| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | | tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | | tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | -| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | -| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | -| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | +| tests.js:398:30:398:32 | dst | tests.js:380:27:380:34 | callback [dst] | +| tests.js:398:30:398:32 | dst | tests.js:380:27:380:34 | callback [dst] | | tests.js:398:30:398:32 | dst | tests.js:401:33:401:35 | dst | | tests.js:398:30:398:32 | dst | tests.js:401:33:401:35 | dst | | tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | | tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | -| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | -| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | -| tests.js:398:35:398:37 | src | tests.js:399:17:399:19 | src | | tests.js:398:35:398:37 | src | tests.js:399:17:399:19 | src | -| tests.js:399:17:399:19 | src | tests.js:399:28:399:32 | value | -| tests.js:399:17:399:19 | src | tests.js:399:28:399:32 | value | +| tests.js:399:17:399:19 | src | tests.js:380:22:380:24 | obj | | tests.js:399:23:399:25 | key | tests.js:401:37:401:39 | key | -| tests.js:399:23:399:25 | key | tests.js:401:37:401:39 | key | -| tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | -| tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | -| tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | | tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | | tests.js:399:28:399:32 | value | tests.js:401:43:401:47 | value | -| tests.js:399:28:399:32 | value | tests.js:401:43:401:47 | value | -| tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | -| tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | -| tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | | tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | | tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | | tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | @@ -2883,641 +1114,233 @@ edges | tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | | tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | | tests.js:401:43:401:47 | value | tests.js:398:35:398:37 | src | -| tests.js:401:43:401:47 | value | tests.js:398:35:398:37 | src | -| tests.js:412:31:412:33 | dst | tests.js:415:34:415:36 | dst | +| tests.js:408:22:408:24 | obj | tests.js:409:12:409:14 | obj | +| tests.js:408:27:408:29 | key | tests.js:409:16:409:18 | key | +| tests.js:409:12:409:14 | obj | tests.js:409:12:409:19 | obj[key] | +| tests.js:409:16:409:18 | key | tests.js:409:12:409:19 | obj[key] | | tests.js:412:31:412:33 | dst | tests.js:415:34:415:36 | dst | | tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | -| tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | -| tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | -| tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | -| tests.js:412:36:412:38 | src | tests.js:414:33:414:35 | src | | tests.js:412:36:412:38 | src | tests.js:414:33:414:35 | src | | tests.js:413:14:413:16 | key | tests.js:414:38:414:40 | key | -| tests.js:413:14:413:16 | key | tests.js:414:38:414:40 | key | -| tests.js:413:14:413:16 | key | tests.js:414:38:414:40 | key | -| tests.js:413:14:413:16 | key | tests.js:414:38:414:40 | key | -| tests.js:413:14:413:16 | key | tests.js:415:39:415:41 | key | | tests.js:413:14:413:16 | key | tests.js:415:39:415:41 | key | -| tests.js:413:14:413:16 | key | tests.js:415:39:415:41 | key | -| tests.js:413:14:413:16 | key | tests.js:415:39:415:41 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | | tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | | tests.js:414:13:414:41 | value | tests.js:417:42:417:46 | value | -| tests.js:414:13:414:41 | value | tests.js:417:42:417:46 | value | -| tests.js:414:13:414:41 | value | tests.js:417:42:417:46 | value | -| tests.js:414:13:414:41 | value | tests.js:417:42:417:46 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | | tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | | tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:33:414:35 | src | tests.js:414:21:414:41 | wrapped ... c, key) | +| tests.js:414:33:414:35 | src | tests.js:408:22:408:24 | obj | | tests.js:414:33:414:35 | src | tests.js:414:21:414:41 | wrapped ... c, key) | +| tests.js:414:38:414:40 | key | tests.js:408:27:408:29 | key | | tests.js:414:38:414:40 | key | tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:38:414:40 | key | tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | -| tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | -| tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | | tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | | tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | -| tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | -| tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | -| tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | -| tests.js:415:34:415:36 | dst | tests.js:415:22:415:42 | wrapped ... t, key) | +| tests.js:415:34:415:36 | dst | tests.js:408:22:408:24 | obj | | tests.js:415:34:415:36 | dst | tests.js:415:22:415:42 | wrapped ... t, key) | +| tests.js:415:39:415:41 | key | tests.js:408:27:408:29 | key | | tests.js:415:39:415:41 | key | tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:39:415:41 | key | tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | -| tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | -| tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | | tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | | tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | -| tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | -| tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | -| tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | +| tests.js:424:25:424:27 | obj | tests.js:426:12:426:14 | obj | +| tests.js:424:30:424:32 | key | tests.js:426:16:426:18 | key | +| tests.js:426:12:426:14 | obj | tests.js:426:12:426:19 | obj[key] | +| tests.js:426:16:426:18 | key | tests.js:426:12:426:19 | obj[key] | | tests.js:429:34:429:36 | dst | tests.js:432:37:432:39 | dst | | tests.js:429:34:429:36 | dst | tests.js:436:13:436:15 | dst | -| tests.js:429:34:429:36 | dst | tests.js:436:13:436:15 | dst | | tests.js:429:39:429:41 | src | tests.js:431:36:431:38 | src | -| tests.js:429:39:429:41 | src | tests.js:431:36:431:38 | src | -| tests.js:430:14:430:16 | key | tests.js:431:41:431:43 | key | | tests.js:430:14:430:16 | key | tests.js:431:41:431:43 | key | | tests.js:430:14:430:16 | key | tests.js:432:42:432:44 | key | -| tests.js:430:14:430:16 | key | tests.js:432:42:432:44 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | | tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:431:13:431:44 | value | tests.js:434:45:434:49 | value | -| tests.js:431:13:431:44 | value | tests.js:434:45:434:49 | value | -| tests.js:431:13:431:44 | value | tests.js:434:45:434:49 | value | | tests.js:431:13:431:44 | value | tests.js:434:45:434:49 | value | | tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | | tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | +| tests.js:431:36:431:38 | src | tests.js:424:25:424:27 | obj | | tests.js:431:36:431:38 | src | tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:36:431:38 | src | tests.js:431:21:431:44 | almostS ... c, key) | +| tests.js:431:41:431:43 | key | tests.js:424:30:424:32 | key | | tests.js:431:41:431:43 | key | tests.js:431:21:431:44 | almostS ... c, key) | | tests.js:432:13:432:45 | target | tests.js:434:37:434:42 | target | -| tests.js:432:13:432:45 | target | tests.js:434:37:434:42 | target | -| tests.js:432:22:432:45 | almostS ... t, key) | tests.js:432:13:432:45 | target | | tests.js:432:22:432:45 | almostS ... t, key) | tests.js:432:13:432:45 | target | +| tests.js:432:37:432:39 | dst | tests.js:424:25:424:27 | obj | | tests.js:432:37:432:39 | dst | tests.js:432:22:432:45 | almostS ... t, key) | +| tests.js:432:42:432:44 | key | tests.js:424:30:424:32 | key | | tests.js:432:42:432:44 | key | tests.js:432:22:432:45 | almostS ... t, key) | | tests.js:434:37:434:42 | target | tests.js:429:34:429:36 | dst | -| tests.js:434:37:434:42 | target | tests.js:429:34:429:36 | dst | | tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | -| tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | -| tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | -| tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | -| tests.js:446:33:446:35 | src | tests.js:448:30:448:32 | src | +| tests.js:441:19:441:21 | obj | tests.js:443:12:443:14 | obj | +| tests.js:443:12:443:14 | obj | tests.js:443:12:443:19 | obj[key] | | tests.js:446:33:446:35 | src | tests.js:448:30:448:32 | src | | tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | -| tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | | tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | -| tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | | tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | | tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:30:448:32 | src | tests.js:448:21:448:38 | safeRead(src, key) | +| tests.js:448:30:448:32 | src | tests.js:441:19:441:21 | obj | | tests.js:448:30:448:32 | src | tests.js:448:21:448:38 | safeRead(src, key) | | tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | -| tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | -| tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | -| tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | -| tests.js:458:26:458:28 | dst | tests.js:462:29:462:31 | dst | | tests.js:458:26:458:28 | dst | tests.js:462:29:462:31 | dst | | tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:466:30:466:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:466:30:466:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:466:30:466:32 | dst | | tests.js:458:26:458:28 | dst | tests.js:466:30:466:32 | dst | | tests.js:458:26:458:28 | dst | tests.js:467:30:467:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:467:30:467:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:467:30:467:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:467:30:467:32 | dst | -| tests.js:458:31:458:33 | src | tests.js:462:39:462:41 | src | -| tests.js:458:31:458:33 | src | tests.js:462:39:462:41 | src | -| tests.js:458:31:458:33 | src | tests.js:465:41:465:43 | src | -| tests.js:458:31:458:33 | src | tests.js:465:41:465:43 | src | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | +| tests.js:458:31:458:33 | src | tests.js:460:12:460:14 | src | +| tests.js:460:12:460:14 | src | tests.js:462:39:462:41 | src | +| tests.js:460:12:460:14 | src | tests.js:465:41:465:43 | src | | tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:25:460:27 | key | tests.js:462:33:462:35 | key | -| tests.js:460:25:460:27 | key | tests.js:462:33:462:35 | key | -| tests.js:460:25:460:27 | key | tests.js:462:33:462:35 | key | | tests.js:460:25:460:27 | key | tests.js:462:33:462:35 | key | | tests.js:460:25:460:27 | key | tests.js:462:43:462:45 | key | -| tests.js:460:25:460:27 | key | tests.js:462:43:462:45 | key | -| tests.js:460:25:460:27 | key | tests.js:462:43:462:45 | key | -| tests.js:460:25:460:27 | key | tests.js:462:43:462:45 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | | tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:45:465:47 | key | -| tests.js:460:25:460:27 | key | tests.js:465:45:465:47 | key | -| tests.js:460:25:460:27 | key | tests.js:465:45:465:47 | key | | tests.js:460:25:460:27 | key | tests.js:465:45:465:47 | key | | tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | -| tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | | tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | -| tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | | tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:462:29:462:31 | dst | tests.js:462:29:462:36 | dst[key] | | tests.js:462:29:462:31 | dst | tests.js:462:29:462:36 | dst[key] | | tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | -| tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | -| tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | -| tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | -| tests.js:462:33:462:35 | key | tests.js:462:29:462:36 | dst[key] | | tests.js:462:33:462:35 | key | tests.js:462:29:462:36 | dst[key] | | tests.js:462:39:462:41 | src | tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:41 | src | tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | | tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | | tests.js:462:43:462:45 | key | tests.js:462:39:462:46 | src[key] | -| tests.js:462:43:462:45 | key | tests.js:462:39:462:46 | src[key] | -| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | | tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | tests.js:465:41:465:48 | src[key] | -| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | -| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | | tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | -| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | -| tests.js:466:41:466:46 | o[key] | tests.js:466:41:466:46 | o[key] | -| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | -| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | -| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | | tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | | tests.js:472:38:472:40 | dst | tests.js:475:41:475:43 | dst | -| tests.js:472:38:472:40 | dst | tests.js:475:41:475:43 | dst | -| tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | -| tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | -| tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | | tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | | tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | -| tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | | tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | -| tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | | tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:475:41:475:43 | dst | tests.js:475:41:475:48 | dst[key] | | tests.js:475:41:475:43 | dst | tests.js:475:41:475:48 | dst[key] | | tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | -| tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | -| tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | -| tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | -| tests.js:475:45:475:47 | key | tests.js:475:41:475:48 | dst[key] | | tests.js:475:45:475:47 | key | tests.js:475:41:475:48 | dst[key] | | tests.js:483:26:483:28 | dst | tests.js:487:29:487:31 | dst | | tests.js:483:26:483:28 | dst | tests.js:489:13:489:15 | dst | -| tests.js:483:26:483:28 | dst | tests.js:489:13:489:15 | dst | | tests.js:483:31:483:33 | src | tests.js:487:39:487:41 | src | | tests.js:483:31:483:33 | src | tests.js:489:24:489:26 | src | | tests.js:483:31:483:33 | src | tests.js:489:24:489:26 | src | | tests.js:484:14:484:16 | key | tests.js:487:33:487:35 | key | -| tests.js:484:14:484:16 | key | tests.js:487:33:487:35 | key | | tests.js:484:14:484:16 | key | tests.js:487:43:487:45 | key | -| tests.js:484:14:484:16 | key | tests.js:487:43:487:45 | key | -| tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | -| tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | -| tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | | tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | | tests.js:484:14:484:16 | key | tests.js:489:28:489:30 | key | -| tests.js:484:14:484:16 | key | tests.js:489:28:489:30 | key | | tests.js:487:29:487:31 | dst | tests.js:487:29:487:36 | dst[key] | | tests.js:487:29:487:36 | dst[key] | tests.js:483:26:483:28 | dst | -| tests.js:487:29:487:36 | dst[key] | tests.js:483:26:483:28 | dst | | tests.js:487:33:487:35 | key | tests.js:487:29:487:36 | dst[key] | | tests.js:487:39:487:41 | src | tests.js:487:39:487:46 | src[key] | | tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | | tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | | tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | -| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | -| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | | tests.js:487:43:487:45 | key | tests.js:487:39:487:46 | src[key] | | tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | tests.js:489:24:489:31 | src[key] | -| tests.js:489:28:489:30 | key | tests.js:489:24:489:31 | src[key] | | tests.js:489:28:489:30 | key | tests.js:489:24:489:31 | src[key] | | tests.js:494:32:494:34 | src | tests.js:498:21:498:23 | src | | tests.js:495:14:495:16 | key | tests.js:498:25:498:27 | key | -| tests.js:495:14:495:16 | key | tests.js:498:25:498:27 | key | -| tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | -| tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | -| tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | | tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | | tests.js:498:13:498:28 | value | tests.js:500:38:500:42 | value | | tests.js:498:13:498:28 | value | tests.js:500:38:500:42 | value | | tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | | tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | | tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | | tests.js:498:21:498:23 | src | tests.js:498:21:498:28 | src[key] | | tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | | tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | | tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | -| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | -| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | | tests.js:498:25:498:27 | key | tests.js:498:21:498:28 | src[key] | | tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | | tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | | tests.js:508:30:508:32 | dst | tests.js:513:33:513:35 | dst | -| tests.js:508:30:508:32 | dst | tests.js:513:33:513:35 | dst | | tests.js:508:30:508:32 | dst | tests.js:517:35:517:37 | dst | -| tests.js:508:30:508:32 | dst | tests.js:517:35:517:37 | dst | -| tests.js:508:30:508:32 | dst | tests.js:517:35:517:37 | dst | -| tests.js:508:30:508:32 | dst | tests.js:517:35:517:37 | dst | -| tests.js:508:35:508:37 | src | tests.js:513:43:513:45 | src | | tests.js:508:35:508:37 | src | tests.js:513:43:513:45 | src | | tests.js:508:35:508:37 | src | tests.js:516:32:516:34 | src | -| tests.js:508:35:508:37 | src | tests.js:516:32:516:34 | src | -| tests.js:511:13:511:25 | key | tests.js:513:37:513:39 | key | | tests.js:511:13:511:25 | key | tests.js:513:37:513:39 | key | | tests.js:511:13:511:25 | key | tests.js:513:47:513:49 | key | -| tests.js:511:13:511:25 | key | tests.js:513:47:513:49 | key | -| tests.js:511:13:511:25 | key | tests.js:516:36:516:38 | key | | tests.js:511:13:511:25 | key | tests.js:516:36:516:38 | key | | tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | -| tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | -| tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | -| tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | -| tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | -| tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | -| tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | | tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | | tests.js:513:33:513:35 | dst | tests.js:513:33:513:40 | dst[key] | -| tests.js:513:33:513:35 | dst | tests.js:513:33:513:40 | dst[key] | -| tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | -| tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | -| tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | | tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | | tests.js:513:37:513:39 | key | tests.js:513:33:513:40 | dst[key] | -| tests.js:513:37:513:39 | key | tests.js:513:33:513:40 | dst[key] | -| tests.js:513:43:513:45 | src | tests.js:513:43:513:50 | src[key] | | tests.js:513:43:513:45 | src | tests.js:513:43:513:50 | src[key] | | tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:47:513:49 | key | tests.js:513:43:513:50 | src[key] | | tests.js:513:47:513:49 | key | tests.js:513:43:513:50 | src[key] | | tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | tests.js:516:32:516:39 | src[key] | -| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | -| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | -| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | | tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | -| tests.js:523:11:523:23 | dst | tests.js:527:35:527:37 | dst | -| tests.js:523:11:523:23 | dst | tests.js:527:35:527:37 | dst | -| tests.js:523:11:523:23 | dst | tests.js:529:13:529:15 | dst | -| tests.js:523:11:523:23 | dst | tests.js:529:13:529:15 | dst | -| tests.js:523:11:523:23 | dst | tests.js:529:13:529:15 | dst | -| tests.js:523:11:523:23 | dst | tests.js:529:13:529:15 | dst | -| tests.js:523:17:523:23 | args[0] | tests.js:523:11:523:23 | dst | -| tests.js:523:17:523:23 | args[0] | tests.js:523:11:523:23 | dst | -| tests.js:524:11:524:23 | src | tests.js:527:45:527:47 | src | -| tests.js:524:11:524:23 | src | tests.js:527:45:527:47 | src | -| tests.js:524:11:524:23 | src | tests.js:529:24:529:26 | src | -| tests.js:524:11:524:23 | src | tests.js:529:24:529:26 | src | -| tests.js:524:17:524:23 | args[1] | tests.js:524:11:524:23 | src | -| tests.js:524:17:524:23 | args[1] | tests.js:524:11:524:23 | src | -| tests.js:525:14:525:16 | key | tests.js:527:39:527:41 | key | -| tests.js:525:14:525:16 | key | tests.js:527:39:527:41 | key | -| tests.js:525:14:525:16 | key | tests.js:527:39:527:41 | key | -| tests.js:525:14:525:16 | key | tests.js:527:39:527:41 | key | -| tests.js:525:14:525:16 | key | tests.js:527:49:527:51 | key | -| tests.js:525:14:525:16 | key | tests.js:527:49:527:51 | key | -| tests.js:525:14:525:16 | key | tests.js:527:49:527:51 | key | -| tests.js:525:14:525:16 | key | tests.js:527:49:527:51 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | | tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | -| tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | | tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | -| tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | -| tests.js:527:35:527:37 | dst | tests.js:527:35:527:42 | dst[key] | -| tests.js:527:35:527:37 | dst | tests.js:527:35:527:42 | dst[key] | -| tests.js:527:35:527:42 | dst[key] | tests.js:523:17:523:23 | args[0] | -| tests.js:527:35:527:42 | dst[key] | tests.js:523:17:523:23 | args[0] | -| tests.js:527:35:527:42 | dst[key] | tests.js:523:17:523:23 | args[0] | -| tests.js:527:35:527:42 | dst[key] | tests.js:523:17:523:23 | args[0] | -| tests.js:527:39:527:41 | key | tests.js:527:35:527:42 | dst[key] | -| tests.js:527:39:527:41 | key | tests.js:527:35:527:42 | dst[key] | -| tests.js:527:45:527:47 | src | tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:47 | src | tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:49:527:51 | key | tests.js:527:45:527:52 | src[key] | -| tests.js:527:49:527:51 | key | tests.js:527:45:527:52 | src[key] | -| tests.js:529:24:529:26 | src | tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:26 | src | tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:26 | src | tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:26 | src | tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | tests.js:529:24:529:31 | src[key] | -| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | -| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | -| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | | tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | | tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | -| tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | -| tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | -| tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | +| tests.js:534:36:534:43 | callback [dst] | tests.js:538:9:538:16 | callback [dst] | +| tests.js:538:9:538:16 | callback [dst] | tests.js:545:33:545:35 | dst | +| tests.js:538:9:538:16 | callback [dst] | tests.js:547:13:547:15 | dst | | tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | | tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | | tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | | tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | +| tests.js:542:30:542:32 | dst | tests.js:534:36:534:43 | callback [dst] | | tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | -| tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | -| tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | | tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:35:542:37 | src | tests.js:543:26:543:28 | src | -| tests.js:542:35:542:37 | src | tests.js:543:26:543:28 | src | -| tests.js:542:35:542:37 | src | tests.js:543:26:543:28 | src | | tests.js:542:35:542:37 | src | tests.js:543:26:543:28 | src | | tests.js:543:26:543:28 | src | tests.js:534:31:534:33 | obj | -| tests.js:543:26:543:28 | src | tests.js:534:31:534:33 | obj | -| tests.js:543:26:543:28 | src | tests.js:534:31:534:33 | obj | -| tests.js:543:26:543:28 | src | tests.js:534:31:534:33 | obj | -| tests.js:543:26:543:28 | src | tests.js:543:37:543:41 | value | -| tests.js:543:26:543:28 | src | tests.js:543:37:543:41 | value | -| tests.js:543:26:543:28 | src | tests.js:543:37:543:41 | value | -| tests.js:543:26:543:28 | src | tests.js:543:37:543:41 | value | -| tests.js:543:32:543:34 | key | tests.js:545:37:545:39 | key | | tests.js:543:32:543:34 | key | tests.js:545:37:545:39 | key | -| tests.js:543:32:543:34 | key | tests.js:545:37:545:39 | key | -| tests.js:543:32:543:34 | key | tests.js:545:37:545:39 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | | tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | -| tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | -| tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | | tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | | tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | | tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | -| tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | | tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | -| tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | -| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | | tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | | tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | -| tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | -| tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | -| tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | -| tests.js:552:35:552:37 | src | tests.js:557:43:557:45 | src | | tests.js:552:35:552:37 | src | tests.js:557:43:557:45 | src | | tests.js:552:35:552:37 | src | tests.js:559:24:559:26 | src | -| tests.js:552:35:552:37 | src | tests.js:559:24:559:26 | src | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | | tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | -| tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | -| tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | | tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | | tests.js:557:43:557:45 | src | tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:45 | src | tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | | tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | | tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | tests.js:559:24:559:31 | src[key] | -| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | -| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | -| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | | tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | | tests.js:564:35:564:37 | src | tests.js:569:43:569:45 | src | -| tests.js:564:35:564:37 | src | tests.js:569:43:569:45 | src | -| tests.js:564:35:564:37 | src | tests.js:571:24:571:26 | src | | tests.js:564:35:564:37 | src | tests.js:571:24:571:26 | src | | tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | -| tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | | tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | -| tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | -| tests.js:569:43:569:45 | src | tests.js:569:43:569:50 | src[key] | | tests.js:569:43:569:45 | src | tests.js:569:43:569:50 | src[key] | | tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | | tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | tests.js:571:24:571:31 | src[key] | -| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | -| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | | tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | -| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | -| tests.js:576:30:576:32 | src | tests.js:580:38:580:40 | src | | tests.js:576:30:576:32 | src | tests.js:580:38:580:40 | src | | tests.js:576:30:576:32 | src | tests.js:582:24:582:26 | src | -| tests.js:576:30:576:32 | src | tests.js:582:24:582:26 | src | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | | tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | -| tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | -| tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | | tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | | tests.js:580:38:580:40 | src | tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:40 | src | tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | | tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | | tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | tests.js:582:24:582:31 | src[key] | -| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | -| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | -| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | | tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | +| tests.js:591:25:591:27 | obj | tests.js:592:7:592:9 | obj | +| tests.js:591:25:591:27 | obj | tests.js:592:21:592:23 | obj | +| tests.js:592:7:592:9 | obj | tests.js:592:21:592:23 | obj | +| tests.js:592:7:592:9 | obj | tests.js:593:10:593:12 | obj | +| tests.js:592:21:592:23 | obj | tests.js:593:10:593:12 | obj | +| tests.js:600:31:600:34 | dest | tests.js:603:34:603:37 | dest | +| tests.js:600:31:600:34 | dest | tests.js:605:13:605:16 | dest | +| tests.js:600:37:600:42 | source | tests.js:603:45:603:50 | source | +| tests.js:600:37:600:42 | source | tests.js:605:40:605:45 | source | +| tests.js:601:16:601:18 | key | tests.js:603:39:603:41 | key | +| tests.js:601:16:601:18 | key | tests.js:603:52:603:54 | key | +| tests.js:601:16:601:18 | key | tests.js:605:18:605:20 | key | +| tests.js:601:16:601:18 | key | tests.js:605:47:605:49 | key | +| tests.js:603:34:603:37 | dest | tests.js:603:34:603:42 | dest[key] | +| tests.js:603:34:603:42 | dest[key] | tests.js:600:31:600:34 | dest | +| tests.js:603:39:603:41 | key | tests.js:603:34:603:42 | dest[key] | +| tests.js:603:45:603:50 | source | tests.js:603:45:603:55 | source[key] | +| tests.js:603:45:603:55 | source[key] | tests.js:600:37:600:42 | source | +| tests.js:603:52:603:54 | key | tests.js:603:45:603:55 | source[key] | +| tests.js:605:40:605:45 | source | tests.js:605:40:605:50 | source[key] | +| tests.js:605:40:605:50 | source[key] | tests.js:591:25:591:27 | obj | +| tests.js:605:40:605:50 | source[key] | tests.js:605:25:605:51 | capture ... e[key]) | +| tests.js:605:47:605:49 | key | tests.js:605:40:605:50 | source[key] | +subpaths +| tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | tests.js:361:12:361:17 | target | tests.js:355:31:355:86 | mergePl ... ptions) | +| tests.js:371:62:371:72 | target[key] | tests.js:364:41:364:46 | target | tests.js:377:12:377:17 | target | tests.js:371:31:371:95 | mergePl ... ptions) | +| tests.js:414:33:414:35 | src | tests.js:408:22:408:24 | obj | tests.js:409:12:409:19 | obj[key] | tests.js:414:21:414:41 | wrapped ... c, key) | +| tests.js:414:38:414:40 | key | tests.js:408:27:408:29 | key | tests.js:409:12:409:19 | obj[key] | tests.js:414:21:414:41 | wrapped ... c, key) | +| tests.js:415:34:415:36 | dst | tests.js:408:22:408:24 | obj | tests.js:409:12:409:19 | obj[key] | tests.js:415:22:415:42 | wrapped ... t, key) | +| tests.js:415:39:415:41 | key | tests.js:408:27:408:29 | key | tests.js:409:12:409:19 | obj[key] | tests.js:415:22:415:42 | wrapped ... t, key) | +| tests.js:431:36:431:38 | src | tests.js:424:25:424:27 | obj | tests.js:426:12:426:19 | obj[key] | tests.js:431:21:431:44 | almostS ... c, key) | +| tests.js:431:41:431:43 | key | tests.js:424:30:424:32 | key | tests.js:426:12:426:19 | obj[key] | tests.js:431:21:431:44 | almostS ... c, key) | +| tests.js:432:37:432:39 | dst | tests.js:424:25:424:27 | obj | tests.js:426:12:426:19 | obj[key] | tests.js:432:22:432:45 | almostS ... t, key) | +| tests.js:432:42:432:44 | key | tests.js:424:30:424:32 | key | tests.js:426:12:426:19 | obj[key] | tests.js:432:22:432:45 | almostS ... t, key) | +| tests.js:448:30:448:32 | src | tests.js:441:19:441:21 | obj | tests.js:443:12:443:19 | obj[key] | tests.js:448:21:448:38 | safeRead(src, key) | +| tests.js:605:40:605:50 | source[key] | tests.js:591:25:591:27 | obj | tests.js:593:10:593:12 | obj | tests.js:605:25:605:51 | capture ... e[key]) | #select | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | examples/PrototypePollutingFunction.js:2:21:2:23 | src | src | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | dst | | path-assignment.js:15:13:15:18 | target | path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:15:13:15:18 | target | The property chain $@ is recursively assigned to $@ without guarding against prototype pollution. | path-assignment.js:8:19:8:25 | keys[i] | here | path-assignment.js:15:13:15:18 | target | target | @@ -3537,6 +1360,7 @@ edges | tests.js:280:13:280:15 | dst | tests.js:276:34:276:36 | key | tests.js:280:13:280:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:276:21:276:23 | src | src | tests.js:280:13:280:15 | dst | dst | | tests.js:308:17:308:19 | dst | tests.js:302:14:302:16 | key | tests.js:308:17:308:19 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:302:21:302:23 | src | src | tests.js:308:17:308:19 | dst | dst | | tests.js:322:17:322:19 | dst | tests.js:315:14:315:16 | key | tests.js:322:17:322:19 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:315:21:315:23 | src | src | tests.js:322:17:322:19 | dst | dst | +| tests.js:338:17:338:19 | dst | tests.js:329:14:329:16 | key | tests.js:338:17:338:19 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:329:21:329:23 | src | src | tests.js:338:17:338:19 | dst | dst | | tests.js:357:17:357:22 | target | tests.js:350:37:350:39 | key | tests.js:357:17:357:22 | target | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:350:21:350:26 | source | source | tests.js:357:17:357:22 | target | target | | tests.js:403:13:403:15 | dst | tests.js:381:14:381:16 | key | tests.js:403:13:403:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:381:21:381:23 | obj | obj | tests.js:403:13:403:15 | dst | dst | | tests.js:419:13:419:15 | dst | tests.js:413:14:413:16 | key | tests.js:419:13:419:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:413:21:413:23 | src | src | tests.js:419:13:419:15 | dst | dst | @@ -3547,5 +1371,5 @@ edges | tests.js:477:13:477:15 | dst | tests.js:473:25:473:27 | key | tests.js:477:13:477:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:473:12:473:14 | src | src | tests.js:477:13:477:15 | dst | dst | | tests.js:489:13:489:15 | dst | tests.js:484:14:484:16 | key | tests.js:489:13:489:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:484:21:484:23 | src | src | tests.js:489:13:489:15 | dst | dst | | tests.js:517:35:517:37 | dst | tests.js:511:19:511:25 | keys[i] | tests.js:517:35:517:37 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:509:28:509:30 | src | src | tests.js:517:35:517:37 | dst | dst | -| tests.js:529:13:529:15 | dst | tests.js:525:14:525:16 | key | tests.js:529:13:529:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:525:21:525:23 | src | src | tests.js:529:13:529:15 | dst | dst | | tests.js:547:13:547:15 | dst | tests.js:538:18:538:24 | keys[i] | tests.js:547:13:547:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:535:30:535:32 | obj | obj | tests.js:547:13:547:15 | dst | dst | +| tests.js:605:13:605:16 | dest | tests.js:601:16:601:18 | key | tests.js:605:13:605:16 | dest | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:601:35:601:40 | source | source | tests.js:605:13:605:16 | dest | dest | diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/tests.js b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/tests.js index 2efba5e773e4..14a0a19fb626 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/tests.js +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/tests.js @@ -513,7 +513,7 @@ function usingDefineProperty(dst, src) { usingDefineProperty(dst[key], src[key]); } else { var descriptor = {}; - descriptor.value = src[key]; + descriptor.value = src[key]; Object.defineProperty(dst, key, descriptor); // NOT OK } } @@ -587,3 +587,22 @@ function indirectHasOwn(dst, src) { function hasOwn(obj, key) { return obj.hasOwnProperty(key) } + +function captureBarrier(obj) { + if (!obj || typeof obj !== 'object') { + return obj; // 'obj' is captured but should not propagate through here + } + const fn = () => obj; + fn(); + return "safe"; +} + +function merge_captureBarrier(dest, source) { + for (const key of Object.keys(source)) { + if (dest[key]) { + merge_captureBarrier(dest[key], source[key]); + } else { + dest[key] = captureBarrier(source[key]); // OK - but currently flagged anyway + } + } +} From a5c221fcfc819a54319784ded9474437b626c3c7 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:42:40 +0200 Subject: [PATCH 059/223] JS: Port PrototypePollutingMergeCall --- .../dataflow/PrototypePollutionQuery.qll | 45 ++++++++- .../CWE-915/PrototypePollutingMergeCall.ql | 8 +- .../PrototypePollutingMergeCall.expected | 99 ++++++++----------- 3 files changed, 88 insertions(+), 64 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll index 165b3ffc07bb..3e5b360b21ea 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll @@ -14,7 +14,10 @@ import semmle.javascript.dependencies.SemVer import PrototypePollutionCustomizations::PrototypePollution // Materialize flow labels -private class ConcreteTaintedObjectWrapper extends TaintedObjectWrapper { +/** + * We no longer use this flow label, since it does not work in a world where flow states inherit taint steps. + */ +deprecated private class ConcreteTaintedObjectWrapper extends TaintedObjectWrapper { ConcreteTaintedObjectWrapper() { this = this } } @@ -22,7 +25,45 @@ private class ConcreteTaintedObjectWrapper extends TaintedObjectWrapper { * A taint tracking configuration for user-controlled objects flowing into deep `extend` calls, * leading to prototype pollution. */ -class Configuration extends TaintTracking::Configuration { +module PrototypePollutionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node node, DataFlow::FlowLabel label) { + node.(Source).getAFlowLabel() = label + } + + predicate isSink(DataFlow::Node node, DataFlow::FlowLabel label) { + node.(Sink).getAFlowLabel() = label + } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node dst, DataFlow::FlowLabel outlbl + ) { + TaintedObject::step(src, dst, inlbl, outlbl) + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // For recursive merge sinks, the deeply tainted object only needs to be reachable from the input, the input itself + // does not need to be deeply tainted. + isSink(node, TaintedObject::label()) and + contents = DataFlow::ContentSet::anyProperty() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node = TaintedObject::SanitizerGuard::getABarrierNode(label) + } +} + +/** + * Taint tracking for user-controlled objects flowing into deep `extend` calls, + * leading to prototype pollution. + */ +module PrototypePollutionFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `PrototypePollutionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "PrototypePollution" } override predicate isSource(DataFlow::Node node, DataFlow::FlowLabel label) { diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql index 0bc84b82d45c..b23d7caa8d8b 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql @@ -19,13 +19,11 @@ import javascript import semmle.javascript.security.dataflow.PrototypePollutionQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string moduleName, - Locatable dependencyLoc +from PathNode source, PathNode sink, string moduleName, Locatable dependencyLoc where - cfg.hasFlowPath(source, sink) and + PrototypePollutionFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and sink.getNode().(Sink).dependencyInfo(moduleName, dependencyLoc) select sink.getNode(), source, sink, "Prototype pollution caused by merging a $@ using a vulnerable version of $@.", source, diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected index a697bd247604..29d49ed71a4d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected @@ -1,77 +1,62 @@ nodes -| angularmerge.js:1:30:1:34 | event | -| angularmerge.js:1:30:1:34 | event | -| angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | -| angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | -| angularmerge.js:2:32:2:36 | event | -| angularmerge.js:2:32:2:41 | event.data | -| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | -| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | -| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | -| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | -| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | -| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | -| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | -| webix/webix.html:3:34:3:38 | event | -| webix/webix.html:3:34:3:38 | event | -| webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | -| webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | -| webix/webix.html:4:37:4:41 | event | -| webix/webix.html:4:37:4:46 | event.data | -| webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | -| webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | -| webix/webix.html:5:35:5:39 | event | -| webix/webix.html:5:35:5:44 | event.data | -| webix/webix.js:3:30:3:34 | event | -| webix/webix.js:3:30:3:34 | event | -| webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | -| webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | -| webix/webix.js:4:33:4:37 | event | -| webix/webix.js:4:33:4:42 | event.data | -| webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | -| webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | -| webix/webix.js:5:31:5:35 | event | -| webix/webix.js:5:31:5:40 | event.data | +| angularmerge.js:1:30:1:34 | event | semmle.label | event | +| angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | semmle.label | JSON.pa ... t.data) | +| angularmerge.js:2:32:2:36 | event | semmle.label | event | +| angularmerge.js:2:32:2:41 | event.data | semmle.label | event.data | +| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | semmle.label | req.query.foo | +| src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | semmle.label | [post update] {\\n ... K\\n } [value] | +| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | semmle.label | {\\n ... K\\n } | +| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } [value] | semmle.label | {\\n ... K\\n } [value] | +| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | semmle.label | req.query.value | +| src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | semmle.label | opts [thing] | +| src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | semmle.label | {\\n ... e\\n } [thing] | +| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | semmle.label | req.query.value | +| src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | semmle.label | [post update] {\\n ... K\\n } [value] | +| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | semmle.label | {\\n ... K\\n } | +| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } [value] | semmle.label | {\\n ... K\\n } [value] | +| src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | semmle.label | opts [thing] | +| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | semmle.label | opts.thing | +| webix/webix.html:3:34:3:38 | event | semmle.label | event | +| webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | semmle.label | JSON.pa ... t.data) | +| webix/webix.html:4:37:4:41 | event | semmle.label | event | +| webix/webix.html:4:37:4:46 | event.data | semmle.label | event.data | +| webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | semmle.label | JSON.pa ... t.data) | +| webix/webix.html:5:35:5:39 | event | semmle.label | event | +| webix/webix.html:5:35:5:44 | event.data | semmle.label | event.data | +| webix/webix.js:3:30:3:34 | event | semmle.label | event | +| webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | semmle.label | JSON.pa ... t.data) | +| webix/webix.js:4:33:4:37 | event | semmle.label | event | +| webix/webix.js:4:33:4:42 | event.data | semmle.label | event.data | +| webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | semmle.label | JSON.pa ... t.data) | +| webix/webix.js:5:31:5:35 | event | semmle.label | event | +| webix/webix.js:5:31:5:40 | event.data | semmle.label | event.data | edges | angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event | -| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event | | angularmerge.js:2:32:2:36 | event | angularmerge.js:2:32:2:41 | event.data | | angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | -| angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | -| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | -| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | -| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | -| webix/webix.html:3:34:3:38 | event | webix/webix.html:4:37:4:41 | event | +| src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } [value] | +| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | +| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | +| src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | +| src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | +| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | +| src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } [value] | +| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | +| src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | +| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | | webix/webix.html:3:34:3:38 | event | webix/webix.html:4:37:4:41 | event | | webix/webix.html:3:34:3:38 | event | webix/webix.html:5:35:5:39 | event | -| webix/webix.html:3:34:3:38 | event | webix/webix.html:5:35:5:39 | event | | webix/webix.html:4:37:4:41 | event | webix/webix.html:4:37:4:46 | event.data | | webix/webix.html:4:37:4:46 | event.data | webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | -| webix/webix.html:4:37:4:46 | event.data | webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | | webix/webix.html:5:35:5:39 | event | webix/webix.html:5:35:5:44 | event.data | | webix/webix.html:5:35:5:44 | event.data | webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | -| webix/webix.html:5:35:5:44 | event.data | webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | -| webix/webix.js:3:30:3:34 | event | webix/webix.js:4:33:4:37 | event | | webix/webix.js:3:30:3:34 | event | webix/webix.js:4:33:4:37 | event | | webix/webix.js:3:30:3:34 | event | webix/webix.js:5:31:5:35 | event | -| webix/webix.js:3:30:3:34 | event | webix/webix.js:5:31:5:35 | event | | webix/webix.js:4:33:4:37 | event | webix/webix.js:4:33:4:42 | event.data | | webix/webix.js:4:33:4:42 | event.data | webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | -| webix/webix.js:4:33:4:42 | event.data | webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | | webix/webix.js:5:31:5:35 | event | webix/webix.js:5:31:5:40 | event.data | | webix/webix.js:5:31:5:40 | event.data | webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | -| webix/webix.js:5:31:5:40 | event.data | webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | +subpaths #select | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | angularmerge.js:1:30:1:34 | event | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | angularmerge.js:1:30:1:34 | event | user-controlled value | angularmerge.js:2:3:2:43 | angular ... .data)) | angular | | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | user-controlled value | src-vulnerable-lodash/package.json:3:19:3:26 | "4.17.4" | lodash | From b8a6f8166925f49c296392c22c31422396937185 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:43:14 +0200 Subject: [PATCH 060/223] JS: Port CleartextLogging --- .../CleartextLoggingCustomizations.qll | 69 +-- .../dataflow/CleartextLoggingQuery.qll | 33 +- .../src/Security/CWE-312/CleartextLogging.ql | 6 +- .../CWE-312/CleartextLogging.expected | 411 ++++++------------ 4 files changed, 215 insertions(+), 304 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll index c783a9c3cfc2..77e8b5f92bc8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll @@ -16,14 +16,20 @@ module CleartextLogging { /** Gets a string that describes the type of this data flow source. */ abstract string describe(); - abstract DataFlow::FlowLabel getLabel(); + /** + * DEPRECATED. Overriding this predicate no longer has any effect. + */ + deprecated DataFlow::FlowLabel getLabel() { result.isTaint() } } /** * A data flow sink for clear-text logging of sensitive information. */ abstract class Sink extends DataFlow::Node { - DataFlow::FlowLabel getLabel() { result.isTaint() } + /** + * DEPRECATED. Overriding this predicate no longer has any effect. + */ + deprecated DataFlow::FlowLabel getLabel() { result.isTaint() } } /** @@ -103,29 +109,28 @@ module CleartextLogging { abstract private class NonCleartextPassword extends DataFlow::Node { } /** - * An object with a property that may contain password information - * - * This is a source since `console.log(obj)` will show the properties of `obj`. + * A value stored in a property that may contain password information */ private class ObjectPasswordPropertySource extends DataFlow::ValueNode, Source { string name; ObjectPasswordPropertySource() { exists(DataFlow::PropWrite write | + write.getPropertyName() = name and name.regexpMatch(maybePassword()) and not name.regexpMatch(notSensitiveRegexp()) and - write = this.(DataFlow::SourceNode).getAPropertyWrite(name) and + this = write.getRhs() and // avoid safe values assigned to presumably unsafe names - not write.getRhs() instanceof NonCleartextPassword + not this instanceof NonCleartextPassword ) } override string describe() { result = "an access to " + name } - - override DataFlow::FlowLabel getLabel() { result.isTaint() } } - /** An access to a variable or property that might contain a password. */ + /** + * An access to a variable or property that might contain a password. + */ private class ReadPasswordSource extends DataFlow::ValueNode, Source { string name; @@ -147,8 +152,6 @@ module CleartextLogging { } override string describe() { result = "an access to " + name } - - override DataFlow::FlowLabel getLabel() { result.isTaint() } } /** A call that might return a password. */ @@ -161,8 +164,6 @@ module CleartextLogging { } override string describe() { result = "a call to " + name } - - override DataFlow::FlowLabel getLabel() { result.isTaint() } } /** An access to the sensitive object `process.env`. */ @@ -170,8 +171,28 @@ module CleartextLogging { ProcessEnvSource() { this = NodeJSLib::process().getAPropertyRead("env") } override string describe() { result = "process environment" } + } - override DataFlow::FlowLabel getLabel() { result.isTaint() } + /** Gets a data flow node referring to `process.env`. */ + private DataFlow::SourceNode processEnv(DataFlow::TypeTracker t) { + t.start() and + result instanceof ProcessEnvSource + or + exists(DataFlow::TypeTracker t2 | result = processEnv(t2).track(t2, t)) + } + + /** Gets a data flow node referring to `process.env`. */ + DataFlow::SourceNode processEnv() { result = processEnv(DataFlow::TypeTracker::end()) } + + /** + * A property access on `process.env`, seen as a barrier. + */ + private class SafeEnvironmentVariableBarrier extends Barrier instanceof DataFlow::PropRead { + SafeEnvironmentVariableBarrier() { + this = processEnv().getAPropertyRead() and + // If the name is known, it should not be sensitive + not nameIndicatesSensitiveData(this.getPropertyName(), _) + } } /** @@ -183,26 +204,10 @@ module CleartextLogging { succ.(DataFlow::PropRead).getBase() = pred } - private class PropReadAsBarrier extends Barrier { - PropReadAsBarrier() { - this = any(DataFlow::PropRead read).getBase() and - // the 'foo' in 'foo.bar()' may have flow, we only want to suppress plain property reads - not this = any(DataFlow::MethodCallNode call).getReceiver() and - // do not block custom taint steps from this node - not isAdditionalTaintStep(this, _) - } - } - /** * Holds if the edge `src` -> `trg` is an additional taint-step for clear-text logging of sensitive information. */ predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - // A taint propagating data flow edge through objects: a tainted write taints the entire object. - exists(DataFlow::PropWrite write | - write.getRhs() = src and - trg.(DataFlow::SourceNode).flowsTo(write.getBase()) - ) - or // A property-copy step, // dst[x] = src[x] // dst[x] = JSON.stringify(src[x]) @@ -218,7 +223,7 @@ module CleartextLogging { not exists(read.getPropertyName()) and not isFilteredPropertyName(read.getPropertyNameExpr().flow().getALocalSource()) and src = read.getBase() and - trg = write.getBase().getALocalSource() + trg = write.getBase().getPostUpdateNode() ) or // Taint through the arguments object. diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll index fe0a1073e081..2d222be12141 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll @@ -20,7 +20,38 @@ private import CleartextLoggingCustomizations::CleartextLogging as CleartextLogg * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module CleartextLoggingConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Barrier } + + predicate isBarrierIn(DataFlow::Node node) { + // We rely on heuristic sources, which tends to cause sources to overlap + isSource(node) + } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { + CleartextLogging::isAdditionalTaintStep(src, trg) + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // Assume all properties of a logged object are themselves logged. + contents = DataFlow::ContentSet::anyProperty() and + isSink(node) + } +} + +/** + * Taint tracking flow for clear-text logging of sensitive information. + */ +module CleartextLoggingFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `CleartextLoggingFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "CleartextLogging" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { diff --git a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql index 02779fa2e05f..dbc791cbaaa7 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql @@ -15,7 +15,7 @@ import javascript import semmle.javascript.security.dataflow.CleartextLoggingQuery -import DataFlow::PathGraph +import CleartextLoggingFlow::PathGraph /** * Holds if `tl` is used in a browser environment. @@ -33,9 +33,9 @@ predicate inBrowserEnvironment(TopLevel tl) { ) } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +from CleartextLoggingFlow::PathNode source, CleartextLoggingFlow::PathNode sink where - cfg.hasFlowPath(source, sink) and + CleartextLoggingFlow::flowPath(source, sink) and // ignore logging to the browser console (even though it is not a good practice) not inBrowserEnvironment(sink.getNode().asExpr().getTopLevel()) select sink.getNode(), source, sink, "This logs sensitive data returned by $@ as clear text.", diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index 01df8b2b672a..181408ccdaaa 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -1,300 +1,175 @@ -nodes -| passwords.js:2:17:2:24 | password | -| passwords.js:2:17:2:24 | password | -| passwords.js:2:17:2:24 | password | -| passwords.js:3:17:3:26 | o.password | -| passwords.js:3:17:3:26 | o.password | -| passwords.js:3:17:3:26 | o.password | -| passwords.js:4:17:4:29 | getPassword() | -| passwords.js:4:17:4:29 | getPassword() | -| passwords.js:4:17:4:29 | getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:7:20:7:20 | x | -| passwords.js:8:21:8:21 | x | -| passwords.js:8:21:8:21 | x | -| passwords.js:10:11:10:18 | password | -| passwords.js:10:11:10:18 | password | -| passwords.js:12:18:12:25 | password | -| passwords.js:12:18:12:25 | password | -| passwords.js:12:18:12:25 | password | -| passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:31:14:38 | password | -| passwords.js:14:31:14:38 | password | -| passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:29:16:36 | password | -| passwords.js:16:29:16:36 | password | -| passwords.js:18:9:20:5 | obj1 | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | -| passwords.js:21:17:21:20 | obj1 | -| passwords.js:21:17:21:20 | obj1 | -| passwords.js:23:9:25:5 | obj2 | -| passwords.js:23:16:25:5 | {\\n ... d\\n } | -| passwords.js:24:12:24:19 | password | -| passwords.js:24:12:24:19 | password | -| passwords.js:26:17:26:20 | obj2 | -| passwords.js:26:17:26:20 | obj2 | -| passwords.js:28:9:28:17 | obj3 | -| passwords.js:28:16:28:17 | {} | -| passwords.js:29:17:29:20 | obj3 | -| passwords.js:29:17:29:20 | obj3 | -| passwords.js:30:14:30:21 | password | -| passwords.js:30:14:30:21 | password | -| passwords.js:77:37:77:53 | req.body.password | -| passwords.js:77:37:77:53 | req.body.password | -| passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:80:9:80:25 | secret | -| passwords.js:80:18:80:25 | password | -| passwords.js:80:18:80:25 | password | -| passwords.js:81:17:81:31 | `pw: ${secret}` | -| passwords.js:81:17:81:31 | `pw: ${secret}` | -| passwords.js:81:24:81:29 | secret | -| passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | -| passwords.js:93:39:93:46 | password | -| passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | -| passwords.js:98:39:98:46 | password | -| passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | -| passwords.js:105:39:105:46 | password | -| passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | -| passwords.js:110:39:110:46 | password | -| passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | -| passwords.js:114:43:114:50 | password | -| passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | -| passwords.js:119:39:119:46 | password | -| passwords.js:122:17:122:49 | name + ... tring() | -| passwords.js:122:17:122:49 | name + ... tring() | -| passwords.js:122:31:122:38 | password | -| passwords.js:122:31:122:38 | password | -| passwords.js:122:31:122:49 | password.toString() | -| passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:123:31:123:38 | password | -| passwords.js:123:31:123:38 | password | -| passwords.js:123:31:123:48 | password.valueOf() | -| passwords.js:127:9:132:5 | config | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:130:12:130:19 | password | -| passwords.js:130:12:130:19 | password | -| passwords.js:131:12:131:24 | getPassword() | -| passwords.js:131:12:131:24 | getPassword() | -| passwords.js:135:17:135:22 | config | -| passwords.js:135:17:135:22 | config | -| passwords.js:136:17:136:24 | config.x | -| passwords.js:136:17:136:24 | config.x | -| passwords.js:137:17:137:24 | config.y | -| passwords.js:137:17:137:24 | config.y | -| passwords.js:142:26:142:34 | arguments | -| passwords.js:142:26:142:34 | arguments | -| passwords.js:147:12:147:19 | password | -| passwords.js:147:12:147:19 | password | -| passwords.js:149:21:149:28 | config.x | -| passwords.js:150:21:150:31 | process.env | -| passwords.js:150:21:150:31 | process.env | -| passwords.js:152:9:152:63 | procdesc | -| passwords.js:152:20:152:44 | Util.in ... ss.env) | -| passwords.js:152:20:152:63 | Util.in ... /g, '') | -| passwords.js:152:33:152:43 | process.env | -| passwords.js:152:33:152:43 | process.env | -| passwords.js:154:21:154:28 | procdesc | -| passwords.js:156:17:156:27 | process.env | -| passwords.js:156:17:156:27 | process.env | -| passwords.js:156:17:156:27 | process.env | -| passwords.js:163:14:163:21 | password | -| passwords.js:163:14:163:21 | password | -| passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | -| passwords.js:164:14:164:21 | password | -| passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | -| passwords.js:169:17:169:24 | password | -| passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | -| passwords.js:170:11:170:18 | password | -| passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:173:17:173:26 | myPassword | -| passwords.js:173:17:173:26 | myPassword | -| passwords.js:173:17:173:26 | myPassword | -| passwords.js:176:17:176:26 | myPasscode | -| passwords.js:176:17:176:26 | myPasscode | -| passwords.js:176:17:176:26 | myPasscode | -| passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | -| passwords_in_server_5.js:7:12:7:12 | x | -| passwords_in_server_5.js:8:17:8:17 | x | -| passwords_in_server_5.js:8:17:8:17 | x | edges -| passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | -| passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | -| passwords.js:4:17:4:29 | getPassword() | passwords.js:4:17:4:29 | getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x | | passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x | | passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x | -| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x | -| passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | | passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | | passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:18:9:20:5 | obj1 | passwords.js:21:17:21:20 | obj1 | -| passwords.js:18:9:20:5 | obj1 | passwords.js:21:17:21:20 | obj1 | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:18:9:20:5 | obj1 | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:18:9:20:5 | obj1 | -| passwords.js:23:9:25:5 | obj2 | passwords.js:26:17:26:20 | obj2 | -| passwords.js:23:9:25:5 | obj2 | passwords.js:26:17:26:20 | obj2 | -| passwords.js:23:16:25:5 | {\\n ... d\\n } | passwords.js:23:9:25:5 | obj2 | -| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } | -| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } | -| passwords.js:28:9:28:17 | obj3 | passwords.js:29:17:29:20 | obj3 | -| passwords.js:28:9:28:17 | obj3 | passwords.js:29:17:29:20 | obj3 | -| passwords.js:28:16:28:17 | {} | passwords.js:28:9:28:17 | obj3 | -| passwords.js:30:14:30:21 | password | passwords.js:28:16:28:17 | {} | -| passwords.js:30:14:30:21 | password | passwords.js:28:16:28:17 | {} | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | +| passwords.js:18:9:20:5 | obj1 [password] | passwords.js:21:17:21:20 | obj1 [password] | +| passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | passwords.js:18:9:20:5 | obj1 [password] | +| passwords.js:19:19:19:19 | x | passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | +| passwords.js:21:17:21:20 | obj1 [password] | passwords.js:21:17:21:20 | obj1 | +| passwords.js:23:9:25:5 | obj2 [x] | passwords.js:26:17:26:20 | obj2 [x] | +| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | passwords.js:23:9:25:5 | obj2 [x] | +| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | +| passwords.js:26:17:26:20 | obj2 [x] | passwords.js:26:17:26:20 | obj2 | +| passwords.js:28:9:28:17 | obj3 [x] | passwords.js:29:17:29:20 | obj3 [x] | +| passwords.js:29:17:29:20 | obj3 [x] | passwords.js:29:17:29:20 | obj3 | +| passwords.js:30:5:30:8 | [post update] obj3 [x] | passwords.js:28:9:28:17 | obj3 [x] | +| passwords.js:30:14:30:21 | password | passwords.js:30:5:30:8 | [post update] obj3 [x] | +| passwords.js:77:9:77:55 | temp [encryptedPassword] | passwords.js:78:17:78:20 | temp [encryptedPassword] | +| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | passwords.js:77:9:77:55 | temp [encryptedPassword] | +| passwords.js:77:37:77:53 | req.body.password | passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | +| passwords.js:78:17:78:20 | temp [encryptedPassword] | passwords.js:78:17:78:38 | temp.en ... assword | | passwords.js:80:9:80:25 | secret | passwords.js:81:24:81:29 | secret | | passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret | -| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret | -| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` | | passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` | | passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | | passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | | passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | | passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | | passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | | passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | | passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() | -| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() | -| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() | | passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() | | passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() | -| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() | -| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() | | passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config | -| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config | -| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:147:12:147:19 | password | passwords.js:149:21:149:28 | config.x | -| passwords.js:147:12:147:19 | password | passwords.js:149:21:149:28 | config.x | -| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | +| passwords.js:127:9:132:5 | config [password] | passwords.js:135:17:135:22 | config [password] | +| passwords.js:127:9:132:5 | config [x] | passwords.js:135:17:135:22 | config [x] | +| passwords.js:127:9:132:5 | config [x] | passwords.js:136:17:136:22 | config [x] | +| passwords.js:127:9:132:5 | config [y] | passwords.js:135:17:135:22 | config [y] | +| passwords.js:127:9:132:5 | config [y] | passwords.js:137:17:137:22 | config [y] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | passwords.js:127:9:132:5 | config [password] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | passwords.js:127:9:132:5 | config [x] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | passwords.js:127:9:132:5 | config [y] | +| passwords.js:128:19:128:19 | x | passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | +| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | +| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | +| passwords.js:135:17:135:22 | config [password] | passwords.js:135:17:135:22 | config | +| passwords.js:135:17:135:22 | config [x] | passwords.js:135:17:135:22 | config | +| passwords.js:135:17:135:22 | config [y] | passwords.js:135:17:135:22 | config | +| passwords.js:136:17:136:22 | config [x] | passwords.js:136:17:136:24 | config.x | +| passwords.js:137:17:137:22 | config [y] | passwords.js:137:17:137:24 | config.y | +| passwords.js:146:9:148:5 | config [x] | passwords.js:149:21:149:26 | config [x] | +| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | passwords.js:146:9:148:5 | config [x] | +| passwords.js:147:12:147:19 | password | passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | +| passwords.js:149:21:149:26 | config [x] | passwords.js:149:21:149:28 | config.x | | passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | | passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | | passwords.js:152:9:152:63 | procdesc | passwords.js:154:21:154:28 | procdesc | | passwords.js:152:20:152:44 | Util.in ... ss.env) | passwords.js:152:20:152:63 | Util.in ... /g, '') | | passwords.js:152:20:152:63 | Util.in ... /g, '') | passwords.js:152:9:152:63 | procdesc | | passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | -| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | | passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | -| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | -| passwords.js:156:17:156:27 | process.env | passwords.js:156:17:156:27 | process.env | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | | passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | | passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | | passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | | passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:173:17:173:26 | myPassword | passwords.js:173:17:173:26 | myPassword | -| passwords.js:176:17:176:26 | myPasscode | passwords.js:176:17:176:26 | myPasscode | -| passwords_in_browser1.js:2:13:2:20 | password | passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | passwords_in_server_4.js:2:13:2:20 | password | | passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x | -| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x | | passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x | +nodes +| passwords.js:2:17:2:24 | password | semmle.label | password | +| passwords.js:3:17:3:26 | o.password | semmle.label | o.password | +| passwords.js:4:17:4:29 | getPassword() | semmle.label | getPassword() | +| passwords.js:5:17:5:31 | o.getPassword() | semmle.label | o.getPassword() | +| passwords.js:7:20:7:20 | x | semmle.label | x | +| passwords.js:8:21:8:21 | x | semmle.label | x | +| passwords.js:10:11:10:18 | password | semmle.label | password | +| passwords.js:12:18:12:25 | password | semmle.label | password | +| passwords.js:14:17:14:38 | name + ... assword | semmle.label | name + ... assword | +| passwords.js:14:31:14:38 | password | semmle.label | password | +| passwords.js:16:17:16:38 | `${name ... sword}` | semmle.label | `${name ... sword}` | +| passwords.js:16:29:16:36 | password | semmle.label | password | +| passwords.js:18:9:20:5 | obj1 [password] | semmle.label | obj1 [password] | +| passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | semmle.label | {\\n ... x\\n } [password] | +| passwords.js:19:19:19:19 | x | semmle.label | x | +| passwords.js:21:17:21:20 | obj1 | semmle.label | obj1 | +| passwords.js:21:17:21:20 | obj1 [password] | semmle.label | obj1 [password] | +| passwords.js:23:9:25:5 | obj2 [x] | semmle.label | obj2 [x] | +| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | semmle.label | {\\n ... d\\n } [x] | +| passwords.js:24:12:24:19 | password | semmle.label | password | +| passwords.js:26:17:26:20 | obj2 | semmle.label | obj2 | +| passwords.js:26:17:26:20 | obj2 [x] | semmle.label | obj2 [x] | +| passwords.js:28:9:28:17 | obj3 [x] | semmle.label | obj3 [x] | +| passwords.js:29:17:29:20 | obj3 | semmle.label | obj3 | +| passwords.js:29:17:29:20 | obj3 [x] | semmle.label | obj3 [x] | +| passwords.js:30:5:30:8 | [post update] obj3 [x] | semmle.label | [post update] obj3 [x] | +| passwords.js:30:14:30:21 | password | semmle.label | password | +| passwords.js:77:9:77:55 | temp [encryptedPassword] | semmle.label | temp [encryptedPassword] | +| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | semmle.label | { encry ... sword } [encryptedPassword] | +| passwords.js:77:37:77:53 | req.body.password | semmle.label | req.body.password | +| passwords.js:78:17:78:20 | temp [encryptedPassword] | semmle.label | temp [encryptedPassword] | +| passwords.js:78:17:78:38 | temp.en ... assword | semmle.label | temp.en ... assword | +| passwords.js:80:9:80:25 | secret | semmle.label | secret | +| passwords.js:80:18:80:25 | password | semmle.label | password | +| passwords.js:81:17:81:31 | `pw: ${secret}` | semmle.label | `pw: ${secret}` | +| passwords.js:81:24:81:29 | secret | semmle.label | secret | +| passwords.js:93:21:93:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:93:39:93:46 | password | semmle.label | password | +| passwords.js:98:21:98:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:98:39:98:46 | password | semmle.label | password | +| passwords.js:105:21:105:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:105:39:105:46 | password | semmle.label | password | +| passwords.js:110:21:110:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:110:39:110:46 | password | semmle.label | password | +| passwords.js:114:25:114:50 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:114:43:114:50 | password | semmle.label | password | +| passwords.js:119:21:119:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:119:39:119:46 | password | semmle.label | password | +| passwords.js:122:17:122:49 | name + ... tring() | semmle.label | name + ... tring() | +| passwords.js:122:31:122:38 | password | semmle.label | password | +| passwords.js:122:31:122:49 | password.toString() | semmle.label | password.toString() | +| passwords.js:123:17:123:48 | name + ... lueOf() | semmle.label | name + ... lueOf() | +| passwords.js:123:31:123:38 | password | semmle.label | password | +| passwords.js:123:31:123:48 | password.valueOf() | semmle.label | password.valueOf() | +| passwords.js:127:9:132:5 | config [password] | semmle.label | config [password] | +| passwords.js:127:9:132:5 | config [x] | semmle.label | config [x] | +| passwords.js:127:9:132:5 | config [y] | semmle.label | config [y] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | semmle.label | {\\n ... )\\n } [password] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | semmle.label | {\\n ... )\\n } [x] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | semmle.label | {\\n ... )\\n } [y] | +| passwords.js:128:19:128:19 | x | semmle.label | x | +| passwords.js:130:12:130:19 | password | semmle.label | password | +| passwords.js:131:12:131:24 | getPassword() | semmle.label | getPassword() | +| passwords.js:135:17:135:22 | config | semmle.label | config | +| passwords.js:135:17:135:22 | config [password] | semmle.label | config [password] | +| passwords.js:135:17:135:22 | config [x] | semmle.label | config [x] | +| passwords.js:135:17:135:22 | config [y] | semmle.label | config [y] | +| passwords.js:136:17:136:22 | config [x] | semmle.label | config [x] | +| passwords.js:136:17:136:24 | config.x | semmle.label | config.x | +| passwords.js:137:17:137:22 | config [y] | semmle.label | config [y] | +| passwords.js:137:17:137:24 | config.y | semmle.label | config.y | +| passwords.js:142:26:142:34 | arguments | semmle.label | arguments | +| passwords.js:146:9:148:5 | config [x] | semmle.label | config [x] | +| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | semmle.label | {\\n ... d\\n } [x] | +| passwords.js:147:12:147:19 | password | semmle.label | password | +| passwords.js:149:21:149:26 | config [x] | semmle.label | config [x] | +| passwords.js:149:21:149:28 | config.x | semmle.label | config.x | +| passwords.js:150:21:150:31 | process.env | semmle.label | process.env | +| passwords.js:152:9:152:63 | procdesc | semmle.label | procdesc | +| passwords.js:152:20:152:44 | Util.in ... ss.env) | semmle.label | Util.in ... ss.env) | +| passwords.js:152:20:152:63 | Util.in ... /g, '') | semmle.label | Util.in ... /g, '') | +| passwords.js:152:33:152:43 | process.env | semmle.label | process.env | +| passwords.js:154:21:154:28 | procdesc | semmle.label | procdesc | +| passwords.js:156:17:156:27 | process.env | semmle.label | process.env | +| passwords.js:163:14:163:21 | password | semmle.label | password | +| passwords.js:163:14:163:41 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:164:14:164:21 | password | semmle.label | password | +| passwords.js:164:14:164:42 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:169:17:169:24 | password | semmle.label | password | +| passwords.js:169:17:169:45 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:170:11:170:18 | password | semmle.label | password | +| passwords.js:170:11:170:39 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:173:17:173:26 | myPassword | semmle.label | myPassword | +| passwords.js:176:17:176:26 | myPasscode | semmle.label | myPasscode | +| passwords_in_browser1.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_browser2.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_server_1.js:6:13:6:20 | password | semmle.label | password | +| passwords_in_server_2.js:3:13:3:20 | password | semmle.label | password | +| passwords_in_server_3.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_server_4.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_server_5.js:4:7:4:24 | req.query.password | semmle.label | req.query.password | +| passwords_in_server_5.js:7:12:7:12 | x | semmle.label | x | +| passwords_in_server_5.js:8:17:8:17 | x | semmle.label | x | +subpaths #select | passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | This logs sensitive data returned by $@ as clear text. | passwords.js:2:17:2:24 | password | an access to password | | passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | This logs sensitive data returned by $@ as clear text. | passwords.js:3:17:3:26 | o.password | an access to password | @@ -304,7 +179,7 @@ edges | passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | This logs sensitive data returned by $@ as clear text. | passwords.js:12:18:12:25 | password | an access to password | | passwords.js:14:17:14:38 | name + ... assword | passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:14:31:14:38 | password | an access to password | | passwords.js:16:17:16:38 | `${name ... sword}` | passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | This logs sensitive data returned by $@ as clear text. | passwords.js:16:29:16:36 | password | an access to password | -| passwords.js:21:17:21:20 | obj1 | passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:21:17:21:20 | obj1 | This logs sensitive data returned by $@ as clear text. | passwords.js:18:16:20:5 | {\\n ... x\\n } | an access to password | +| passwords.js:21:17:21:20 | obj1 | passwords.js:19:19:19:19 | x | passwords.js:21:17:21:20 | obj1 | This logs sensitive data returned by $@ as clear text. | passwords.js:19:19:19:19 | x | an access to password | | passwords.js:26:17:26:20 | obj2 | passwords.js:24:12:24:19 | password | passwords.js:26:17:26:20 | obj2 | This logs sensitive data returned by $@ as clear text. | passwords.js:24:12:24:19 | password | an access to password | | passwords.js:29:17:29:20 | obj3 | passwords.js:30:14:30:21 | password | passwords.js:29:17:29:20 | obj3 | This logs sensitive data returned by $@ as clear text. | passwords.js:30:14:30:21 | password | an access to password | | passwords.js:78:17:78:38 | temp.en ... assword | passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:77:37:77:53 | req.body.password | an access to password | @@ -317,7 +192,7 @@ edges | passwords.js:119:21:119:46 | "Passwo ... assword | passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:119:39:119:46 | password | an access to password | | passwords.js:122:17:122:49 | name + ... tring() | passwords.js:122:31:122:38 | password | passwords.js:122:17:122:49 | name + ... tring() | This logs sensitive data returned by $@ as clear text. | passwords.js:122:31:122:38 | password | an access to password | | passwords.js:123:17:123:48 | name + ... lueOf() | passwords.js:123:31:123:38 | password | passwords.js:123:17:123:48 | name + ... lueOf() | This logs sensitive data returned by $@ as clear text. | passwords.js:123:31:123:38 | password | an access to password | -| passwords.js:135:17:135:22 | config | passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:127:18:132:5 | {\\n ... )\\n } | an access to password | +| passwords.js:135:17:135:22 | config | passwords.js:128:19:128:19 | x | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:128:19:128:19 | x | an access to password | | passwords.js:135:17:135:22 | config | passwords.js:130:12:130:19 | password | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:130:12:130:19 | password | an access to password | | passwords.js:135:17:135:22 | config | passwords.js:131:12:131:24 | getPassword() | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:131:12:131:24 | getPassword() | a call to getPassword | | passwords.js:136:17:136:24 | config.x | passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | This logs sensitive data returned by $@ as clear text. | passwords.js:130:12:130:19 | password | an access to password | From 40d68cb4dc9bbb792f191308b8dc6d1299a60b1e Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:43:27 +0200 Subject: [PATCH 061/223] JS: Port CleartextStorage --- .../dataflow/CleartextStorageQuery.qll | 15 ++++- .../src/Security/CWE-312/CleartextStorage.ql | 6 +- .../CWE-312/CleartextStorage.expected | 65 +++++-------------- 3 files changed, 34 insertions(+), 52 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll index cb97badf0ecb..d4ee8a8297dd 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll @@ -19,7 +19,20 @@ import CleartextStorageCustomizations::CleartextStorage * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module ClearTextStorageConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +module ClearTextStorageFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ClearTextStorageFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ClearTextStorage" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql index 4660c4add9fe..6f9bef802be4 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.CleartextStorageQuery -import DataFlow::PathGraph +import ClearTextStorageFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from ClearTextStorageFlow::PathNode source, ClearTextStorageFlow::PathNode sink +where ClearTextStorageFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This stores sensitive data returned by $@ as clear text.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected index 7016dbbffa89..5d1885142c93 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected @@ -1,57 +1,26 @@ -nodes -| CleartextStorage2.js:5:7:5:58 | pw | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | -| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | -| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | -| CleartextStorage2.js:7:33:7:34 | pw | -| CleartextStorage.js:5:7:5:40 | pw | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | -| CleartextStorage.js:7:26:7:27 | pw | -| CleartextStorage.js:7:26:7:27 | pw | -| tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:6:33:6:46 | data4.password | -| tst-angularjs.js:6:33:6:46 | data4.password | -| tst-angularjs.js:6:33:6:46 | data4.password | -| tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | edges | CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw | | CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | -| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | | CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | | CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | -| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | | CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | -| tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:5:27:5:40 | data3.password | tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:6:33:6:46 | data4.password | tst-angularjs.js:6:33:6:46 | data4.password | -| tst-webstorage.js:1:18:1:30 | data.password | tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | tst-webstorage.js:4:29:4:41 | data.password | +nodes +| CleartextStorage2.js:5:7:5:58 | pw | semmle.label | pw | +| CleartextStorage2.js:5:12:5:58 | url.par ... assword | semmle.label | url.par ... assword | +| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | semmle.label | 'password=' + pw | +| CleartextStorage2.js:7:33:7:34 | pw | semmle.label | pw | +| CleartextStorage.js:5:7:5:40 | pw | semmle.label | pw | +| CleartextStorage.js:5:12:5:40 | req.par ... sword") | semmle.label | req.par ... sword") | +| CleartextStorage.js:7:26:7:27 | pw | semmle.label | pw | +| tst-angularjs.js:3:32:3:45 | data1.password | semmle.label | data1.password | +| tst-angularjs.js:4:33:4:46 | data2.password | semmle.label | data2.password | +| tst-angularjs.js:5:27:5:40 | data3.password | semmle.label | data3.password | +| tst-angularjs.js:6:33:6:46 | data4.password | semmle.label | data4.password | +| tst-webstorage.js:1:18:1:30 | data.password | semmle.label | data.password | +| tst-webstorage.js:2:27:2:39 | data.password | semmle.label | data.password | +| tst-webstorage.js:3:20:3:32 | data.password | semmle.label | data.password | +| tst-webstorage.js:4:29:4:41 | data.password | semmle.label | data.password | +subpaths #select | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | This stores sensitive data returned by $@ as clear text. | CleartextStorage2.js:5:12:5:58 | url.par ... assword | an access to current_password | | CleartextStorage.js:7:26:7:27 | pw | CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:7:26:7:27 | pw | This stores sensitive data returned by $@ as clear text. | CleartextStorage.js:5:12:5:40 | req.par ... sword") | a call to param | From ae680e747b161d2f2f9ef99bf8766079f7067984 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:45:08 +0200 Subject: [PATCH 062/223] JS: Port LoopBoundInjection --- .../LoopBoundInjectionCustomizations.qll | 40 ++++++-- .../dataflow/LoopBoundInjectionQuery.qll | 37 +++++++- .../Security/CWE-834/LoopBoundInjection.ql | 6 +- .../CWE-834/LoopBoundInjection.expected | 93 ++++++------------- 4 files changed, 98 insertions(+), 78 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll index 75f48032f3f0..c140eed07856 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll @@ -166,6 +166,30 @@ module LoopBoundInjection { */ abstract class Source extends DataFlow::Node { } + /** + * A barrier guard for looping on tainted objects with unbounded length. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** * A source of remote user input objects. */ @@ -174,12 +198,12 @@ module LoopBoundInjection { /** * A sanitizer that blocks taint flow if the array is checked to be an array using an `isArray` function. */ - class IsArraySanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { + class IsArraySanitizerGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override CallExpr astNode; IsArraySanitizerGuard() { astNode.getCalleeName() = "isArray" } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { true = outcome and e = astNode.getAnArgument() and label = TaintedObject::label() @@ -189,9 +213,7 @@ module LoopBoundInjection { /** * A sanitizer that blocks taint flow if the array is checked to be an array using an `X instanceof Array` check. */ - class InstanceofArraySanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode, - DataFlow::ValueNode - { + class InstanceofArraySanitizerGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override BinaryExpr astNode; InstanceofArraySanitizerGuard() { @@ -199,7 +221,7 @@ module LoopBoundInjection { DataFlow::globalVarRef("Array").flowsToExpr(astNode.getRightOperand()) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { true = outcome and e = astNode.getLeftOperand() and label = TaintedObject::label() @@ -211,9 +233,7 @@ module LoopBoundInjection { * * Also implicitly makes sure that only the first DoS-prone loop is selected by the query (as the .length test has outcome=false when exiting the loop). */ - class LengthCheckSanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode, - DataFlow::ValueNode - { + class LengthCheckSanitizerGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override RelationalComparison astNode; DataFlow::PropRead propRead; @@ -222,7 +242,7 @@ module LoopBoundInjection { propRead.getPropertyName() = "length" } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { false = outcome and e = propRead.getBase().asExpr() and label = TaintedObject::label() diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll index 165f96f7f298..a8316705a383 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll @@ -14,7 +14,42 @@ import LoopBoundInjectionCustomizations::LoopBoundInjection /** * A taint tracking configuration for reasoning about looping on tainted objects with unbounded length. */ -class Configuration extends TaintTracking::Configuration { +module LoopBoundInjectionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source instanceof Source and label = TaintedObject::label() + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink instanceof Sink and label = TaintedObject::label() + } + + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) or + node = TaintedObject::SanitizerGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node trg, DataFlow::FlowLabel outlbl + ) { + TaintedObject::step(src, trg, inlbl, outlbl) + } +} + +/** + * Taint tracking configuration for reasoning about looping on tainted objects with unbounded length. + */ +module LoopBoundInjectionFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `LoopBoundInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "LoopBoundInjection" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql index 1970378ea9aa..8a8c74e9847d 100644 --- a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql +++ b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.LoopBoundInjectionQuery -import DataFlow::PathGraph +import LoopBoundInjectionFlow::PathGraph -from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink -where dataflow.hasFlowPath(source, sink) +from LoopBoundInjectionFlow::PathNode source, LoopBoundInjectionFlow::PathNode sink +where LoopBoundInjectionFlow::flowPath(source, sink) select sink, source, sink, "Iteration over a user-controlled object with a potentially unbounded .length property from a $@.", source, "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected b/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected index 7000c777eee1..464b21ca14e1 100644 --- a/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected @@ -1,86 +1,51 @@ -nodes -| LoopBoundInjectionBad.js:8:13:8:20 | req.body | -| LoopBoundInjectionBad.js:8:13:8:20 | req.body | -| LoopBoundInjectionBad.js:10:15:10:22 | req.body | -| LoopBoundInjectionBad.js:10:15:10:22 | req.body | -| LoopBoundInjectionBad.js:12:25:12:32 | req.body | -| LoopBoundInjectionBad.js:12:25:12:32 | req.body | -| LoopBoundInjectionBad.js:14:19:14:26 | req.body | -| LoopBoundInjectionBad.js:14:19:14:26 | req.body | -| LoopBoundInjectionBad.js:17:18:17:20 | val | -| LoopBoundInjectionBad.js:20:25:20:27 | val | -| LoopBoundInjectionBad.js:20:25:20:27 | val | -| LoopBoundInjectionBad.js:25:20:25:22 | val | -| LoopBoundInjectionBad.js:29:16:29:18 | val | -| LoopBoundInjectionBad.js:29:16:29:18 | val | -| LoopBoundInjectionBad.js:35:30:35:32 | val | -| LoopBoundInjectionBad.js:38:15:38:17 | val | -| LoopBoundInjectionBad.js:38:15:38:17 | val | -| LoopBoundInjectionBad.js:46:24:46:26 | val | -| LoopBoundInjectionBad.js:51:25:51:27 | val | -| LoopBoundInjectionBad.js:51:25:51:27 | val | -| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | -| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | -| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | -| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | -| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | -| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | -| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | -| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | -| LoopBoundInjectionExitBad.js:17:17:17:19 | val | -| LoopBoundInjectionExitBad.js:20:22:20:24 | val | -| LoopBoundInjectionExitBad.js:20:22:20:24 | val | -| LoopBoundInjectionExitBad.js:31:17:31:19 | val | -| LoopBoundInjectionExitBad.js:34:22:34:24 | val | -| LoopBoundInjectionExitBad.js:34:22:34:24 | val | -| LoopBoundInjectionExitBad.js:46:18:46:20 | val | -| LoopBoundInjectionExitBad.js:49:22:49:24 | val | -| LoopBoundInjectionExitBad.js:49:22:49:24 | val | -| LoopBoundInjectionExitBad.js:59:22:59:24 | val | -| LoopBoundInjectionExitBad.js:60:8:60:10 | val | -| LoopBoundInjectionExitBad.js:60:8:60:10 | val | -| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | -| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | -| LoopBoundInjectionLodash.js:12:18:12:20 | val | -| LoopBoundInjectionLodash.js:13:13:13:15 | val | -| LoopBoundInjectionLodash.js:13:13:13:15 | val | edges | LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:17:18:17:20 | val | -| LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:17:18:17:20 | val | -| LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:25:20:25:22 | val | | LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:25:20:25:22 | val | | LoopBoundInjectionBad.js:12:25:12:32 | req.body | LoopBoundInjectionBad.js:35:30:35:32 | val | -| LoopBoundInjectionBad.js:12:25:12:32 | req.body | LoopBoundInjectionBad.js:35:30:35:32 | val | -| LoopBoundInjectionBad.js:14:19:14:26 | req.body | LoopBoundInjectionBad.js:46:24:46:26 | val | | LoopBoundInjectionBad.js:14:19:14:26 | req.body | LoopBoundInjectionBad.js:46:24:46:26 | val | | LoopBoundInjectionBad.js:17:18:17:20 | val | LoopBoundInjectionBad.js:20:25:20:27 | val | -| LoopBoundInjectionBad.js:17:18:17:20 | val | LoopBoundInjectionBad.js:20:25:20:27 | val | -| LoopBoundInjectionBad.js:25:20:25:22 | val | LoopBoundInjectionBad.js:29:16:29:18 | val | | LoopBoundInjectionBad.js:25:20:25:22 | val | LoopBoundInjectionBad.js:29:16:29:18 | val | | LoopBoundInjectionBad.js:35:30:35:32 | val | LoopBoundInjectionBad.js:38:15:38:17 | val | -| LoopBoundInjectionBad.js:35:30:35:32 | val | LoopBoundInjectionBad.js:38:15:38:17 | val | | LoopBoundInjectionBad.js:46:24:46:26 | val | LoopBoundInjectionBad.js:51:25:51:27 | val | -| LoopBoundInjectionBad.js:46:24:46:26 | val | LoopBoundInjectionBad.js:51:25:51:27 | val | -| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | LoopBoundInjectionExitBad.js:17:17:17:19 | val | | LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | LoopBoundInjectionExitBad.js:17:17:17:19 | val | | LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | LoopBoundInjectionExitBad.js:31:17:31:19 | val | -| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | LoopBoundInjectionExitBad.js:31:17:31:19 | val | -| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | LoopBoundInjectionExitBad.js:46:18:46:20 | val | | LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | LoopBoundInjectionExitBad.js:46:18:46:20 | val | | LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | LoopBoundInjectionExitBad.js:59:22:59:24 | val | -| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | LoopBoundInjectionExitBad.js:59:22:59:24 | val | | LoopBoundInjectionExitBad.js:17:17:17:19 | val | LoopBoundInjectionExitBad.js:20:22:20:24 | val | -| LoopBoundInjectionExitBad.js:17:17:17:19 | val | LoopBoundInjectionExitBad.js:20:22:20:24 | val | -| LoopBoundInjectionExitBad.js:31:17:31:19 | val | LoopBoundInjectionExitBad.js:34:22:34:24 | val | | LoopBoundInjectionExitBad.js:31:17:31:19 | val | LoopBoundInjectionExitBad.js:34:22:34:24 | val | | LoopBoundInjectionExitBad.js:46:18:46:20 | val | LoopBoundInjectionExitBad.js:49:22:49:24 | val | -| LoopBoundInjectionExitBad.js:46:18:46:20 | val | LoopBoundInjectionExitBad.js:49:22:49:24 | val | -| LoopBoundInjectionExitBad.js:59:22:59:24 | val | LoopBoundInjectionExitBad.js:60:8:60:10 | val | | LoopBoundInjectionExitBad.js:59:22:59:24 | val | LoopBoundInjectionExitBad.js:60:8:60:10 | val | | LoopBoundInjectionLodash.js:9:13:9:20 | req.body | LoopBoundInjectionLodash.js:12:18:12:20 | val | -| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | LoopBoundInjectionLodash.js:12:18:12:20 | val | -| LoopBoundInjectionLodash.js:12:18:12:20 | val | LoopBoundInjectionLodash.js:13:13:13:15 | val | | LoopBoundInjectionLodash.js:12:18:12:20 | val | LoopBoundInjectionLodash.js:13:13:13:15 | val | +nodes +| LoopBoundInjectionBad.js:8:13:8:20 | req.body | semmle.label | req.body | +| LoopBoundInjectionBad.js:10:15:10:22 | req.body | semmle.label | req.body | +| LoopBoundInjectionBad.js:12:25:12:32 | req.body | semmle.label | req.body | +| LoopBoundInjectionBad.js:14:19:14:26 | req.body | semmle.label | req.body | +| LoopBoundInjectionBad.js:17:18:17:20 | val | semmle.label | val | +| LoopBoundInjectionBad.js:20:25:20:27 | val | semmle.label | val | +| LoopBoundInjectionBad.js:25:20:25:22 | val | semmle.label | val | +| LoopBoundInjectionBad.js:29:16:29:18 | val | semmle.label | val | +| LoopBoundInjectionBad.js:35:30:35:32 | val | semmle.label | val | +| LoopBoundInjectionBad.js:38:15:38:17 | val | semmle.label | val | +| LoopBoundInjectionBad.js:46:24:46:26 | val | semmle.label | val | +| LoopBoundInjectionBad.js:51:25:51:27 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | semmle.label | req.body | +| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | semmle.label | req.body | +| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | semmle.label | req.body | +| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | semmle.label | req.body | +| LoopBoundInjectionExitBad.js:17:17:17:19 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:20:22:20:24 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:31:17:31:19 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:34:22:34:24 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:46:18:46:20 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:49:22:49:24 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:59:22:59:24 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:60:8:60:10 | val | semmle.label | val | +| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | semmle.label | req.body | +| LoopBoundInjectionLodash.js:12:18:12:20 | val | semmle.label | val | +| LoopBoundInjectionLodash.js:13:13:13:15 | val | semmle.label | val | +subpaths #select | LoopBoundInjectionBad.js:20:25:20:27 | val | LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:20:25:20:27 | val | Iteration over a user-controlled object with a potentially unbounded .length property from a $@. | LoopBoundInjectionBad.js:8:13:8:20 | req.body | user-provided value | | LoopBoundInjectionBad.js:29:16:29:18 | val | LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:29:16:29:18 | val | Iteration over a user-controlled object with a potentially unbounded .length property from a $@. | LoopBoundInjectionBad.js:10:15:10:22 | req.body | user-provided value | From e9189f965f28e3a325a568889c735d6e4691e237 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 21:45:44 +0200 Subject: [PATCH 063/223] JS: Port LogInjection --- .../security/dataflow/LogInjectionQuery.qll | 18 +- .../ql/src/Security/CWE-117/LogInjection.ql | 6 +- .../Security/CWE-117/LogInjection.expected | 222 +++++++----------- 3 files changed, 106 insertions(+), 140 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll index 6a98db71c724..e8e4847bfce8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll @@ -22,7 +22,23 @@ abstract class Sanitizer extends DataFlow::Node { } /** * A taint-tracking configuration for untrusted user input used in log entries. */ -class LogInjectionConfiguration extends TaintTracking::Configuration { +module LogInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for untrusted user input used in log entries. + */ +module LogInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `LogInjectionFlow` module instead. + */ +deprecated class LogInjectionConfiguration extends TaintTracking::Configuration { LogInjectionConfiguration() { this = "LogInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-117/LogInjection.ql b/javascript/ql/src/Security/CWE-117/LogInjection.ql index d80c3214e74b..02fe187ac48b 100644 --- a/javascript/ql/src/Security/CWE-117/LogInjection.ql +++ b/javascript/ql/src/Security/CWE-117/LogInjection.ql @@ -12,10 +12,10 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.LogInjectionQuery +import LogInjectionFlow::PathGraph -from LogInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) +from LogInjectionFlow::PathNode source, LogInjectionFlow::PathNode sink +where LogInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Log entry depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected b/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected index db473a17d2c3..0e4ce448c75a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected @@ -1,126 +1,23 @@ -nodes -| logInjectionBad.js:19:9:19:36 | q | -| logInjectionBad.js:19:13:19:36 | url.par ... , true) | -| logInjectionBad.js:19:23:19:29 | req.url | -| logInjectionBad.js:19:23:19:29 | req.url | -| logInjectionBad.js:20:9:20:35 | username | -| logInjectionBad.js:20:20:20:20 | q | -| logInjectionBad.js:20:20:20:26 | q.query | -| logInjectionBad.js:20:20:20:35 | q.query.username | -| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | -| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | -| logInjectionBad.js:22:34:22:41 | username | -| logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:25:36:25:43 | username | -| logInjectionBad.js:25:36:25:43 | username | -| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | -| logInjectionBad.js:28:24:28:31 | username | -| logInjectionBad.js:29:14:29:18 | error | -| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:30:42:30:46 | error | -| logInjectionBad.js:46:9:46:36 | q | -| logInjectionBad.js:46:13:46:36 | url.par ... , true) | -| logInjectionBad.js:46:23:46:29 | req.url | -| logInjectionBad.js:46:23:46:29 | req.url | -| logInjectionBad.js:47:9:47:35 | username | -| logInjectionBad.js:47:20:47:20 | q | -| logInjectionBad.js:47:20:47:26 | q.query | -| logInjectionBad.js:47:20:47:35 | q.query.username | -| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | -| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | -| logInjectionBad.js:49:46:49:53 | username | -| logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:50:39:50:46 | username | -| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | -| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | -| logInjectionBad.js:51:27:51:56 | colors. ... ername) | -| logInjectionBad.js:51:48:51:55 | username | -| logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | -| logInjectionBad.js:52:32:52:45 | blue(username) | -| logInjectionBad.js:52:37:52:44 | username | -| logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:53:27:53:34 | username | -| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | -| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | -| logInjectionBad.js:54:43:54:50 | username | -| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:27:55:56 | colors. ... ername) | -| logInjectionBad.js:55:48:55:55 | username | -| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:56:47:56:54 | username | -| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | -| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | -| logInjectionBad.js:57:40:57:47 | username | -| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | -| logInjectionBad.js:58:50:58:57 | username | -| logInjectionBad.js:63:9:63:36 | q | -| logInjectionBad.js:63:13:63:36 | url.par ... , true) | -| logInjectionBad.js:63:23:63:29 | req.url | -| logInjectionBad.js:63:23:63:29 | req.url | -| logInjectionBad.js:64:9:64:35 | username | -| logInjectionBad.js:64:20:64:20 | q | -| logInjectionBad.js:64:20:64:26 | q.query | -| logInjectionBad.js:64:20:64:35 | q.query.username | -| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | -| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | -| logInjectionBad.js:66:35:66:42 | username | -| logInjectionBad.js:72:9:72:36 | q | -| logInjectionBad.js:72:13:72:36 | url.par ... , true) | -| logInjectionBad.js:72:23:72:29 | req.url | -| logInjectionBad.js:72:23:72:29 | req.url | -| logInjectionBad.js:73:9:73:35 | username | -| logInjectionBad.js:73:20:73:20 | q | -| logInjectionBad.js:73:20:73:26 | q.query | -| logInjectionBad.js:73:20:73:35 | q.query.username | -| logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:113:37:113:44 | username | -| logInjectionBad.js:113:37:113:44 | username | edges +| logInjectionBad.js:7:25:7:32 | username | logInjectionBad.js:8:38:8:45 | username | | logInjectionBad.js:19:9:19:36 | q | logInjectionBad.js:20:20:20:20 | q | | logInjectionBad.js:19:13:19:36 | url.par ... , true) | logInjectionBad.js:19:9:19:36 | q | | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) | -| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) | | logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:22:34:22:41 | username | | logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username | | logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username | | logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username | | logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:28:24:28:31 | username | -| logInjectionBad.js:20:20:20:20 | q | logInjectionBad.js:20:20:20:26 | q.query | -| logInjectionBad.js:20:20:20:26 | q.query | logInjectionBad.js:20:20:20:35 | q.query.username | -| logInjectionBad.js:20:20:20:35 | q.query.username | logInjectionBad.js:20:9:20:35 | username | -| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | +| logInjectionBad.js:20:20:20:20 | q | logInjectionBad.js:20:9:20:35 | username | | logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | logInjectionBad.js:29:14:29:18 | error | +| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:7:25:7:32 | username | | logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | | logInjectionBad.js:29:14:29:18 | error | logInjectionBad.js:30:42:30:46 | error | | logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | | logInjectionBad.js:46:9:46:36 | q | logInjectionBad.js:47:20:47:20 | q | | logInjectionBad.js:46:13:46:36 | url.par ... , true) | logInjectionBad.js:46:9:46:36 | q | | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) | -| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) | | logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:49:46:49:53 | username | | logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:50:39:50:46 | username | | logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:51:48:51:55 | username | @@ -131,61 +28,114 @@ edges | logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:56:47:56:54 | username | | logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:57:40:57:47 | username | | logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:58:50:58:57 | username | -| logInjectionBad.js:47:20:47:20 | q | logInjectionBad.js:47:20:47:26 | q.query | -| logInjectionBad.js:47:20:47:26 | q.query | logInjectionBad.js:47:20:47:35 | q.query.username | -| logInjectionBad.js:47:20:47:35 | q.query.username | logInjectionBad.js:47:9:47:35 | username | -| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | +| logInjectionBad.js:47:20:47:20 | q | logInjectionBad.js:47:9:47:35 | username | | logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | | logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | | logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | | logInjectionBad.js:51:48:51:55 | username | logInjectionBad.js:51:27:51:56 | colors. ... ername) | | logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) | | logInjectionBad.js:52:32:52:45 | blue(username) | logInjectionBad.js:52:27:52:46 | bold(blue(username)) | | logInjectionBad.js:52:37:52:44 | username | logInjectionBad.js:52:32:52:45 | blue(username) | | logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | | logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | | logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | | logInjectionBad.js:55:48:55:55 | username | logInjectionBad.js:55:27:55:56 | colors. ... ername) | | logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | | logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | | logInjectionBad.js:58:50:58:57 | username | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | | logInjectionBad.js:63:9:63:36 | q | logInjectionBad.js:64:20:64:20 | q | | logInjectionBad.js:63:13:63:36 | url.par ... , true) | logInjectionBad.js:63:9:63:36 | q | | logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) | -| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) | | logInjectionBad.js:64:9:64:35 | username | logInjectionBad.js:66:35:66:42 | username | -| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:20:64:26 | q.query | -| logInjectionBad.js:64:20:64:26 | q.query | logInjectionBad.js:64:20:64:35 | q.query.username | -| logInjectionBad.js:64:20:64:35 | q.query.username | logInjectionBad.js:64:9:64:35 | username | -| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | +| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:9:64:35 | username | | logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | | logInjectionBad.js:72:9:72:36 | q | logInjectionBad.js:73:20:73:20 | q | | logInjectionBad.js:72:13:72:36 | url.par ... , true) | logInjectionBad.js:72:9:72:36 | q | | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) | -| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) | | logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | | logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username | -| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:20:73:26 | q.query | -| logInjectionBad.js:73:20:73:26 | q.query | logInjectionBad.js:73:20:73:35 | q.query.username | -| logInjectionBad.js:73:20:73:35 | q.query.username | logInjectionBad.js:73:9:73:35 | username | +| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:9:73:35 | username | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | +| logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | logInjectionBad.js:82:30:82:37 | username | +| logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | logInjectionBad.js:91:26:91:33 | username | +| logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | logInjectionBad.js:99:26:99:33 | username | +| logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | logInjectionBad.js:113:37:113:44 | username | +nodes +| logInjectionBad.js:7:25:7:32 | username | semmle.label | username | +| logInjectionBad.js:8:38:8:45 | username | semmle.label | username | +| logInjectionBad.js:19:9:19:36 | q | semmle.label | q | +| logInjectionBad.js:19:13:19:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:19:23:19:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:20:9:20:35 | username | semmle.label | username | +| logInjectionBad.js:20:20:20:20 | q | semmle.label | q | +| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | semmle.label | `[INFO] ... rname}` | +| logInjectionBad.js:22:34:22:41 | username | semmle.label | username | +| logInjectionBad.js:23:37:23:44 | username | semmle.label | username | +| logInjectionBad.js:24:35:24:42 | username | semmle.label | username | +| logInjectionBad.js:25:36:25:43 | username | semmle.label | username | +| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | semmle.label | exceptional return of check_u ... ername) | +| logInjectionBad.js:28:24:28:31 | username | semmle.label | username | +| logInjectionBad.js:29:14:29:18 | error | semmle.label | error | +| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | semmle.label | `[ERROR ... rror}"` | +| logInjectionBad.js:30:42:30:46 | error | semmle.label | error | +| logInjectionBad.js:46:9:46:36 | q | semmle.label | q | +| logInjectionBad.js:46:13:46:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:46:23:46:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:47:9:47:35 | username | semmle.label | username | +| logInjectionBad.js:47:20:47:20 | q | semmle.label | q | +| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | semmle.label | ansiCol ... ername) | +| logInjectionBad.js:49:46:49:53 | username | semmle.label | username | +| logInjectionBad.js:50:18:50:47 | colors. ... ername) | semmle.label | colors. ... ername) | +| logInjectionBad.js:50:39:50:46 | username | semmle.label | username | +| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | semmle.label | wrapAns ... e), 20) | +| logInjectionBad.js:51:27:51:56 | colors. ... ername) | semmle.label | colors. ... ername) | +| logInjectionBad.js:51:48:51:55 | username | semmle.label | username | +| logInjectionBad.js:52:17:52:47 | underli ... name))) | semmle.label | underli ... name))) | +| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | semmle.label | bold(blue(username)) | +| logInjectionBad.js:52:32:52:45 | blue(username) | semmle.label | blue(username) | +| logInjectionBad.js:52:37:52:44 | username | semmle.label | username | +| logInjectionBad.js:53:17:53:76 | highlig ... true}) | semmle.label | highlig ... true}) | +| logInjectionBad.js:53:27:53:34 | username | semmle.label | username | +| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | semmle.label | clc.red ... ername) | +| logInjectionBad.js:54:43:54:50 | username | semmle.label | username | +| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | semmle.label | sliceAn ... 20, 30) | +| logInjectionBad.js:55:27:55:56 | colors. ... ername) | semmle.label | colors. ... ername) | +| logInjectionBad.js:55:48:55:55 | username | semmle.label | username | +| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | semmle.label | kleur.b ... ername) | +| logInjectionBad.js:56:47:56:54 | username | semmle.label | username | +| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | semmle.label | chalk.u ... ername) | +| logInjectionBad.js:57:40:57:47 | username | semmle.label | username | +| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | semmle.label | stripAn ... rname)) | +| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | semmle.label | chalk.u ... ername) | +| logInjectionBad.js:58:50:58:57 | username | semmle.label | username | +| logInjectionBad.js:63:9:63:36 | q | semmle.label | q | +| logInjectionBad.js:63:13:63:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:63:23:63:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:64:9:64:35 | username | semmle.label | username | +| logInjectionBad.js:64:20:64:20 | q | semmle.label | q | +| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | semmle.label | prettyj ... ername) | +| logInjectionBad.js:66:35:66:42 | username | semmle.label | username | +| logInjectionBad.js:72:9:72:36 | q | semmle.label | q | +| logInjectionBad.js:72:13:72:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:72:23:72:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:73:9:73:35 | username | semmle.label | username | +| logInjectionBad.js:73:20:73:20 | q | semmle.label | q | +| logInjectionBad.js:75:15:75:22 | username | semmle.label | username | +| logInjectionBad.js:75:15:75:22 | username | semmle.label | username | +| logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:82:30:82:37 | username | semmle.label | username | +| logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:91:26:91:33 | username | semmle.label | username | +| logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:99:26:99:33 | username | semmle.label | username | +| logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:113:37:113:44 | username | semmle.label | username | +subpaths +| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:7:25:7:32 | username | logInjectionBad.js:8:38:8:45 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | #select | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value | | logInjectionBad.js:23:37:23:44 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:23:37:23:44 | username | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value | From 7a1aead83185c97759ef80dc1ba3ab065975e8a3 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 22:12:06 +0200 Subject: [PATCH 064/223] JS: Port ZipSlip --- .../security/dataflow/ZipSlipQuery.qll | 36 ++++- javascript/ql/src/Security/CWE-022/ZipSlip.ql | 6 +- .../Security/CWE-022/ZipSlip/ZipSlip.expected | 136 ++++-------------- 3 files changed, 61 insertions(+), 117 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll index 9aad934759dc..87da9d2b3252 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll @@ -20,7 +20,39 @@ private class ConcreteSplitPath extends TaintedPath::Label::SplitPath { } /** A taint tracking configuration for unsafe archive extraction. */ -class Configuration extends DataFlow::Configuration { +module ZipSlipConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + label = source.(Source).getAFlowLabel() + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + label = sink.(Sink).getAFlowLabel() + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof TaintedPath::Sanitizer or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 + ) { + TaintedPath::isAdditionalTaintedPathFlowStep(node1, node2, state1, state2) + } +} + +/** A taint tracking configuration for unsafe archive extraction. */ +module ZipSlipFlow = DataFlow::GlobalWithState; + +/** A taint tracking configuration for unsafe archive extraction. */ +deprecated class Configuration extends DataFlow::Configuration { Configuration() { this = "ZipSlip" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { @@ -44,6 +76,6 @@ class Configuration extends DataFlow::Configuration { DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, DataFlow::FlowLabel dstlabel ) { - TaintedPath::isAdditionalTaintedPathFlowStep(src, dst, srclabel, dstlabel) + ZipSlipConfig::isAdditionalFlowStep(src, srclabel, dst, dstlabel) } } diff --git a/javascript/ql/src/Security/CWE-022/ZipSlip.ql b/javascript/ql/src/Security/CWE-022/ZipSlip.ql index aef13830eb10..e2f13d0e1f6f 100644 --- a/javascript/ql/src/Security/CWE-022/ZipSlip.ql +++ b/javascript/ql/src/Security/CWE-022/ZipSlip.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.ZipSlipQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where ZipSlipFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select source.getNode(), source, sink, "Unsanitized archive entry, which may contain '..', is used in a $@.", sink.getNode(), "file system operation" diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected index 253bca10b039..9b147acdd885 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected @@ -1,130 +1,42 @@ nodes -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | -| ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | -| ZipSlipBad.js:7:22:7:31 | entry.path | -| ZipSlipBad.js:7:22:7:31 | entry.path | -| ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | -| ZipSlipBad.js:15:22:15:31 | entry.path | -| ZipSlipBad.js:15:22:15:31 | entry.path | -| ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | -| ZipSlipBad.js:22:22:22:31 | entry.path | -| ZipSlipBad.js:22:22:22:31 | entry.path | -| ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:30:14:30:17 | name | -| ZipSlipBad.js:30:14:30:17 | name | -| ZipSlipBad.js:30:14:30:17 | name | -| ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | -| ZipSlipBad.js:34:16:34:19 | name | -| ZipSlipBad.js:34:16:34:19 | name | -| ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | -| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | +| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | semmle.label | zipEntry.entryName | +| TarSlipBad.js:6:36:6:46 | header.name | semmle.label | header.name | +| TarSlipBad.js:9:17:9:31 | header.linkname | semmle.label | header.linkname | +| ZipSlipBad2.js:5:9:5:46 | fileName | semmle.label | fileName | +| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | semmle.label | 'output ... ry.path | +| ZipSlipBad2.js:5:37:5:46 | entry.path | semmle.label | entry.path | +| ZipSlipBad2.js:6:22:6:29 | fileName | semmle.label | fileName | +| ZipSlipBad.js:7:11:7:31 | fileName | semmle.label | fileName | +| ZipSlipBad.js:7:22:7:31 | entry.path | semmle.label | entry.path | +| ZipSlipBad.js:8:37:8:44 | fileName | semmle.label | fileName | +| ZipSlipBad.js:15:11:15:31 | fileName | semmle.label | fileName | +| ZipSlipBad.js:15:22:15:31 | entry.path | semmle.label | entry.path | +| ZipSlipBad.js:16:30:16:37 | fileName | semmle.label | fileName | +| ZipSlipBad.js:22:11:22:31 | fileName | semmle.label | fileName | +| ZipSlipBad.js:22:22:22:31 | entry.path | semmle.label | entry.path | +| ZipSlipBad.js:23:28:23:35 | fileName | semmle.label | fileName | +| ZipSlipBad.js:30:14:30:17 | name | semmle.label | name | +| ZipSlipBad.js:31:26:31:29 | name | semmle.label | name | +| ZipSlipBad.js:34:16:34:19 | name | semmle.label | name | +| ZipSlipBad.js:35:26:35:29 | name | semmle.label | name | +| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | semmle.label | fileName | +| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | semmle.label | entry.path | +| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | semmle.label | fileName | edges -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | | ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | | ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | | ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | | ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | | ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | | ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | | ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | | ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | | ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | +subpaths #select | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | Unsanitized archive entry, which may contain '..', is used in a $@. | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | file system operation | | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | Unsanitized archive entry, which may contain '..', is used in a $@. | TarSlipBad.js:6:36:6:46 | header.name | file system operation | From 395f52303c81cf82641fbdbf049847e5b9ce358c Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:08:56 +0200 Subject: [PATCH 065/223] JS: Port barriers in UrlConcatenation.qll --- .../javascript/security/dataflow/UrlConcatenation.qll | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll index fe036872ee39..4fc434bf178a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll @@ -103,8 +103,16 @@ predicate hostnameSanitizingPrefixEdge(DataFlow::Node source, DataFlow::Node sin class HostnameSanitizerGuard extends TaintTracking::SanitizerGuardNode, StringOps::StartsWith { HostnameSanitizerGuard() { hasHostnameSanitizingSubstring(this.getSubstring()) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e) { outcome = this.getPolarity() and e = this.getBaseString().asExpr() } } + +/** + * A check that sanitizes the hostname of a URL. + */ +module HostnameSanitizerGuard = DataFlow::MakeBarrierGuard; From 85617c292e14233d8255bc82350f2dd2554c9dbf Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:12:29 +0200 Subject: [PATCH 066/223] JS: Port BrokenCryptoAlgorithm --- .../dataflow/BrokenCryptoAlgorithmQuery.qll | 18 ++++++++++- .../Security/CWE-327/BrokenCryptoAlgorithm.ql | 6 ++-- .../CWE-327/BrokenCryptoAlgorithm.expected | 31 +++++-------------- 3 files changed, 28 insertions(+), 27 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll index d0e4d56f630c..90fb4b4ffa56 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll @@ -19,7 +19,23 @@ import BrokenCryptoAlgorithmCustomizations::BrokenCryptoAlgorithm * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module BrokenCryptoAlgorithmConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking flow for sensitive information in broken or weak cryptographic algorithms. + */ +module BrokenCryptoAlgorithmFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `BrokenCryptoAlgorithmFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "BrokenCryptoAlgorithm" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql index 9826ebefe5f1..755effd31137 100644 --- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql +++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql @@ -14,11 +14,11 @@ import javascript import semmle.javascript.security.dataflow.BrokenCryptoAlgorithmQuery import semmle.javascript.security.SensitiveActions -import DataFlow::PathGraph +import BrokenCryptoAlgorithmFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +from BrokenCryptoAlgorithmFlow::PathNode source, BrokenCryptoAlgorithmFlow::PathNode sink where - cfg.hasFlowPath(source, sink) and + BrokenCryptoAlgorithmFlow::flowPath(source, sink) and not source.getNode() instanceof CleartextPasswordExpr // flagged by js/insufficient-password-hash select sink.getNode(), source, sink, "A broken or weak cryptographic algorithm depends on $@.", source.getNode(), "sensitive data from " + source.getNode().(Source).describe() diff --git a/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected b/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected index 1938b020355b..b565021866b5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected +++ b/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected @@ -1,30 +1,15 @@ -nodes -| tst.js:3:5:3:24 | secretText | -| tst.js:3:18:3:24 | trusted | -| tst.js:3:18:3:24 | trusted | -| tst.js:11:17:11:26 | secretText | -| tst.js:11:17:11:26 | secretText | -| tst.js:11:17:11:26 | secretText | -| tst.js:17:17:17:25 | o.trusted | -| tst.js:17:17:17:25 | o.trusted | -| tst.js:17:17:17:25 | o.trusted | -| tst.js:19:17:19:24 | password | -| tst.js:19:17:19:24 | password | -| tst.js:19:17:19:24 | password | -| tst.js:22:21:22:30 | secretText | -| tst.js:22:21:22:30 | secretText | -| tst.js:22:21:22:30 | secretText | edges | tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | -| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | -| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | | tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | | tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | -| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | -| tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | -| tst.js:17:17:17:25 | o.trusted | tst.js:17:17:17:25 | o.trusted | -| tst.js:19:17:19:24 | password | tst.js:19:17:19:24 | password | -| tst.js:22:21:22:30 | secretText | tst.js:22:21:22:30 | secretText | +nodes +| tst.js:3:5:3:24 | secretText | semmle.label | secretText | +| tst.js:3:18:3:24 | trusted | semmle.label | trusted | +| tst.js:11:17:11:26 | secretText | semmle.label | secretText | +| tst.js:17:17:17:25 | o.trusted | semmle.label | o.trusted | +| tst.js:19:17:19:24 | password | semmle.label | password | +| tst.js:22:21:22:30 | secretText | semmle.label | secretText | +subpaths #select | tst.js:11:17:11:26 | secretText | tst.js:3:18:3:24 | trusted | tst.js:11:17:11:26 | secretText | A broken or weak cryptographic algorithm depends on $@. | tst.js:3:18:3:24 | trusted | sensitive data from an access to trusted | | tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | A broken or weak cryptographic algorithm depends on $@. | tst.js:11:17:11:26 | secretText | sensitive data from an access to secretText | From 2296a273c4932047576a235bd83e3bb0fb3c5be0 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:12:49 +0200 Subject: [PATCH 067/223] JS: Port BuildArtifactLeak --- .../dataflow/BuildArtifactLeakQuery.qll | 28 ++++- .../src/Security/CWE-312/BuildArtifactLeak.ql | 6 +- .../CWE-312/BuildArtifactLeak.expected | 108 +++++++++--------- 3 files changed, 82 insertions(+), 60 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll index db48ae25952b..0e010e35eebc 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll @@ -14,7 +14,33 @@ import CleartextLoggingCustomizations::CleartextLogging as CleartextLogging /** * A taint tracking configuration for storage of sensitive information in build artifact. */ -class Configuration extends TaintTracking::Configuration { +module BuildArtifactLeakConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof CleartextLogging::Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof CleartextLogging::Barrier } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { + CleartextLogging::isAdditionalTaintStep(src, trg) + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // All properties of a leaked object are themselves leaked. + contents = DataFlow::ContentSet::anyProperty() and + isSink(node) + } +} + +/** + * Taint tracking flow for storage of sensitive information in build artifact. + */ +module BuildArtifactLeakFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `BuildArtifactLeakFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "BuildArtifactLeak" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { diff --git a/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql b/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql index 0e61cc1ebf2e..79d2d4d41ed5 100644 --- a/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql +++ b/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql @@ -15,10 +15,10 @@ import javascript import semmle.javascript.security.dataflow.BuildArtifactLeakQuery -import DataFlow::PathGraph +import BuildArtifactLeakFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from BuildArtifactLeakFlow::PathNode source, BuildArtifactLeakFlow::PathNode sink +where BuildArtifactLeakFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This creates a build artifact that depends on $@.", source.getNode(), "sensitive data returned by" + source.getNode().(CleartextLogging::Source).describe() diff --git a/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected b/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected index 8514ae581045..973b7da85553 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected @@ -1,67 +1,63 @@ -nodes -| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | -| build-leaks.js:5:35:5:45 | process.env | -| build-leaks.js:5:35:5:45 | process.env | -| build-leaks.js:13:11:19:10 | raw | -| build-leaks.js:13:17:19:10 | Object. ... }) | -| build-leaks.js:14:18:14:20 | env | -| build-leaks.js:15:24:15:34 | process.env | -| build-leaks.js:15:24:15:34 | process.env | -| build-leaks.js:15:24:15:39 | process.env[key] | -| build-leaks.js:16:20:16:22 | env | -| build-leaks.js:21:11:26:5 | stringifed | -| build-leaks.js:21:24:26:5 | {\\n ... )\\n } | -| build-leaks.js:22:24:25:14 | Object. ... }, {}) | -| build-leaks.js:22:49:22:51 | env | -| build-leaks.js:23:24:23:47 | JSON.st ... w[key]) | -| build-leaks.js:23:39:23:41 | raw | -| build-leaks.js:23:39:23:46 | raw[key] | -| build-leaks.js:24:20:24:22 | env | -| build-leaks.js:30:22:30:31 | stringifed | -| build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:40:9:40:60 | pw | -| build-leaks.js:40:14:40:60 | url.par ... assword | -| build-leaks.js:40:14:40:60 | url.par ... assword | -| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | -| build-leaks.js:41:82:41:83 | pw | edges -| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | +| build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | +| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | -| build-leaks.js:13:11:19:10 | raw | build-leaks.js:23:39:23:41 | raw | +| build-leaks.js:13:11:19:10 | raw | build-leaks.js:22:36:22:38 | raw | | build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw | | build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:24:15:39 | process.env[key] | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:24:15:39 | process.env[key] | -| build-leaks.js:15:24:15:39 | process.env[key] | build-leaks.js:14:18:14:20 | env | +| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:14:18:14:20 | env | +| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:17:12:19:9 | [post update] {\\n ... } | +| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:13:15:15 | [post update] env | | build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | -| build-leaks.js:16:20:16:22 | env | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:21:11:26:5 | stringifed | build-leaks.js:30:22:30:31 | stringifed | -| build-leaks.js:21:24:26:5 | {\\n ... )\\n } | build-leaks.js:21:11:26:5 | stringifed | -| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } | -| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | -| build-leaks.js:23:24:23:47 | JSON.st ... w[key]) | build-leaks.js:22:49:22:51 | env | -| build-leaks.js:23:39:23:41 | raw | build-leaks.js:22:49:22:51 | env | -| build-leaks.js:23:39:23:41 | raw | build-leaks.js:23:39:23:46 | raw[key] | -| build-leaks.js:23:39:23:46 | raw[key] | build-leaks.js:23:24:23:47 | JSON.st ... w[key]) | -| build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) | -| build-leaks.js:24:20:24:22 | env | build-leaks.js:22:49:22:51 | env | -| build-leaks.js:30:22:30:31 | stringifed | build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:30:22:30:31 | stringifed | build-leaks.js:34:26:34:57 | getEnv( ... ngified | +| build-leaks.js:17:12:19:9 | [post update] {\\n ... } | build-leaks.js:17:12:19:9 | {\\n ... } | +| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:13:17:19:10 | Object. ... }) | +| build-leaks.js:21:11:26:5 | stringifed [process.env] | build-leaks.js:30:22:30:31 | stringifed [process.env] | +| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | build-leaks.js:21:11:26:5 | stringifed [process.env] | +| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:24:25:14 | Object. ... }, {}) | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:25:12:25:13 | [post update] {} | +| build-leaks.js:25:12:25:13 | [post update] {} | build-leaks.js:25:12:25:13 | {} | +| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:24:25:14 | Object. ... }, {}) | +| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | +| build-leaks.js:30:22:30:31 | stringifed [process.env] | build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | +| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | +| build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified | | build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw | | build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | -| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | -| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | +| build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | +| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | | build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | +nodes +| build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | semmle.label | [post update] { // NO ... .env)\\n} [process.env] | +| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | semmle.label | { // NO ... .env)\\n} | +| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | semmle.label | JSON.st ... ss.env) | +| build-leaks.js:5:35:5:45 | process.env | semmle.label | process.env | +| build-leaks.js:13:11:19:10 | raw | semmle.label | raw | +| build-leaks.js:13:17:19:10 | Object. ... }) | semmle.label | Object. ... }) | +| build-leaks.js:14:18:14:20 | env | semmle.label | env | +| build-leaks.js:15:13:15:15 | [post update] env | semmle.label | [post update] env | +| build-leaks.js:15:24:15:34 | process.env | semmle.label | process.env | +| build-leaks.js:16:20:16:22 | env | semmle.label | env | +| build-leaks.js:17:12:19:9 | [post update] {\\n ... } | semmle.label | [post update] {\\n ... } | +| build-leaks.js:17:12:19:9 | {\\n ... } | semmle.label | {\\n ... } | +| build-leaks.js:21:11:26:5 | stringifed [process.env] | semmle.label | stringifed [process.env] | +| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | semmle.label | {\\n ... )\\n } [process.env] | +| build-leaks.js:22:24:25:14 | Object. ... }, {}) | semmle.label | Object. ... }, {}) | +| build-leaks.js:22:36:22:38 | raw | semmle.label | raw | +| build-leaks.js:25:12:25:13 | [post update] {} | semmle.label | [post update] {} | +| build-leaks.js:25:12:25:13 | {} | semmle.label | {} | +| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | semmle.label | {\\n ... d\\n } [stringified, process.env] | +| build-leaks.js:30:22:30:31 | stringifed [process.env] | semmle.label | stringifed [process.env] | +| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | semmle.label | getEnv('production') [stringified, process.env] | +| build-leaks.js:34:26:34:57 | getEnv( ... ngified | semmle.label | getEnv( ... ngified | +| build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | semmle.label | getEnv( ... ngified [process.env] | +| build-leaks.js:40:9:40:60 | pw | semmle.label | pw | +| build-leaks.js:40:14:40:60 | url.par ... assword | semmle.label | url.par ... assword | +| build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | semmle.label | [post update] { "proc ... y(pw) } [process.env.secret] | +| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | semmle.label | { "proc ... y(pw) } | +| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | semmle.label | JSON.stringify(pw) | +| build-leaks.js:41:82:41:83 | pw | semmle.label | pw | +subpaths #select | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment | | build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | This creates a build artifact that depends on $@. | build-leaks.js:15:24:15:34 | process.env | sensitive data returned byprocess environment | From f14303acea4eb19c53bd95cfcb6293ced12645b6 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:13:00 +0200 Subject: [PATCH 068/223] JS: Port ConditionalBypass --- .../dataflow/ConditionalBypassQuery.qll | 90 ++++++++++- .../src/Security/CWE-807/ConditionalBypass.ql | 10 +- .../CWE-807/ConditionalBypass.expected | 144 +++++------------- 3 files changed, 130 insertions(+), 114 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll index 0d1319800a85..6482b09a754e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll @@ -13,7 +13,28 @@ import ConditionalBypassCustomizations::ConditionalBypass /** * A taint tracking configuration for bypass of sensitive action guards. */ -class Configuration extends TaintTracking::Configuration { +module ConditionalBypassConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node dst) { + // comparing a tainted expression against a constant gives a tainted result + dst.asExpr().(Comparison).hasOperands(src.asExpr(), any(ConstantExpr c)) + } +} + +/** + * Taint tracking flow for bypass of sensitive action guards. + */ +module ConditionalBypassFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ConditionalBypassFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ConditionalBypass" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -26,8 +47,7 @@ class Configuration extends TaintTracking::Configuration { } override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node dst) { - // comparing a tainted expression against a constant gives a tainted result - dst.asExpr().(Comparison).hasOperands(src.asExpr(), any(ConstantExpr c)) + ConditionalBypassConfig::isAdditionalFlowStep(src, dst) } } @@ -72,7 +92,67 @@ class SensitiveActionGuardComparisonOperand extends Sink { * If flow from `source` taints `sink`, then an attacker can * control if `action` should be executed or not. */ -predicate isTaintedGuardForSensitiveAction( +predicate isTaintedGuardNodeForSensitiveAction( + ConditionalBypassFlow::PathNode sink, ConditionalBypassFlow::PathNode source, + SensitiveAction action +) { + action = sink.getNode().(Sink).getAction() and + // exclude the intermediary sink + not sink.getNode() instanceof SensitiveActionGuardComparisonOperand and + ( + // ordinary taint tracking to a guard + ConditionalBypassFlow::flowPath(source, sink) + or + // taint tracking to both operands of a guard comparison + exists( + SensitiveActionGuardComparison cmp, ConditionalBypassFlow::PathNode lSource, + ConditionalBypassFlow::PathNode rSource, ConditionalBypassFlow::PathNode lSink, + ConditionalBypassFlow::PathNode rSink + | + sink.getNode() = cmp.getGuard() and + ConditionalBypassFlow::flowPath(lSource, lSink) and + lSink.getNode() = DataFlow::valueNode(cmp.getLeftOperand()) and + ConditionalBypassFlow::flowPath(rSource, rSink) and + rSink.getNode() = DataFlow::valueNode(cmp.getRightOperand()) + | + source = lSource or + source = rSource + ) + ) +} + +/** + * Holds if `e` effectively guards access to `action` by returning or throwing early. + * + * Example: `if (e) return; action(x)`. + */ +predicate isEarlyAbortGuardNode(ConditionalBypassFlow::PathNode e, SensitiveAction action) { + exists(IfStmt guard | + // `e` is in the condition of an if-statement ... + e.getNode().(Sink).asExpr().getParentExpr*() = guard.getCondition() and + // ... where the then-branch always throws or returns + exists(Stmt abort | + abort instanceof ThrowStmt or + abort instanceof ReturnStmt + | + abort.nestedIn(guard) and + abort.getBasicBlock().(ReachableBasicBlock).postDominates(guard.getThen().getBasicBlock()) + ) and + // ... and the else-branch does not exist + not exists(guard.getElse()) + | + // ... and `action` is outside the if-statement + not action.asExpr().getEnclosingStmt().nestedIn(guard) + ) +} + +/** + * Holds if `sink` guards `action`, and `source` taints `sink`. + * + * If flow from `source` taints `sink`, then an attacker can + * control if `action` should be executed or not. + */ +deprecated predicate isTaintedGuardForSensitiveAction( DataFlow::PathNode sink, DataFlow::PathNode source, SensitiveAction action ) { action = sink.getNode().(Sink).getAction() and @@ -104,7 +184,7 @@ predicate isTaintedGuardForSensitiveAction( * * Example: `if (e) return; action(x)`. */ -predicate isEarlyAbortGuard(DataFlow::PathNode e, SensitiveAction action) { +deprecated predicate isEarlyAbortGuard(DataFlow::PathNode e, SensitiveAction action) { exists(IfStmt guard | // `e` is in the condition of an if-statement ... e.getNode().(Sink).asExpr().getParentExpr*() = guard.getCondition() and diff --git a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql index 492dc5b8b6e7..a493662453e7 100644 --- a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql +++ b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql @@ -13,11 +13,13 @@ import javascript import semmle.javascript.security.dataflow.ConditionalBypassQuery -import DataFlow::PathGraph +import ConditionalBypassFlow::PathGraph -from DataFlow::PathNode source, DataFlow::PathNode sink, SensitiveAction action +from + ConditionalBypassFlow::PathNode source, ConditionalBypassFlow::PathNode sink, + SensitiveAction action where - isTaintedGuardForSensitiveAction(sink, source, action) and - not isEarlyAbortGuard(sink, action) + isTaintedGuardNodeForSensitiveAction(sink, source, action) and + not isEarlyAbortGuardNode(sink, action) select sink.getNode(), source, sink, "This condition guards a sensitive $@, but a $@ controls it.", action, "action", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected b/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected index 6f4dcb31bd5f..f78e2428b902 100644 --- a/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected +++ b/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected @@ -1,122 +1,56 @@ -nodes -| example_bypass.js:6:9:6:19 | req.cookies | -| example_bypass.js:6:9:6:19 | req.cookies | -| example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:40:6:56 | req.params.userId | -| example_bypass.js:6:40:6:56 | req.params.userId | -| example_bypass.js:6:40:6:56 | req.params.userId | -| example_bypass.js:17:46:17:62 | req.params.userId | -| example_bypass.js:17:46:17:62 | req.params.userId | -| example_bypass.js:17:46:17:62 | req.params.userId | -| tst.js:9:8:9:26 | req.params.shutDown | -| tst.js:9:8:9:26 | req.params.shutDown | -| tst.js:9:8:9:26 | req.params.shutDown | -| tst.js:13:9:13:19 | req.cookies | -| tst.js:13:9:13:19 | req.cookies | -| tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:27:9:27:37 | v3 | -| tst.js:27:14:27:37 | id(req. ... okieId) | -| tst.js:27:17:27:27 | req.cookies | -| tst.js:27:17:27:27 | req.cookies | -| tst.js:27:17:27:36 | req.cookies.cookieId | -| tst.js:28:9:28:10 | v3 | -| tst.js:28:9:28:10 | v3 | -| tst.js:33:13:33:23 | req.cookies | -| tst.js:33:13:33:23 | req.cookies | -| tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:38:9:38:19 | req.cookies | -| tst.js:38:9:38:19 | req.cookies | -| tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:44:8:44:23 | req.params.login | -| tst.js:44:8:44:23 | req.params.login | -| tst.js:44:8:44:23 | req.params.login | -| tst.js:57:8:57:23 | req.params.login | -| tst.js:57:8:57:23 | req.params.login | -| tst.js:57:8:57:23 | req.params.login | -| tst.js:61:9:61:19 | req.cookies | -| tst.js:61:9:61:19 | req.cookies | -| tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:61:34:61:53 | req.params.requestId | -| tst.js:61:34:61:53 | req.params.requestId | -| tst.js:61:34:61:53 | req.params.requestId | -| tst.js:65:14:65:24 | req.cookies | -| tst.js:65:14:65:24 | req.cookies | -| tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:65:39:65:58 | req.params.requestId | -| tst.js:65:39:65:58 | req.params.requestId | -| tst.js:65:39:65:58 | req.params.requestId | -| tst.js:78:9:78:19 | req.cookies | -| tst.js:78:9:78:19 | req.cookies | -| tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:41 | req.coo ... secret" | -| tst.js:78:9:78:41 | req.coo ... secret" | -| tst.js:91:10:91:17 | req.body | -| tst.js:91:10:91:17 | req.body | -| tst.js:91:10:91:17 | req.body | -| tst.js:98:13:98:32 | req.query.vulnerable | -| tst.js:98:13:98:32 | req.query.vulnerable | -| tst.js:98:13:98:32 | req.query.vulnerable | -| tst.js:105:13:105:32 | req.query.vulnerable | -| tst.js:105:13:105:32 | req.query.vulnerable | -| tst.js:105:13:105:32 | req.query.vulnerable | -| tst.js:113:13:113:32 | req.query.vulnerable | -| tst.js:113:13:113:32 | req.query.vulnerable | -| tst.js:113:13:113:32 | req.query.vulnerable | edges | example_bypass.js:6:9:6:19 | req.cookies | example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:9:6:19 | req.cookies | example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:9:6:19 | req.cookies | example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:9:6:19 | req.cookies | example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:40:6:56 | req.params.userId | example_bypass.js:6:40:6:56 | req.params.userId | -| example_bypass.js:17:46:17:62 | req.params.userId | example_bypass.js:17:46:17:62 | req.params.userId | -| tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | -| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | | tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:27:9:27:37 | v3 | tst.js:28:9:28:10 | v3 | +| tst.js:24:17:24:17 | v | tst.js:25:16:25:16 | v | | tst.js:27:9:27:37 | v3 | tst.js:28:9:28:10 | v3 | | tst.js:27:14:27:37 | id(req. ... okieId) | tst.js:27:9:27:37 | v3 | | tst.js:27:17:27:27 | req.cookies | tst.js:27:17:27:36 | req.cookies.cookieId | -| tst.js:27:17:27:27 | req.cookies | tst.js:27:17:27:36 | req.cookies.cookieId | +| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:24:17:24:17 | v | | tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:27:14:27:37 | id(req. ... okieId) | | tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | | tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:44:8:44:23 | req.params.login | tst.js:44:8:44:23 | req.params.login | -| tst.js:57:8:57:23 | req.params.login | tst.js:57:8:57:23 | req.params.login | -| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId | | tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:61:34:61:53 | req.params.requestId | tst.js:61:34:61:53 | req.params.requestId | -| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId | | tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:65:39:65:58 | req.params.requestId | tst.js:65:39:65:58 | req.params.requestId | -| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | | tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | | tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:28 | req.cookies.cookieId | tst.js:78:9:78:41 | req.coo ... secret" | | tst.js:78:9:78:28 | req.cookies.cookieId | tst.js:78:9:78:41 | req.coo ... secret" | -| tst.js:91:10:91:17 | req.body | tst.js:91:10:91:17 | req.body | -| tst.js:98:13:98:32 | req.query.vulnerable | tst.js:98:13:98:32 | req.query.vulnerable | -| tst.js:105:13:105:32 | req.query.vulnerable | tst.js:105:13:105:32 | req.query.vulnerable | -| tst.js:113:13:113:32 | req.query.vulnerable | tst.js:113:13:113:32 | req.query.vulnerable | +nodes +| example_bypass.js:6:9:6:19 | req.cookies | semmle.label | req.cookies | +| example_bypass.js:6:9:6:34 | req.coo ... nUserId | semmle.label | req.coo ... nUserId | +| example_bypass.js:6:40:6:56 | req.params.userId | semmle.label | req.params.userId | +| example_bypass.js:17:46:17:62 | req.params.userId | semmle.label | req.params.userId | +| tst.js:9:8:9:26 | req.params.shutDown | semmle.label | req.params.shutDown | +| tst.js:13:9:13:19 | req.cookies | semmle.label | req.cookies | +| tst.js:13:9:13:30 | req.coo ... inThing | semmle.label | req.coo ... inThing | +| tst.js:24:17:24:17 | v | semmle.label | v | +| tst.js:25:16:25:16 | v | semmle.label | v | +| tst.js:27:9:27:37 | v3 | semmle.label | v3 | +| tst.js:27:14:27:37 | id(req. ... okieId) | semmle.label | id(req. ... okieId) | +| tst.js:27:17:27:27 | req.cookies | semmle.label | req.cookies | +| tst.js:27:17:27:36 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:28:9:28:10 | v3 | semmle.label | v3 | +| tst.js:33:13:33:23 | req.cookies | semmle.label | req.cookies | +| tst.js:33:13:33:32 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:38:9:38:19 | req.cookies | semmle.label | req.cookies | +| tst.js:38:9:38:28 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:44:8:44:23 | req.params.login | semmle.label | req.params.login | +| tst.js:57:8:57:23 | req.params.login | semmle.label | req.params.login | +| tst.js:61:9:61:19 | req.cookies | semmle.label | req.cookies | +| tst.js:61:9:61:28 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:61:34:61:53 | req.params.requestId | semmle.label | req.params.requestId | +| tst.js:65:14:65:24 | req.cookies | semmle.label | req.cookies | +| tst.js:65:14:65:33 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:65:39:65:58 | req.params.requestId | semmle.label | req.params.requestId | +| tst.js:78:9:78:19 | req.cookies | semmle.label | req.cookies | +| tst.js:78:9:78:28 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:78:9:78:28 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:78:9:78:41 | req.coo ... secret" | semmle.label | req.coo ... secret" | +| tst.js:91:10:91:17 | req.body | semmle.label | req.body | +| tst.js:98:13:98:32 | req.query.vulnerable | semmle.label | req.query.vulnerable | +| tst.js:105:13:105:32 | req.query.vulnerable | semmle.label | req.query.vulnerable | +| tst.js:113:13:113:32 | req.query.vulnerable | semmle.label | req.query.vulnerable | +subpaths +| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:24:17:24:17 | v | tst.js:25:16:25:16 | v | tst.js:27:14:27:37 | id(req. ... okieId) | #select | tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | This condition guards a sensitive $@, but a $@ controls it. | tst.js:10:9:10:22 | process.exit() | action | tst.js:9:8:9:26 | req.params.shutDown | user-provided value | | tst.js:13:9:13:30 | req.coo ... inThing | tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | This condition guards a sensitive $@, but a $@ controls it. | tst.js:14:9:14:17 | o.login() | action | tst.js:13:9:13:19 | req.cookies | user-provided value | From 30f1fbc10dc2b4edcc10b9b824c9d332c7eaeaef Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:13:42 +0200 Subject: [PATCH 069/223] JS: Port CorsMisconfigurationForCredentials --- ...orsMisconfigurationForCredentialsQuery.qll | 21 ++++++++++++- .../CorsMisconfigurationForCredentials.ql | 6 ++-- ...orsMisconfigurationForCredentials.expected | 31 ++++++------------- 3 files changed, 32 insertions(+), 26 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll index 57cabe0ea79b..0be461f51184 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll @@ -14,7 +14,26 @@ import CorsMisconfigurationForCredentialsCustomizations::CorsMisconfigurationFor /** * A data flow configuration for CORS misconfiguration for credentials transfer. */ -class Configuration extends TaintTracking::Configuration { +module CorsMisconfigurationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() + } +} + +/** + * Data flow for CORS misconfiguration for credentials transfer. + */ +module CorsMisconfigurationFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `CorsMisconfigurationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "CorsMisconfigurationForCredentials" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index 279f09f71ba5..ac8acac4742d 100644 --- a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsQuery -import DataFlow::PathGraph +import CorsMisconfigurationFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from CorsMisconfigurationFlow::PathNode source, CorsMisconfigurationFlow::PathNode sink +where CorsMisconfigurationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "$@ leak vulnerability due to a $@.", sink.getNode().(Sink).getCredentialsHeader(), "Credential", source.getNode(), "misconfigured CORS header value" diff --git a/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected index 83e103f121b3..fdbf937e0a2e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected @@ -1,28 +1,15 @@ -nodes -| tst.js:12:9:12:54 | origin | -| tst.js:12:18:12:41 | url.par ... , true) | -| tst.js:12:18:12:47 | url.par ... ).query | -| tst.js:12:18:12:54 | url.par ... .origin | -| tst.js:12:28:12:34 | req.url | -| tst.js:12:28:12:34 | req.url | -| tst.js:13:50:13:55 | origin | -| tst.js:13:50:13:55 | origin | -| tst.js:18:50:18:53 | null | -| tst.js:18:50:18:53 | null | -| tst.js:18:50:18:53 | null | -| tst.js:23:50:23:55 | "null" | -| tst.js:23:50:23:55 | "null" | -| tst.js:23:50:23:55 | "null" | edges | tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin | -| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin | -| tst.js:12:18:12:41 | url.par ... , true) | tst.js:12:18:12:47 | url.par ... ).query | -| tst.js:12:18:12:47 | url.par ... ).query | tst.js:12:18:12:54 | url.par ... .origin | -| tst.js:12:18:12:54 | url.par ... .origin | tst.js:12:9:12:54 | origin | +| tst.js:12:18:12:41 | url.par ... , true) | tst.js:12:9:12:54 | origin | | tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) | -| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) | -| tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | -| tst.js:23:50:23:55 | "null" | tst.js:23:50:23:55 | "null" | +nodes +| tst.js:12:9:12:54 | origin | semmle.label | origin | +| tst.js:12:18:12:41 | url.par ... , true) | semmle.label | url.par ... , true) | +| tst.js:12:28:12:34 | req.url | semmle.label | req.url | +| tst.js:13:50:13:55 | origin | semmle.label | origin | +| tst.js:18:50:18:53 | null | semmle.label | null | +| tst.js:23:50:23:55 | "null" | semmle.label | "null" | +subpaths #select | tst.js:13:50:13:55 | origin | tst.js:12:28:12:34 | req.url | tst.js:13:50:13:55 | origin | $@ leak vulnerability due to a $@. | tst.js:14:5:14:59 | res.set ... , true) | Credential | tst.js:12:28:12:34 | req.url | misconfigured CORS header value | | tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | $@ leak vulnerability due to a $@. | tst.js:19:5:19:59 | res.set ... , true) | Credential | tst.js:18:50:18:53 | null | misconfigured CORS header value | From d324e554f33beb419fa8066b2c4685a94169b148 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:13:57 +0200 Subject: [PATCH 070/223] JS: Port DeepObjectResourceExhaustion --- .../DeepObjectResourceExhaustionQuery.qll | 36 ++++++++++++++++++- .../CWE-400/DeepObjectResourceExhaustion.ql | 9 +++-- .../DeepObjectResourceExhaustion.expected | 6 ++-- 3 files changed, 41 insertions(+), 10 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll index 918ef0663c85..84053319d021 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll @@ -11,7 +11,41 @@ import DeepObjectResourceExhaustionCustomizations::DeepObjectResourceExhaustion * A taint tracking configuration for reasoning about DoS attacks due to inefficient handling * of user-controlled objects. */ -class Configuration extends TaintTracking::Configuration { +module DeepObjectResourceExhaustionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getAFlowLabel() = label + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink instanceof Sink and label = TaintedObject::label() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node = TaintedObject::SanitizerGuard::getABarrierNode(label) + } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node trg, DataFlow::FlowLabel outlbl + ) { + TaintedObject::step(src, trg, inlbl, outlbl) + } +} + +/** + * Taint tracking for reasoning about DoS attacks due to inefficient handling + * of user-controlled objects. + */ +module DeepObjectResourceExhaustionFlow = + TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `DeepObjectResourceExhaustionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "DeepObjectResourceExhaustion" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql b/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql index a9ea46c45104..066c3f148d54 100644 --- a/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql +++ b/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql @@ -11,14 +11,13 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.DeepObjectResourceExhaustionQuery +import DataFlow::DeduplicatePathGraph -from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node link, - string reason +from PathNode source, PathNode sink, DataFlow::Node link, string reason where - cfg.hasFlowPath(source, sink) and + DeepObjectResourceExhaustionFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) and sink.getNode().(Sink).hasReason(link, reason) select sink, source, sink, "Denial of service caused by processing $@ with $@.", source.getNode(), "user input", link, reason diff --git a/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected b/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected index 1b6796f21c44..5c3caed81528 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected @@ -1,8 +1,6 @@ nodes -| tst.js:9:29:9:36 | req.body | -| tst.js:9:29:9:36 | req.body | -| tst.js:9:29:9:36 | req.body | +| tst.js:9:29:9:36 | req.body | semmle.label | req.body | edges -| tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | +subpaths #select | tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | Denial of service caused by processing $@ with $@. | tst.js:9:29:9:36 | req.body | user input | tst.js:4:21:4:35 | allErrors: true | allErrors: true | From abd937a49d9ac442a70a96d5abeaae4da0d55591 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:14:14 +0200 Subject: [PATCH 071/223] JS: Port DifferentKindsComparisonBypass --- .../DifferentKindsComparisonBypassQuery.qll | 27 +++++++++---------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll index 045a33e3211c..266d0b9413f8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll @@ -14,19 +14,20 @@ import DifferentKindsComparisonBypassCustomizations::DifferentKindsComparisonByp /** * A taint tracking configuration for comparisons that relies on different kinds of HTTP request data. */ -private class Configuration extends TaintTracking::Configuration { - Configuration() { this = "DifferentKindsComparisonBypass" } +private module DifferentKindsComparisonBypassConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } - override predicate isSource(DataFlow::Node source) { source instanceof Source } + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } } +/** + * Taint tracking for comparisons that relies on different kinds of HTTP request data. + */ +private module DifferentKindsComparisonBypassFlow = + TaintTracking::Global; + /** * A comparison that relies on different kinds of HTTP request data. */ @@ -35,11 +36,9 @@ class DifferentKindsComparison extends Comparison { Source rSource; DifferentKindsComparison() { - exists(Configuration cfg | - cfg.hasFlow(lSource, DataFlow::valueNode(this.getLeftOperand())) and - cfg.hasFlow(rSource, DataFlow::valueNode(this.getRightOperand())) and - lSource.isSuspiciousToCompareWith(rSource) - ) + DifferentKindsComparisonBypassFlow::flow(lSource, DataFlow::valueNode(this.getLeftOperand())) and + DifferentKindsComparisonBypassFlow::flow(rSource, DataFlow::valueNode(this.getRightOperand())) and + lSource.isSuspiciousToCompareWith(rSource) } /** Gets the left operand source of this comparison. */ From 8e95a90d036cbf3464849829c1372b2a4478ac19 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:17:26 +0200 Subject: [PATCH 072/223] JS: Port UntrustedDataToExternalAPI --- .../ExternalAPIUsedWithUntrustedDataQuery.qll | 41 +++++- .../CWE-020/UntrustedDataToExternalAPI.ql | 8 +- .../UntrustedDataToExternalAPI.expected | 121 ++++++------------ 3 files changed, 81 insertions(+), 89 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll index b6d8c7fa0889..b05190e4b7a5 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll @@ -10,15 +10,44 @@ import javascript import ExternalAPIUsedWithUntrustedDataCustomizations::ExternalApiUsedWithUntrustedData +/** + * A taint tracking configuration for untrusted data flowing to an external API. + */ +module ExternalAPIUsedWithUntrustedDataConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierIn(DataFlow::Node node) { + // Block flow from the location to its properties, as the relevant properties (hash and search) are taint sources of their own. + // The location source is only used for propagating through API calls like `new URL(location)` and into external APIs where + // the whole location object escapes. + node = DOM::locationRef().getAPropertyRead() + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // Also report values that escape while inside a property + isSink(node) and contents = DataFlow::ContentSet::anyProperty() + } +} + +/** + * Taint tracking for untrusted data flowing to an external API. + */ +module ExternalAPIUsedWithUntrustedDataFlow = + TaintTracking::Global; + /** Flow label for objects from which a tainted value is reachable. */ -private class ObjectWrapperFlowLabel extends DataFlow::FlowLabel { +deprecated private class ObjectWrapperFlowLabel extends DataFlow::FlowLabel { ObjectWrapperFlowLabel() { this = "object-wrapper" } } /** - * A taint tracking configuration for untrusted data flowing to an external API. + * DEPRECATED. Use the `ExternalAPIUsedWithUntrustedDataFlow` module instead. */ -class Configuration extends TaintTracking::Configuration { +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ExternalAPIUsedWithUntrustedData" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -59,10 +88,10 @@ class ExternalApiDataNode extends DataFlow::Node instanceof Sink { } /** A node representing untrusted data being passed to an external API. */ class UntrustedExternalApiDataNode extends ExternalApiDataNode { - UntrustedExternalApiDataNode() { any(Configuration c).hasFlow(_, this) } + UntrustedExternalApiDataNode() { ExternalAPIUsedWithUntrustedDataFlow::flow(_, this) } /** Gets a source of untrusted data which is passed to this external API data node. */ - DataFlow::Node getAnUntrustedSource() { any(Configuration c).hasFlow(result, this) } + DataFlow::Node getAnUntrustedSource() { ExternalAPIUsedWithUntrustedDataFlow::flow(result, this) } } /** @@ -72,7 +101,7 @@ private newtype TExternalApi = /** An external API sink with `name`. */ MkExternalApiNode(string name) { exists(Sink sink | - any(Configuration c).hasFlow(_, sink) and + ExternalAPIUsedWithUntrustedDataFlow::flow(_, sink) and name = sink.getApiName() ) } diff --git a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index 67d6f14f660c..30931a6a5823 100644 --- a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -11,10 +11,12 @@ import javascript import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery -import DataFlow::PathGraph +import ExternalAPIUsedWithUntrustedDataFlow::PathGraph -from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) +from + ExternalAPIUsedWithUntrustedDataFlow::PathNode source, + ExternalAPIUsedWithUntrustedDataFlow::PathNode sink +where ExternalAPIUsedWithUntrustedDataFlow::flowPath(source, sink) select sink, source, sink, "Call to " + sink.getNode().(Sink).getApiName() + " with untrusted data from $@.", source, source.toString() diff --git a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected index 9d4a6fc4a9ac..c523b2dabd0c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected +++ b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected @@ -1,98 +1,60 @@ -nodes -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | -| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | -| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | -| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | -| tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | -| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | -| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | edges | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | +| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted | tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | +| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | +| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | +| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | +| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | +| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | +| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | +| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | +nodes +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | semmle.label | window.name | +| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | semmle.label | ['x', u ... d, 'y'] | +| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | semmle.label | ['x', u ... d, 'y'] [1] | +| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | semmle.label | {\\n ... }\\n } | +| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | semmle.label | {\\n ... }\\n } [y, z] | +| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | semmle.label | {\\n ... } [z] | +| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | semmle.label | {} | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | semmle.label | [post update] {\\n x ... usted\\n} [x] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | semmle.label | [post update] {\\n x ... usted\\n} [y] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | semmle.label | [post update] {\\n x ... usted\\n} [z] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | semmle.label | {\\n x ... usted\\n} | +| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | semmle.label | untrusted | +subpaths #select | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | @@ -102,7 +64,6 @@ edges | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | Call to external-lib() [param 1] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | Call to external-lib.get.[callback].[param 'res'].send() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | Call to external-lib.get.[callback].[param 'req'].app.locals.something.foo() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | Call to lodash.merge() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | From 2935aac559e202fc023a1a1a0342b525e2a5e5ba Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:18:11 +0200 Subject: [PATCH 073/223] JS: Port FileAccessToHttp --- .../dataflow/FileAccessToHttpQuery.qll | 25 ++- .../src/Security/CWE-200/FileAccessToHttp.ql | 6 +- .../CWE-200/FileAccessToHttp.expected | 178 +++++++----------- 3 files changed, 99 insertions(+), 110 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll index 9ce034767556..7f3d2c5f3419 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll @@ -13,7 +13,30 @@ import FileAccessToHttpCustomizations::FileAccessToHttp /** * A taint tracking configuration for file data in outbound network requests. */ -class Configuration extends TaintTracking::Configuration { +module FileAccessToHttpConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + isSink(node) and + // or + // node = any(DataFlow::MethodCallNode call | call.getMethodName() = "stringify").getAnArgument() + contents = DataFlow::ContentSet::anyProperty() + } +} + +/** + * Taint tracking for file data in outbound network requests. + */ +module FileAccessToHttpFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `FileAccessToHttpFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "FileAccessToHttp" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql index a0145f6034f6..75a09efb96b2 100644 --- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql +++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql @@ -12,9 +12,9 @@ import javascript import semmle.javascript.security.dataflow.FileAccessToHttpQuery -import DataFlow::PathGraph +import FileAccessToHttpFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from FileAccessToHttpFlow::PathNode source, FileAccessToHttpFlow::PathNode sink +where FileAccessToHttpFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Outbound network request depends on $@.", source.getNode(), "file data" diff --git a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected index a38e0d41942a..b9c024c5590c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected +++ b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected @@ -1,123 +1,35 @@ -nodes -| FileAccessToHttp.js:4:5:4:47 | content | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | -| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | -| FileAccessToHttp.js:9:23:9:29 | content | -| bufferRead.js:12:13:12:43 | buffer | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | -| bufferRead.js:15:15:15:62 | postData | -| bufferRead.js:15:26:15:31 | buffer | -| bufferRead.js:15:26:15:62 | buffer. ... esRead) | -| bufferRead.js:33:21:33:28 | postData | -| bufferRead.js:33:21:33:28 | postData | -| googlecompiler.js:7:19:7:28 | codestring | -| googlecompiler.js:9:7:15:4 | post_data | -| googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | -| googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | -| googlecompiler.js:14:21:14:30 | codestring | -| googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:44:54:44:57 | data | -| googlecompiler.js:44:54:44:57 | data | -| googlecompiler.js:56:14:56:17 | data | -| readFileSync.js:5:5:5:39 | data | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | -| readFileSync.js:7:7:7:25 | s | -| readFileSync.js:7:11:7:14 | data | -| readFileSync.js:7:11:7:25 | data.toString() | -| readFileSync.js:26:18:26:18 | s | -| readFileSync.js:26:18:26:18 | s | -| readStreamRead.js:13:13:13:35 | chunk | -| readStreamRead.js:13:21:13:35 | readable.read() | -| readStreamRead.js:13:21:13:35 | readable.read() | -| readStreamRead.js:30:19:30:23 | chunk | -| readStreamRead.js:30:19:30:23 | chunk | -| request.js:6:19:6:26 | jsonData | -| request.js:8:11:8:20 | {jsonData} | -| request.js:8:11:8:20 | {jsonData} | -| request.js:8:12:8:19 | jsonData | -| request.js:13:18:13:24 | xmlData | -| request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:22:11:22:17 | xmlData | -| request.js:28:52:28:55 | data | -| request.js:28:52:28:55 | data | -| request.js:35:14:35:17 | data | -| request.js:43:51:43:54 | data | -| request.js:43:51:43:54 | data | -| request.js:50:13:50:16 | data | -| sentAsHeaders.js:10:79:10:84 | buffer | -| sentAsHeaders.js:10:79:10:84 | buffer | -| sentAsHeaders.js:11:13:11:59 | content | -| sentAsHeaders.js:11:23:11:28 | buffer | -| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | -| sentAsHeaders.js:12:9:12:81 | content | -| sentAsHeaders.js:12:19:12:25 | content | -| sentAsHeaders.js:12:19:12:74 | content ... =", "") | -| sentAsHeaders.js:12:19:12:81 | content ... .trim() | -| sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | -| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | -| sentAsHeaders.js:18:47:18:53 | content | -| sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | -| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | -| sentAsHeaders.js:24:47:24:53 | content | edges | FileAccessToHttp.js:4:5:4:47 | content | FileAccessToHttp.js:9:23:9:29 | content | | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | -| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } | -| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:15:26:15:31 | buffer | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | +| FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | +| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | +| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | +| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:21:13:26 | buffer | +| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:32:13:37 | buffer | | bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | -| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | +| bufferRead.js:13:21:13:26 | buffer | bufferRead.js:13:32:13:37 | buffer | +| bufferRead.js:13:32:13:37 | buffer | bufferRead.js:15:26:15:31 | buffer | | bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | | bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) | | bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData | -| googlecompiler.js:7:19:7:28 | codestring | googlecompiler.js:14:21:14:30 | codestring | -| googlecompiler.js:9:7:15:4 | post_data | googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:9:7:15:4 | post_data | googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | googlecompiler.js:9:7:15:4 | post_data | -| googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | -| googlecompiler.js:14:21:14:30 | codestring | googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | -| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:56:14:56:17 | data | -| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:56:14:56:17 | data | -| googlecompiler.js:56:14:56:17 | data | googlecompiler.js:7:19:7:28 | codestring | | readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data | | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | -| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | | readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | | readFileSync.js:7:11:7:14 | data | readFileSync.js:7:11:7:25 | data.toString() | | readFileSync.js:7:11:7:25 | data.toString() | readFileSync.js:7:7:7:25 | s | | readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | -| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | -| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | | readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | | request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData | -| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} | -| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} | +| request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | request.js:8:11:8:20 | {jsonData} | +| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | | request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData | -| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | +| request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | request.js:16:11:23:3 | {\\n u ... ody\\n } | +| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | | request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | | request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData | | request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | -| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | | request.js:50:13:50:16 | data | request.js:13:18:13:24 | xmlData | | sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer | -| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer | | sentAsHeaders.js:11:13:11:59 | content | sentAsHeaders.js:12:19:12:25 | content | | sentAsHeaders.js:11:23:11:28 | buffer | sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | | sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | sentAsHeaders.js:11:13:11:59 | content | @@ -126,18 +38,72 @@ edges | sentAsHeaders.js:12:19:12:25 | content | sentAsHeaders.js:12:19:12:74 | content ... =", "") | | sentAsHeaders.js:12:19:12:74 | content ... =", "") | sentAsHeaders.js:12:19:12:81 | content ... .trim() | | sentAsHeaders.js:12:19:12:81 | content ... .trim() | sentAsHeaders.js:12:9:12:81 | content | -| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | +| sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | sentAsHeaders.js:14:20:19:9 | {\\n ... } | +| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | +| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | | sentAsHeaders.js:18:47:18:53 | content | sentAsHeaders.js:18:31:18:53 | "http:/ ... content | -| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | +| sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | sentAsHeaders.js:20:20:25:9 | {\\n ... } | +| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | +| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | | sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content | +nodes +| FileAccessToHttp.js:4:5:4:47 | content | semmle.label | content | +| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | semmle.label | fs.read ... "utf8") | +| FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | semmle.label | [post update] {\\n hos ... ent }\\n} [headers, Referer] | +| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | semmle.label | {\\n hos ... ent }\\n} | +| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | semmle.label | { Referer: content } [Referer] | +| FileAccessToHttp.js:9:23:9:29 | content | semmle.label | content | +| bufferRead.js:12:13:12:43 | buffer | semmle.label | buffer | +| bufferRead.js:12:22:12:43 | new Buf ... s.size) | semmle.label | new Buf ... s.size) | +| bufferRead.js:13:21:13:26 | buffer | semmle.label | buffer | +| bufferRead.js:13:32:13:37 | buffer | semmle.label | buffer | +| bufferRead.js:15:15:15:62 | postData | semmle.label | postData | +| bufferRead.js:15:26:15:31 | buffer | semmle.label | buffer | +| bufferRead.js:15:26:15:62 | buffer. ... esRead) | semmle.label | buffer. ... esRead) | +| bufferRead.js:33:21:33:28 | postData | semmle.label | postData | +| readFileSync.js:5:5:5:39 | data | semmle.label | data | +| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | semmle.label | fs.read ... t.txt") | +| readFileSync.js:7:7:7:25 | s | semmle.label | s | +| readFileSync.js:7:11:7:14 | data | semmle.label | data | +| readFileSync.js:7:11:7:25 | data.toString() | semmle.label | data.toString() | +| readFileSync.js:26:18:26:18 | s | semmle.label | s | +| readStreamRead.js:13:13:13:35 | chunk | semmle.label | chunk | +| readStreamRead.js:13:21:13:35 | readable.read() | semmle.label | readable.read() | +| readStreamRead.js:30:19:30:23 | chunk | semmle.label | chunk | +| request.js:6:19:6:26 | jsonData | semmle.label | jsonData | +| request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | semmle.label | [post update] {jsonData} [jsonData] | +| request.js:8:11:8:20 | {jsonData} | semmle.label | {jsonData} | +| request.js:8:12:8:19 | jsonData | semmle.label | jsonData | +| request.js:13:18:13:24 | xmlData | semmle.label | xmlData | +| request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | semmle.label | [post update] {\\n u ... ody\\n } [body] | +| request.js:16:11:23:3 | {\\n u ... ody\\n } | semmle.label | {\\n u ... ody\\n } | +| request.js:22:11:22:17 | xmlData | semmle.label | xmlData | +| request.js:28:52:28:55 | data | semmle.label | data | +| request.js:35:14:35:17 | data | semmle.label | data | +| request.js:43:51:43:54 | data | semmle.label | data | +| request.js:50:13:50:16 | data | semmle.label | data | +| sentAsHeaders.js:10:79:10:84 | buffer | semmle.label | buffer | +| sentAsHeaders.js:11:13:11:59 | content | semmle.label | content | +| sentAsHeaders.js:11:23:11:28 | buffer | semmle.label | buffer | +| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | semmle.label | buffer. ... esRead) | +| sentAsHeaders.js:12:9:12:81 | content | semmle.label | content | +| sentAsHeaders.js:12:19:12:25 | content | semmle.label | content | +| sentAsHeaders.js:12:19:12:74 | content ... =", "") | semmle.label | content ... =", "") | +| sentAsHeaders.js:12:19:12:81 | content ... .trim() | semmle.label | content ... .trim() | +| sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | semmle.label | [post update] {\\n ... } [headers, Referer] | +| sentAsHeaders.js:14:20:19:9 | {\\n ... } | semmle.label | {\\n ... } | +| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | semmle.label | { Refer ... ntent } [Referer] | +| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | semmle.label | "http:/ ... content | +| sentAsHeaders.js:18:47:18:53 | content | semmle.label | content | +| sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | semmle.label | [post update] {\\n ... } [headers, Referer] | +| sentAsHeaders.js:20:20:25:9 | {\\n ... } | semmle.label | {\\n ... } | +| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | semmle.label | { Refer ... ntent } [Referer] | +| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | semmle.label | "http:/ ... content | +| sentAsHeaders.js:24:47:24:53 | content | semmle.label | content | +subpaths #select | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | Outbound network request depends on $@. | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | file data | | bufferRead.js:33:21:33:28 | postData | bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:33:21:33:28 | postData | Outbound network request depends on $@. | bufferRead.js:12:22:12:43 | new Buf ... s.size) | file data | -| googlecompiler.js:38:18:38:26 | post_data | googlecompiler.js:44:54:44:57 | data | googlecompiler.js:38:18:38:26 | post_data | Outbound network request depends on $@. | googlecompiler.js:44:54:44:57 | data | file data | | readFileSync.js:26:18:26:18 | s | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:26:18:26:18 | s | Outbound network request depends on $@. | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | file data | | readStreamRead.js:30:19:30:23 | chunk | readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:30:19:30:23 | chunk | Outbound network request depends on $@. | readStreamRead.js:13:21:13:35 | readable.read() | file data | | request.js:8:11:8:20 | {jsonData} | request.js:28:52:28:55 | data | request.js:8:11:8:20 | {jsonData} | Outbound network request depends on $@. | request.js:28:52:28:55 | data | file data | From f4d62c3225824fd4d3024d9e1b3ae791e3e1b022 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:18:23 +0200 Subject: [PATCH 074/223] JS: Port HttpToFileAccess --- .../dataflow/HttpToFileAccessQuery.qll | 18 ++++++++- .../src/Security/CWE-912/HttpToFileAccess.ql | 6 +-- .../CWE-912/HttpToFileAccess.expected | 37 +++++++------------ 3 files changed, 33 insertions(+), 28 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll index 992b0cd1e8dd..9b3d7635c870 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll @@ -11,7 +11,23 @@ private import HttpToFileAccessCustomizations::HttpToFileAccess /** * A taint tracking configuration for writing user-controlled data to files. */ -class Configuration extends TaintTracking::Configuration { +module HttpToFileAccessConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking for writing user-controlled data to files. + */ +module HttpToFileAccessFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `HttpToFileAccessFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "HttpToFileAccess" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql index a2953365b64a..88362ce545d7 100644 --- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql +++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.HttpToFileAccessQuery -import DataFlow::PathGraph +import HttpToFileAccessFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from HttpToFileAccessFlow::PathNode source, HttpToFileAccessFlow::PathNode sink +where HttpToFileAccessFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Write to file system depends on $@.", source.getNode(), "Untrusted data" diff --git a/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected b/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected index e5e9fb9b0511..a9973f754659 100644 --- a/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected +++ b/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected @@ -1,33 +1,22 @@ -nodes -| HttpToFileAccess.js:5:18:5:18 | d | -| HttpToFileAccess.js:5:18:5:18 | d | -| HttpToFileAccess.js:6:37:6:37 | d | -| HttpToFileAccess.js:6:37:6:37 | d | -| tst.js:15:26:15:26 | c | -| tst.js:15:26:15:26 | c | -| tst.js:16:33:16:33 | c | -| tst.js:16:33:16:33 | c | -| tst.js:19:25:19:25 | c | -| tst.js:19:25:19:25 | c | -| tst.js:24:22:24:22 | c | -| tst.js:24:22:24:22 | c | edges | HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | -| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | -| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | -| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | -| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | | tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | | tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | -| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | -| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | | tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | | tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | -| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | -| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c | -| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c | -| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c | -| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c | +| tst.js:16:33:16:33 | c | tst.js:19:25:19:25 | c | +| tst.js:16:33:16:33 | c | tst.js:19:25:19:25 | c | +| tst.js:19:25:19:25 | c | tst.js:24:22:24:22 | c | +nodes +| HttpToFileAccess.js:5:18:5:18 | d | semmle.label | d | +| HttpToFileAccess.js:6:37:6:37 | d | semmle.label | d | +| tst.js:15:26:15:26 | c | semmle.label | c | +| tst.js:16:33:16:33 | c | semmle.label | c | +| tst.js:16:33:16:33 | c | semmle.label | c | +| tst.js:19:25:19:25 | c | semmle.label | c | +| tst.js:19:25:19:25 | c | semmle.label | c | +| tst.js:24:22:24:22 | c | semmle.label | c | +subpaths #select | HttpToFileAccess.js:6:37:6:37 | d | HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | Write to file system depends on $@. | HttpToFileAccess.js:5:18:5:18 | d | Untrusted data | | tst.js:16:33:16:33 | c | tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | Write to file system depends on $@. | tst.js:15:26:15:26 | c | Untrusted data | From 4bac90252c49ec62ea7d652a767349de722e115b Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:18:36 +0200 Subject: [PATCH 075/223] JS: Port HardcodedCredentials --- .../dataflow/HardcodedCredentialsQuery.qll | 42 +- .../Security/CWE-798/HardcodedCredentials.ql | 6 +- .../CWE-798/HardcodedCredentials.expected | 478 +++++------------- 3 files changed, 151 insertions(+), 375 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll index b38d1908faf4..121f6d247c4d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll @@ -12,19 +12,14 @@ import HardcodedCredentialsCustomizations::HardcodedCredentials /** * A data flow tracking configuration for hardcoded credentials. */ -class Configuration extends DataFlow::Configuration { - Configuration() { this = "HardcodedCredentials" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } +module HardcodedCredentialsConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof Source } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + predicate isSink(DataFlow::Node node) { node instanceof Sink } - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - node instanceof Sanitizer - } + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } - override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { exists(Base64::Encode encode | src = encode.getInput() and trg = encode.getOutput()) or trg.(StringOps::ConcatenationRoot).getALeaf() = src and @@ -37,3 +32,30 @@ class Configuration extends DataFlow::Configuration { ) } } + +/** + * Data flow for reasoning about hardcoded credentials. + */ +module HardcodedCredentials = DataFlow::Global; + +/** + * DEPRECATED. Use the `HardcodedCredentials` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { + Configuration() { this = "HardcodedCredentials" } + + override predicate isSource(DataFlow::Node source) { + HardcodedCredentialsConfig::isSource(source) + } + + override predicate isSink(DataFlow::Node sink) { HardcodedCredentialsConfig::isSink(sink) } + + override predicate isBarrier(DataFlow::Node node) { + super.isBarrier(node) or + HardcodedCredentialsConfig::isBarrier(node) + } + + override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { + HardcodedCredentialsConfig::isAdditionalFlowStep(src, trg) + } +} diff --git a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql index 3cc63e51dcfe..0fb996acb279 100644 --- a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -15,14 +15,14 @@ import javascript import semmle.javascript.security.dataflow.HardcodedCredentialsQuery -import DataFlow::PathGraph +import HardcodedCredentials::PathGraph bindingset[s] predicate looksLikeATemplate(string s) { s.regexpMatch(".*((\\{\\{.*\\}\\})|(<.*>)|(\\(.*\\))).*") } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string value +from HardcodedCredentials::PathNode source, HardcodedCredentials::PathNode sink, string value where - cfg.hasFlowPath(source, sink) and + HardcodedCredentials::flowPath(source, sink) and // use source value in message if it's available if source.getNode().asExpr() instanceof ConstantString then diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected index 3635090cb433..a1806eb239f3 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected @@ -1,340 +1,9 @@ -nodes -| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | -| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | -| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | -| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | -| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | -| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | -| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | -| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | -| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | -| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | -| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | -| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | -| HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:27:25:27:31 | 'admin' | -| HardcodedCredentials.js:27:25:27:31 | 'admin' | -| HardcodedCredentials.js:27:25:27:31 | 'admin' | -| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | -| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | -| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | -| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | -| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | -| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | -| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | -| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | -| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | -| HardcodedCredentials.js:35:15:35:24 | 'username' | -| HardcodedCredentials.js:35:15:35:24 | 'username' | -| HardcodedCredentials.js:35:15:35:24 | 'username' | -| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | -| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | -| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | -| HardcodedCredentials.js:41:38:41:47 | 'username' | -| HardcodedCredentials.js:41:38:41:47 | 'username' | -| HardcodedCredentials.js:41:38:41:47 | 'username' | -| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | -| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | -| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | -| HardcodedCredentials.js:42:35:42:44 | 'username' | -| HardcodedCredentials.js:42:35:42:44 | 'username' | -| HardcodedCredentials.js:42:35:42:44 | 'username' | -| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | -| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | -| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | -| HardcodedCredentials.js:44:34:44:43 | 'username' | -| HardcodedCredentials.js:44:34:44:43 | 'username' | -| HardcodedCredentials.js:44:34:44:43 | 'username' | -| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | -| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | -| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | -| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | -| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | -| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | -| HardcodedCredentials.js:53:27:53:36 | 'username' | -| HardcodedCredentials.js:53:27:53:36 | 'username' | -| HardcodedCredentials.js:53:27:53:36 | 'username' | -| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | -| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | -| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | -| HardcodedCredentials.js:56:21:56:30 | 'username' | -| HardcodedCredentials.js:56:21:56:30 | 'username' | -| HardcodedCredentials.js:56:21:56:30 | 'username' | -| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | -| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | -| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | -| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | -| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | -| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | -| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | -| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | -| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | -| HardcodedCredentials.js:69:28:69:37 | 'username' | -| HardcodedCredentials.js:69:28:69:37 | 'username' | -| HardcodedCredentials.js:69:28:69:37 | 'username' | -| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | -| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | -| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | -| HardcodedCredentials.js:70:28:70:37 | 'username' | -| HardcodedCredentials.js:70:28:70:37 | 'username' | -| HardcodedCredentials.js:70:28:70:37 | 'username' | -| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | -| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | -| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | -| HardcodedCredentials.js:72:23:72:32 | 'username' | -| HardcodedCredentials.js:72:23:72:32 | 'username' | -| HardcodedCredentials.js:72:23:72:32 | 'username' | -| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | -| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | -| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | -| HardcodedCredentials.js:75:21:75:30 | 'username' | -| HardcodedCredentials.js:75:21:75:30 | 'username' | -| HardcodedCredentials.js:75:21:75:30 | 'username' | -| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | -| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | -| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | -| HardcodedCredentials.js:84:38:84:47 | 'username' | -| HardcodedCredentials.js:84:38:84:47 | 'username' | -| HardcodedCredentials.js:84:38:84:47 | 'username' | -| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | -| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | -| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | -| HardcodedCredentials.js:86:44:86:53 | 'username' | -| HardcodedCredentials.js:86:44:86:53 | 'username' | -| HardcodedCredentials.js:86:44:86:53 | 'username' | -| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | -| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | -| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | -| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | -| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | -| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | -| HardcodedCredentials.js:98:18:98:21 | 'x1' | -| HardcodedCredentials.js:98:18:98:21 | 'x1' | -| HardcodedCredentials.js:98:18:98:21 | 'x1' | -| HardcodedCredentials.js:99:16:99:19 | 'x2' | -| HardcodedCredentials.js:99:16:99:19 | 'x2' | -| HardcodedCredentials.js:99:16:99:19 | 'x2' | -| HardcodedCredentials.js:100:25:100:28 | 'x3' | -| HardcodedCredentials.js:100:25:100:28 | 'x3' | -| HardcodedCredentials.js:100:25:100:28 | 'x3' | -| HardcodedCredentials.js:101:19:101:22 | 'x4' | -| HardcodedCredentials.js:101:19:101:22 | 'x4' | -| HardcodedCredentials.js:101:19:101:22 | 'x4' | -| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | -| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | -| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | -| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | -| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | -| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | -| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | -| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | -| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | -| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | -| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | -| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | -| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | -| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | -| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | -| HardcodedCredentials.js:112:19:112:22 | 'x5' | -| HardcodedCredentials.js:112:19:112:22 | 'x5' | -| HardcodedCredentials.js:112:19:112:22 | 'x5' | -| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | -| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | -| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | -| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | -| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | -| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | -| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | -| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | -| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | -| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | -| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | -| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | -| HardcodedCredentials.js:160:38:160:48 | "change_me" | -| HardcodedCredentials.js:160:38:160:48 | "change_me" | -| HardcodedCredentials.js:160:38:160:48 | "change_me" | -| HardcodedCredentials.js:161:41:161:51 | 'change_me' | -| HardcodedCredentials.js:161:41:161:51 | 'change_me' | -| HardcodedCredentials.js:161:41:161:51 | 'change_me' | -| HardcodedCredentials.js:164:35:164:45 | 'change_me' | -| HardcodedCredentials.js:164:35:164:45 | 'change_me' | -| HardcodedCredentials.js:164:35:164:45 | 'change_me' | -| HardcodedCredentials.js:171:11:171:25 | USER | -| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | -| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | -| HardcodedCredentials.js:172:11:172:25 | PASS | -| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | -| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | -| HardcodedCredentials.js:173:11:173:49 | AUTH | -| HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | -| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:173:35:173:38 | USER | -| HardcodedCredentials.js:173:43:173:46 | PASS | -| HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:178:39:178:42 | AUTH | -| HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:188:39:188:42 | AUTH | -| HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:195:46:195:49 | AUTH | -| HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | -| HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | -| HardcodedCredentials.js:204:44:204:47 | AUTH | -| HardcodedCredentials.js:214:11:214:25 | USER | -| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | -| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | -| HardcodedCredentials.js:215:11:215:25 | PASS | -| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | -| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | -| HardcodedCredentials.js:216:11:216:49 | AUTH | -| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | -| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:216:35:216:38 | USER | -| HardcodedCredentials.js:216:43:216:46 | PASS | -| HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:221:46:221:49 | AUTH | -| HardcodedCredentials.js:231:11:231:29 | username | -| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | -| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | -| HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | -| HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | -| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | -| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | -| HardcodedCredentials.js:237:47:237:54 | username | -| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | -| HardcodedCredentials.js:245:9:245:44 | privateKey | -| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | -| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | -| HardcodedCredentials.js:246:42:246:51 | privateKey | -| HardcodedCredentials.js:246:42:246:51 | privateKey | -| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | -| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | -| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | -| HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | -| HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | -| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | -| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | -| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | -| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | -| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | -| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | -| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | -| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | -| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | -| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | -| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | -| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | -| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | -| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | -| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | -| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | -| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | -| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | -| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | -| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | -| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | -| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | -| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | -| HardcodedCredentials.js:281:36:281:45 | "user:foo" | -| HardcodedCredentials.js:281:36:281:45 | "user:foo" | -| HardcodedCredentials.js:281:36:281:45 | "user:foo" | -| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | -| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | -| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | -| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | -| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | -| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | -| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | -| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | -| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | -| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | -| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | -| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | -| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | -| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | -| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | -| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | -| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | -| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | -| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | -| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | -| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | -| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | -| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | -| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | -| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | -| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | -| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | edges -| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | -| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | -| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | -| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | | HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' | -| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | -| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | -| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | -| HardcodedCredentials.js:35:15:35:24 | 'username' | HardcodedCredentials.js:35:15:35:24 | 'username' | -| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | -| HardcodedCredentials.js:41:38:41:47 | 'username' | HardcodedCredentials.js:41:38:41:47 | 'username' | -| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | -| HardcodedCredentials.js:42:35:42:44 | 'username' | HardcodedCredentials.js:42:35:42:44 | 'username' | -| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | -| HardcodedCredentials.js:44:34:44:43 | 'username' | HardcodedCredentials.js:44:34:44:43 | 'username' | -| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | -| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | -| HardcodedCredentials.js:53:27:53:36 | 'username' | HardcodedCredentials.js:53:27:53:36 | 'username' | -| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | -| HardcodedCredentials.js:56:21:56:30 | 'username' | HardcodedCredentials.js:56:21:56:30 | 'username' | -| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | -| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | -| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | -| HardcodedCredentials.js:69:28:69:37 | 'username' | HardcodedCredentials.js:69:28:69:37 | 'username' | -| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | -| HardcodedCredentials.js:70:28:70:37 | 'username' | HardcodedCredentials.js:70:28:70:37 | 'username' | -| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | -| HardcodedCredentials.js:72:23:72:32 | 'username' | HardcodedCredentials.js:72:23:72:32 | 'username' | -| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | -| HardcodedCredentials.js:75:21:75:30 | 'username' | HardcodedCredentials.js:75:21:75:30 | 'username' | -| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | -| HardcodedCredentials.js:84:38:84:47 | 'username' | HardcodedCredentials.js:84:38:84:47 | 'username' | -| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | -| HardcodedCredentials.js:86:44:86:53 | 'username' | HardcodedCredentials.js:86:44:86:53 | 'username' | -| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | -| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | -| HardcodedCredentials.js:98:18:98:21 | 'x1' | HardcodedCredentials.js:98:18:98:21 | 'x1' | -| HardcodedCredentials.js:99:16:99:19 | 'x2' | HardcodedCredentials.js:99:16:99:19 | 'x2' | -| HardcodedCredentials.js:100:25:100:28 | 'x3' | HardcodedCredentials.js:100:25:100:28 | 'x3' | -| HardcodedCredentials.js:101:19:101:22 | 'x4' | HardcodedCredentials.js:101:19:101:22 | 'x4' | -| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | -| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | -| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | -| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | -| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | -| HardcodedCredentials.js:112:19:112:22 | 'x5' | HardcodedCredentials.js:112:19:112:22 | 'x5' | -| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | -| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | -| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | -| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | -| HardcodedCredentials.js:160:38:160:48 | "change_me" | HardcodedCredentials.js:160:38:160:48 | "change_me" | -| HardcodedCredentials.js:161:41:161:51 | 'change_me' | HardcodedCredentials.js:161:41:161:51 | 'change_me' | -| HardcodedCredentials.js:164:35:164:45 | 'change_me' | HardcodedCredentials.js:164:35:164:45 | 'change_me' | | HardcodedCredentials.js:171:11:171:25 | USER | HardcodedCredentials.js:173:35:173:38 | USER | | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:11:171:25 | USER | -| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:11:171:25 | USER | | HardcodedCredentials.js:172:11:172:25 | PASS | HardcodedCredentials.js:173:43:173:46 | PASS | | HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:11:172:25 | PASS | -| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:11:172:25 | PASS | | HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:178:39:178:42 | AUTH | | HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:188:39:188:42 | AUTH | | HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:195:46:195:49 | AUTH | @@ -344,61 +13,146 @@ edges | HardcodedCredentials.js:173:35:173:38 | USER | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | | HardcodedCredentials.js:173:43:173:46 | PASS | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | | HardcodedCredentials.js:178:39:178:42 | AUTH | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:178:39:178:42 | AUTH | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:188:39:188:42 | AUTH | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | | HardcodedCredentials.js:188:39:188:42 | AUTH | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | | HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | | HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | | HardcodedCredentials.js:214:11:214:25 | USER | HardcodedCredentials.js:216:35:216:38 | USER | | HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER | -| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER | | HardcodedCredentials.js:215:11:215:25 | PASS | HardcodedCredentials.js:216:43:216:46 | PASS | | HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS | -| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS | | HardcodedCredentials.js:216:11:216:49 | AUTH | HardcodedCredentials.js:221:46:221:49 | AUTH | | HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | HardcodedCredentials.js:216:11:216:49 | AUTH | | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | | HardcodedCredentials.js:216:35:216:38 | USER | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | | HardcodedCredentials.js:216:43:216:46 | PASS | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | | HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | | HardcodedCredentials.js:231:11:231:29 | username | HardcodedCredentials.js:237:47:237:54 | username | | HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username | -| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username | | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | | HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | -| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | | HardcodedCredentials.js:237:47:237:54 | username | HardcodedCredentials.js:237:47:237:71 | usernam ... assword | | HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | | HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey | -| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey | | HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey | -| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey | -| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | HardcodedCredentials.js:260:30:260:40 | `Basic foo` | -| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | | HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | -| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | | HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | -| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | -| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | -| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | -| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | -| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | -| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | -| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | HardcodedCredentials.js:280:36:280:50 | "user:12345678" | -| HardcodedCredentials.js:281:36:281:45 | "user:foo" | HardcodedCredentials.js:281:36:281:45 | "user:foo" | -| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | -| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | -| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | HardcodedCredentials.js:284:36:284:52 | "user:fake token" | -| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | HardcodedCredentials.js:285:36:285:46 | "user:dcba" | -| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | HardcodedCredentials.js:286:36:286:55 | "user:custom string" | -| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | -| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | -| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | -| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | +nodes +| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | semmle.label | 'dbuser' | +| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | semmle.label | "user:hgfedcba" | +| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | semmle.label | "user:hgfedcba" | +| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | semmle.label | "user:hgfedcba" | +| HardcodedCredentials.js:20:36:20:51 | getCredentials() | semmle.label | getCredentials() | +| HardcodedCredentials.js:27:25:27:31 | 'admin' | semmle.label | 'admin' | +| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | semmle.label | 'unknown-admin-name' | +| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:35:15:35:24 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:41:38:41:47 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:42:35:42:44 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:44:34:44:43 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:53:27:53:36 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:56:21:56:30 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | semmle.label | 'bearerToken' | +| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | semmle.label | 'bearerToken' | +| HardcodedCredentials.js:69:28:69:37 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:70:28:70:37 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:72:23:72:32 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:75:21:75:30 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:84:38:84:47 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:86:44:86:53 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | semmle.label | 'TOKEN' | +| HardcodedCredentials.js:98:18:98:21 | 'x1' | semmle.label | 'x1' | +| HardcodedCredentials.js:99:16:99:19 | 'x2' | semmle.label | 'x2' | +| HardcodedCredentials.js:100:25:100:28 | 'x3' | semmle.label | 'x3' | +| HardcodedCredentials.js:101:19:101:22 | 'x4' | semmle.label | 'x4' | +| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:112:19:112:22 | 'x5' | semmle.label | 'x5' | +| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | semmle.label | "hgfedcba" | +| HardcodedCredentials.js:160:38:160:48 | "change_me" | semmle.label | "change_me" | +| HardcodedCredentials.js:161:41:161:51 | 'change_me' | semmle.label | 'change_me' | +| HardcodedCredentials.js:164:35:164:45 | 'change_me' | semmle.label | 'change_me' | +| HardcodedCredentials.js:171:11:171:25 | USER | semmle.label | USER | +| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | semmle.label | 'sdsdag' | +| HardcodedCredentials.js:172:11:172:25 | PASS | semmle.label | PASS | +| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | semmle.label | 'sdsdag' | +| HardcodedCredentials.js:173:11:173:49 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | semmle.label | base64. ... PASS}`) | +| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | semmle.label | `${USER}:${PASS}` | +| HardcodedCredentials.js:173:35:173:38 | USER | semmle.label | USER | +| HardcodedCredentials.js:173:43:173:46 | PASS | semmle.label | PASS | +| HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` | +| HardcodedCredentials.js:178:39:178:42 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` | +| HardcodedCredentials.js:188:39:188:42 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` | +| HardcodedCredentials.js:195:46:195:49 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` | +| HardcodedCredentials.js:204:44:204:47 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:214:11:214:25 | USER | semmle.label | USER | +| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | semmle.label | 'sdsdag' | +| HardcodedCredentials.js:215:11:215:25 | PASS | semmle.label | PASS | +| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | semmle.label | 'sdsdag' | +| HardcodedCredentials.js:216:11:216:49 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | semmle.label | base64. ... PASS}`) | +| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | semmle.label | `${USER}:${PASS}` | +| HardcodedCredentials.js:216:35:216:38 | USER | semmle.label | USER | +| HardcodedCredentials.js:216:43:216:46 | PASS | semmle.label | PASS | +| HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` | +| HardcodedCredentials.js:221:46:221:49 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:231:11:231:29 | username | semmle.label | username | +| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | semmle.label | 'sdsdag' | +| HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | semmle.label | 'Basic ... ase64') | +| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | semmle.label | Buffer. ... ssword) | +| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | semmle.label | Buffer. ... ase64') | +| HardcodedCredentials.js:237:47:237:54 | username | semmle.label | username | +| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | semmle.label | usernam ... assword | +| HardcodedCredentials.js:245:9:245:44 | privateKey | semmle.label | privateKey | +| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" | +| HardcodedCredentials.js:246:42:246:51 | privateKey | semmle.label | privateKey | +| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | semmle.label | `Basic foo` | +| HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | semmle.label | `${foo ... Token}` | +| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | semmle.label | foo ? ' ... 'OAuth' | +| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | semmle.label | 'Bearer' | +| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | semmle.label | 'OAuth' | +| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | semmle.label | "user:{ ... ERE }}" | +| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | semmle.label | "user:t ... ERE }}" | +| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | semmle.label | "user:( ... HERE )" | +| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | semmle.label | "user:{ ... ken }}" | +| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | semmle.label | "user:abcdefgh" | +| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | semmle.label | "user:12345678" | +| HardcodedCredentials.js:281:36:281:45 | "user:foo" | semmle.label | "user:foo" | +| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | semmle.label | "user:mypassword" | +| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | semmle.label | "user:mytoken" | +| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | semmle.label | "user:fake token" | +| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | semmle.label | "user:dcba" | +| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | semmle.label | "user:custom string" | +| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | semmle.label | `Basic ... sdsdag` | +| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | semmle.label | `Basic ... xxxxxx` | +| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | semmle.label | `Basic ... gbbbbb` | +| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | semmle.label | `Basic ... 000001` | +subpaths #select | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name | | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | password | From bc88f50a5f4ca858d047123d4f913be337f5a734 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:18:51 +0200 Subject: [PATCH 076/223] JS: Port HardcodedDataInterpretedAsCode --- .../HardcodedDataInterpretedAsCodeQuery.qll | 32 +++++++++- .../CWE-506/HardcodedDataInterpretedAsCode.ql | 8 ++- .../HardcodedDataInterpretedAsCode.expected | 63 ++++++++++--------- 3 files changed, 68 insertions(+), 35 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll index 7318681a8827..55ecdbffe804 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll @@ -15,7 +15,37 @@ import HardcodedDataInterpretedAsCodeCustomizations::HardcodedDataInterpretedAsC * A taint-tracking configuration for reasoning about hard-coded data * being interpreted as code */ -class Configuration extends TaintTracking::Configuration { +module HardcodedDataInterpretedAsCodeConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { + source.(Source).getLabel() = lbl + } + + predicate isSink(DataFlow::Node nd, DataFlow::FlowLabel lbl) { nd.(Sink).getLabel() = lbl } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 + ) { + TaintTracking::defaultTaintStep(node1, node2) and + state1.isDataOrTaint() and + state2.isTaint() + } +} + +/** + * Taint-tracking for reasoning about hard-coded data being interpreted as code + */ +module HardcodedDataInterpretedAsCodeFlow = + DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `HardcodedDataInterpretedAsCodeFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "HardcodedDataInterpretedAsCode" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { diff --git a/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql b/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql index 9fd53ce99169..bc6a5e5466fd 100644 --- a/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql +++ b/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql @@ -14,10 +14,12 @@ import javascript import semmle.javascript.security.dataflow.HardcodedDataInterpretedAsCodeQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + HardcodedDataInterpretedAsCodeFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "$@ is interpreted as " + sink.getNode().(Sink).getKind() + ".", source.getNode(), "Hard-coded data" diff --git a/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected b/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected index 76c630812c5e..50fb024e033f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected +++ b/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected @@ -1,45 +1,46 @@ nodes -| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | -| event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | -| tst.js:1:5:1:88 | totallyHarmlessString | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | -| tst.js:2:6:2:46 | Buffer. ... 'hex') | -| tst.js:2:6:2:57 | Buffer. ... tring() | -| tst.js:2:6:2:57 | Buffer. ... tring() | -| tst.js:2:18:2:38 | totally ... sString | -| tst.js:5:5:5:23 | test | -| tst.js:5:12:5:23 | "0123456789" | -| tst.js:5:12:5:23 | "0123456789" | -| tst.js:7:8:7:11 | test | -| tst.js:7:8:7:15 | test+"n" | -| tst.js:7:8:7:15 | test+"n" | +| event-stream-orig.js:93:16:93:16 | r | semmle.label | r | +| event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | semmle.label | Buffer. ... "hex") | +| event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | semmle.label | Buffer. ... tring() | +| event-stream-orig.js:94:26:94:26 | r | semmle.label | r | +| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | semmle.label | e("2e2f ... 17461") | +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | semmle.label | "2e2f74 ... 617461" | +| event-stream.js:5:12:5:12 | r | semmle.label | r | +| event-stream.js:6:10:6:30 | Buffer. ... "hex") | semmle.label | Buffer. ... "hex") | +| event-stream.js:6:10:6:41 | Buffer. ... tring() | semmle.label | Buffer. ... tring() | +| event-stream.js:6:22:6:22 | r | semmle.label | r | +| event-stream.js:9:11:9:37 | e("2e2f ... 17461") | semmle.label | e("2e2f ... 17461") | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | semmle.label | "2e2f74 ... 617461" | +| tst.js:1:5:1:88 | totallyHarmlessString | semmle.label | totallyHarmlessString | +| tst.js:1:29:1:88 | '636f6e ... 6e2729' | semmle.label | '636f6e ... 6e2729' | +| tst.js:2:6:2:46 | Buffer. ... 'hex') | semmle.label | Buffer. ... 'hex') | +| tst.js:2:6:2:57 | Buffer. ... tring() | semmle.label | Buffer. ... tring() | +| tst.js:2:18:2:38 | totally ... sString | semmle.label | totally ... sString | +| tst.js:5:5:5:23 | test | semmle.label | test | +| tst.js:5:12:5:23 | "0123456789" | semmle.label | "0123456789" | +| tst.js:7:8:7:11 | test | semmle.label | test | +| tst.js:7:8:7:15 | test+"n" | semmle.label | test+"n" | edges +| event-stream-orig.js:93:16:93:16 | r | event-stream-orig.js:94:26:94:26 | r | +| event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | +| event-stream-orig.js:94:26:94:26 | r | event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:93:16:93:16 | r | | event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | +| event-stream.js:5:12:5:12 | r | event-stream.js:6:22:6:22 | r | +| event-stream.js:6:10:6:30 | Buffer. ... "hex") | event-stream.js:6:10:6:41 | Buffer. ... tring() | +| event-stream.js:6:22:6:22 | r | event-stream.js:6:10:6:30 | Buffer. ... "hex") | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:5:12:5:12 | r | | event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | | tst.js:1:5:1:88 | totallyHarmlessString | tst.js:2:18:2:38 | totally ... sString | | tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString | -| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() | | tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() | | tst.js:2:18:2:38 | totally ... sString | tst.js:2:6:2:46 | Buffer. ... 'hex') | | tst.js:5:5:5:23 | test | tst.js:7:8:7:11 | test | | tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test | -| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test | -| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" | | tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" | +subpaths +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:93:16:93:16 | r | event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:5:12:5:12 | r | event-stream.js:6:10:6:41 | Buffer. ... tring() | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | #select | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | $@ is interpreted as An import path. | event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | Hard-coded data | | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | $@ is interpreted as An import path. | event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | Hard-coded data | From 8715c1b324d078b4417259a235db96d30f22d766 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:19:32 +0200 Subject: [PATCH 077/223] JS: Port HostHeaderPoisoningInEmailGeneration --- ...tHeaderPoisoningInEmailGenerationQuery.qll | 23 +++++++++++++++++-- .../HostHeaderPoisoningInEmailGeneration.ql | 6 ++--- ...tHeaderPoisoningInEmailGeneration.expected | 21 +++++------------ 3 files changed, 30 insertions(+), 20 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll index f87938dfb71e..889500668029 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll @@ -6,9 +6,28 @@ import javascript /** - * A taint tracking configuration for host header poisoning in email generation. + * A taint tracking configuration for host header poisoning. */ -class Configuration extends TaintTracking::Configuration { +module HostHeaderPoisoningConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + exists(Http::RequestHeaderAccess input | node = input | + input.getKind() = "header" and + input.getAHeaderName() = "host" + ) + } + + predicate isSink(DataFlow::Node node) { exists(EmailSender email | node = email.getABody()) } +} + +/** + * Taint tracking configuration host header poisoning. + */ +module HostHeaderPoisoningFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `HostHeaderPoisoningFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "TaintedHostHeader" } override predicate isSource(DataFlow::Node node) { diff --git a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql index 9cb88a29b9dc..377fcfcd1cb8 100644 --- a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql +++ b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.HostHeaderPoisoningInEmailGenerationQuery -import DataFlow::PathGraph +import HostHeaderPoisoningFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from HostHeaderPoisoningFlow::PathNode source, HostHeaderPoisoningFlow::PathNode sink +where HostHeaderPoisoningFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Links in this email can be hijacked by poisoning the $@.", source.getNode(), "HTTP host header" diff --git a/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected b/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected index c1ac8d456f28..12c11f7b2fef 100644 --- a/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected +++ b/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected @@ -1,21 +1,12 @@ -nodes -| tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:17:84:17:91 | req.host | -| tst.js:17:84:17:91 | req.host | -| tst.js:18:11:18:127 | `Hi, lo ... reset.` | -| tst.js:18:11:18:127 | `Hi, lo ... reset.` | -| tst.js:18:78:18:85 | req.host | -| tst.js:18:78:18:85 | req.host | edges | tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | -| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | -| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | | tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | +nodes +| tst.js:17:11:17:113 | `Hi, lo ... token}` | semmle.label | `Hi, lo ... token}` | +| tst.js:17:84:17:91 | req.host | semmle.label | req.host | +| tst.js:18:11:18:127 | `Hi, lo ... reset.` | semmle.label | `Hi, lo ... reset.` | +| tst.js:18:78:18:85 | req.host | semmle.label | req.host | +subpaths #select | tst.js:17:11:17:113 | `Hi, lo ... token}` | tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | Links in this email can be hijacked by poisoning the $@. | tst.js:17:84:17:91 | req.host | HTTP host header | | tst.js:18:11:18:127 | `Hi, lo ... reset.` | tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | Links in this email can be hijacked by poisoning the $@. | tst.js:18:78:18:85 | req.host | HTTP host header | From 91287226279b31258eaeb8f15c34f96de78f2578 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:19:50 +0200 Subject: [PATCH 078/223] JS: Port ImproperCodeSanitization --- .../ImproperCodeSanitizationQuery.qll | 18 +++- .../CWE-094/ImproperCodeSanitization.ql | 6 +- .../ImproperCodeSanitization.expected | 85 ++++++------------- 3 files changed, 45 insertions(+), 64 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll index fd68b3a7077c..aad78a027d85 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll @@ -13,7 +13,23 @@ import ImproperCodeSanitizationCustomizations::ImproperCodeSanitization /** * A taint-tracking configuration for reasoning about improper code sanitization vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module ImproperCodeSanitizationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about improper code sanitization vulnerabilities. + */ +module ImproperCodeSanitizationFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ImproperCodeSanitizationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ImproperCodeSanitization" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql index 181079b05bb2..2f13568e9288 100644 --- a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql +++ b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.ImproperCodeSanitizationQuery -import DataFlow::PathGraph private import semmle.javascript.heuristics.HeuristicSinks private import semmle.javascript.security.dataflow.CodeInjectionCustomizations +import ImproperCodeSanitizationFlow::PathGraph /** * Gets a type-tracked instance of `RemoteFlowSource` using type-tracker `t`. @@ -60,9 +60,9 @@ private DataFlow::Node endsInCodeInjectionSink() { result = endsInCodeInjectionSink(DataFlow::TypeBackTracker::end()) } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +from ImproperCodeSanitizationFlow::PathNode source, ImproperCodeSanitizationFlow::PathNode sink where - cfg.hasFlowPath(source, sink) and + ImproperCodeSanitizationFlow::flowPath(source, sink) and // Basic detection of duplicate results with `js/code-injection`. not ( sink.getNode().(StringOps::ConcatenationLeaf).getRoot() = endsInCodeInjectionSink() and diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected index 0ab2f14e556a..ee2425775bbf 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected @@ -1,69 +1,34 @@ -nodes -| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | -| bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | -| bad-code-sanitization.js:6:11:6:25 | statements | -| bad-code-sanitization.js:6:24:6:25 | [] | -| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | -| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | -| bad-code-sanitization.js:8:27:8:36 | statements | -| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | -| bad-code-sanitization.js:63:11:63:55 | assignment | -| bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | -| bad-code-sanitization.js:64:27:64:36 | assignment | -| bad-code-sanitization.js:64:27:64:36 | assignment | edges | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | bad-code-sanitization.js:7:31:7:43 | safeProp(key) | -| bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | +| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | | bad-code-sanitization.js:6:11:6:25 | statements | bad-code-sanitization.js:8:27:8:36 | statements | -| bad-code-sanitization.js:6:24:6:25 | [] | bad-code-sanitization.js:6:11:6:25 | statements | -| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:6:24:6:25 | [] | +| bad-code-sanitization.js:7:5:7:14 | [post update] statements | bad-code-sanitization.js:6:11:6:25 | statements | +| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements | | bad-code-sanitization.js:7:31:7:43 | safeProp(key) | bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | | bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | | bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | -| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | -| bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | bad-code-sanitization.js:63:11:63:55 | assignment | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | +| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:11:63:55 | assignment | +nodes +| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | semmle.label | /^[_$a- ... key)}]` | +| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | semmle.label | JSON.stringify(key) | +| bad-code-sanitization.js:6:11:6:25 | statements | semmle.label | statements | +| bad-code-sanitization.js:7:5:7:14 | [post update] statements | semmle.label | [post update] statements | +| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | semmle.label | `${name ... key])}` | +| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | semmle.label | safeProp(key) | +| bad-code-sanitization.js:8:27:8:36 | statements | semmle.label | statements | +| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | semmle.label | statements.join(';') | +| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | semmle.label | htmlescape(pathname) | +| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | semmle.label | JSON.st ... bble")) | +| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | semmle.label | JSON.st ... bble")) | +| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | semmle.label | JSON.st ... (taint) | +| bad-code-sanitization.js:63:11:63:55 | assignment | semmle.label | assignment | +| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | semmle.label | JSON.stringify(key) | +| bad-code-sanitization.js:64:27:64:36 | assignment | semmle.label | assignment | +subpaths #select | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | Code construction depends on an $@. | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | improperly sanitized value | | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | Code construction depends on an $@. | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | improperly sanitized value | From e3ab5bdd1632cf606bfd01d388cf7124a3236742 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:20:09 +0200 Subject: [PATCH 079/223] JS: Port IncompleteHtmlAttributeSanitization --- ...completeHtmlAttributeSanitizationQuery.qll | 29 +++++++- .../IncompleteHtmlAttributeSanitization.ql | 8 +- ...completeHtmlAttributeSanitization.expected | 73 +++++-------------- 3 files changed, 50 insertions(+), 60 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll index 730fa6a0e806..824d689445ea 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll @@ -25,7 +25,34 @@ private module Label { /** * A taint-tracking configuration for reasoning about incomplete HTML sanitization vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module IncompleteHtmlAttributeSanitizationConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + label = Label::characterToLabel(source.(Source).getAnUnsanitizedCharacter()) + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + label = Label::characterToLabel(sink.(Sink).getADangerousCharacter()) + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + lbl = Label::characterToLabel(node.(StringReplaceCall).getAReplacedString()) + } + + predicate isBarrier(DataFlow::Node n) { n instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about incomplete HTML sanitization vulnerabilities. + */ +module IncompleteHtmlAttributeSanitizationFlow = + TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `IncompleteHtmlAttributeSanitizationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "IncompleteHtmlAttributeSanitization" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql index eec14ab7ba3a..46b60ea9c991 100644 --- a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql +++ b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql @@ -15,9 +15,9 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationQuery import semmle.javascript.security.IncompleteBlacklistSanitizer +import DataFlow::DeduplicatePathGraph /** * Gets a pretty string of the dangerous characters for `sink`. @@ -31,8 +31,10 @@ string prettyPrintDangerousCharaters(Sink sink) { ).regexpReplaceAll(",(?=[^,]+$)", " or") } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + IncompleteHtmlAttributeSanitizationFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, // this message is slightly sub-optimal as we do not have an easy way // to get the flow labels that reach the sink, so the message includes diff --git a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected index 7c80b54be340..326e6ea74362 100644 --- a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected +++ b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected @@ -1,64 +1,25 @@ nodes -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | -| tst.js:274:6:274:94 | arr | -| tst.js:274:12:274:94 | s().val ... g , '') | -| tst.js:274:12:274:94 | s().val ... g , '') | -| tst.js:275:9:275:11 | arr | -| tst.js:275:9:275:21 | arr.join(" ") | -| tst.js:275:9:275:21 | arr.join(" ") | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | +| tst.js:243:9:243:31 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:244:9:244:33 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:249:9:249:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:250:9:250:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:253:21:253:45 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:254:32:254:56 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:270:61:270:85 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:274:6:274:94 | arr | semmle.label | arr | +| tst.js:274:12:274:94 | s().val ... g , '') | semmle.label | s().val ... g , '') | +| tst.js:275:9:275:11 | arr | semmle.label | arr | +| tst.js:275:9:275:21 | arr.join(" ") | semmle.label | arr.join(" ") | +| tst.js:300:10:300:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:301:10:301:32 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:302:10:302:34 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:303:10:303:34 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | semmle.label | s().rep ... ;";\\n\\t}) | edges -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | tst.js:270:61:270:85 | s().rep ... /g, '') | | tst.js:274:6:274:94 | arr | tst.js:275:9:275:11 | arr | | tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr | -| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr | -| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") | | tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | +subpaths #select | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:243:9:243:31 | s().rep ... ]/g,'') | this final HTML sanitizer step | | tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:244:9:244:33 | s().rep ... /g, '') | this final HTML sanitizer step | From 8c001916b6234e6c2996f117313d46a7f77d7000 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:20:36 +0200 Subject: [PATCH 080/223] JS: Port IndirectCommandInjection --- .../IndirectCommandInjectionQuery.qll | 32 +- .../CWE-078/IndirectCommandInjection.ql | 12 +- .../IndirectCommandInjection.expected | 519 ++++++------------ 3 files changed, 213 insertions(+), 350 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll index d2de26d5cd03..942946276627 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll @@ -10,7 +10,37 @@ private import IndirectCommandArgument /** * A taint-tracking configuration for reasoning about command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module IndirectCommandInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + /** + * Holds if `sink` is a data-flow sink for command-injection vulnerabilities, and + * the alert should be placed at the node `highlight`. + */ + additional predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { + sink instanceof Sink and highlight = sink + or + isIndirectCommandArgument(sink, highlight) + } + + predicate isSink(DataFlow::Node sink) { isSinkWithHighlight(sink, _) } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + argsParseStep(pred, succ) + } +} + +/** + * Taint-tracking for reasoning about command-injection vulnerabilities. + */ +module IndirectCommandInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `IndirectCommandInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "IndirectCommandInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql b/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql index 34f890234416..cd229cd1f39a 100644 --- a/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql @@ -15,14 +15,16 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.IndirectCommandInjectionQuery +import IndirectCommandInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight +from + IndirectCommandInjectionFlow::PathNode source, IndirectCommandInjectionFlow::PathNode sink, + DataFlow::Node highlight where - cfg.hasFlowPath(source, sink) and - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + IndirectCommandInjectionFlow::flowPath(source, sink) and + if IndirectCommandInjectionConfig::isSinkWithHighlight(sink.getNode(), _) + then IndirectCommandInjectionConfig::isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() select highlight, source, sink, "This command depends on an unsanitized $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected index 47d8d4adcb11..51c52e864498 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected @@ -1,427 +1,258 @@ -nodes -| actions.js:4:6:4:16 | process.env | -| actions.js:4:6:4:16 | process.env | -| actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:7:15:7:15 | e | -| actions.js:8:10:8:10 | e | -| actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:12:6:12:16 | process.env | -| actions.js:12:6:12:16 | process.env | -| actions.js:14:6:14:21 | getInput('data') | -| actions.js:14:6:14:21 | getInput('data') | -| actions.js:14:6:14:21 | getInput('data') | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | -| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | -| command-line-parameter-command-injection.js:10:6:10:33 | args | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | -| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | -| command-line-parameter-command-injection.js:11:14:11:17 | args | -| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:12:26:12:29 | args | -| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | -| command-line-parameter-command-injection.js:14:18:14:21 | args | -| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | -| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | -| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | -| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | -| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | -| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | -| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | -| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | -| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | -| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | -| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | -| command-line-parameter-command-injection.js:24:8:24:35 | args | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | -| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:26:32:26:35 | args | -| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | -| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:32:27:35 | args | -| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | -| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | -| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | -| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | -| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | -| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | -| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | -| command-line-parameter-command-injection.js:36:6:39:7 | args | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | -| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:41:22:41:25 | args | -| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | -| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | -| command-line-parameter-command-injection.js:47:8:53:12 | args | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | -| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:55:22:55:25 | args | -| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | -| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | -| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | -| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | -| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | -| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | -| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | -| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | -| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | -| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | -| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | -| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | -| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | -| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | -| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | -| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | -| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | -| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | -| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | -| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | -| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | -| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | -| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | -| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | -| command-line-parameter-command-injection.js:76:8:76:35 | argv | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | -| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | -| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | -| command-line-parameter-command-injection.js:79:31:79:34 | argv | -| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | -| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | -| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | -| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | -| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | -| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | -| command-line-parameter-command-injection.js:88:6:88:37 | flags | -| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | -| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:89:22:89:26 | flags | -| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | -| command-line-parameter-command-injection.js:91:6:91:38 | flags | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | -| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:92:22:92:26 | flags | -| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | -| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | -| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | -| command-line-parameter-command-injection.js:107:8:107:51 | options | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | -| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:108:22:108:28 | options | -| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | -| command-line-parameter-command-injection.js:114:8:114:52 | cli | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | -| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:116:22:116:24 | cli | -| command-line-parameter-command-injection.js:116:22:116:30 | cli.input | -| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | -| command-line-parameter-command-injection.js:122:6:122:46 | opts | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | -| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:124:22:124:25 | opts | -| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | -| command-line-parameter-command-injection.js:127:6:127:26 | opts | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | -| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:129:22:129:25 | opts | -| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | -| command-line-parameter-command-injection.js:133:8:133:41 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | -| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:28 | program | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | -| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | edges | actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | | actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e | | actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | | actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | -| actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | -| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | +| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | | command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args | | command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:12:26:12:29 | args | | command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:14:18:14:21 | args | +| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | +| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | command-line-parameter-command-injection.js:10:6:10:33 | args | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | | command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:26:12:32 | args[0] | -| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | +| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | | command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | +| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | -| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | +| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:20:26:20:29 | arg0 | -| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | -| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | -| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | +| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | | command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | | command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args | | command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args | | command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args | -| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:32:26:38 | args[0] | -| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | +| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | | command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | +| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | +| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | +| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | | command-line-parameter-command-injection.js:36:6:39:7 | args | command-line-parameter-command-injection.js:41:22:41:25 | args | | command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args | -| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | | command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | +| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | | command-line-parameter-command-injection.js:47:8:53:12 | args | command-line-parameter-command-injection.js:55:22:55:25 | args | | command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | command-line-parameter-command-injection.js:47:8:53:12 | args | | command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | | command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | | command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | | command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | | command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | | command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | | command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | | command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | | command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | -| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | -| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | -| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | +| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | +| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | | command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | | command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | command-line-parameter-command-injection.js:68:6:68:40 | taint3 | | command-line-parameter-command-injection.js:68:6:68:40 | taint3 | command-line-parameter-command-injection.js:69:22:69:27 | taint3 | | command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | -| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | | command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | command-line-parameter-command-injection.js:71:6:71:40 | taint4 | | command-line-parameter-command-injection.js:71:6:71:40 | taint4 | command-line-parameter-command-injection.js:72:22:72:27 | taint4 | | command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | -| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | | command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | | command-line-parameter-command-injection.js:76:8:76:35 | argv | command-line-parameter-command-injection.js:79:31:79:34 | argv | | command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | command-line-parameter-command-injection.js:76:8:76:35 | argv | -| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | -| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | +| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | | command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | -| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | -| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | +| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | | command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | -| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | -| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | +| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | | command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | | command-line-parameter-command-injection.js:88:6:88:37 | flags | command-line-parameter-command-injection.js:89:22:89:26 | flags | | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | command-line-parameter-command-injection.js:88:6:88:37 | flags | | command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | -| command-line-parameter-command-injection.js:89:22:89:26 | flags | command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | -| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | +| command-line-parameter-command-injection.js:89:22:89:26 | flags | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | | command-line-parameter-command-injection.js:91:6:91:38 | flags | command-line-parameter-command-injection.js:92:22:92:26 | flags | | command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | -| command-line-parameter-command-injection.js:92:22:92:26 | flags | command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | -| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | +| command-line-parameter-command-injection.js:92:22:92:26 | flags | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | +| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | | command-line-parameter-command-injection.js:107:8:107:51 | options | command-line-parameter-command-injection.js:108:22:108:28 | options | | command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options | -| command-line-parameter-command-injection.js:108:22:108:28 | options | command-line-parameter-command-injection.js:108:22:108:32 | options.foo | -| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | +| command-line-parameter-command-injection.js:108:22:108:28 | options | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | | command-line-parameter-command-injection.js:114:8:114:52 | cli | command-line-parameter-command-injection.js:116:22:116:24 | cli | | command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli | -| command-line-parameter-command-injection.js:116:22:116:24 | cli | command-line-parameter-command-injection.js:116:22:116:30 | cli.input | -| command-line-parameter-command-injection.js:116:22:116:30 | cli.input | command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | -| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | +| command-line-parameter-command-injection.js:116:22:116:24 | cli | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | | command-line-parameter-command-injection.js:122:6:122:46 | opts | command-line-parameter-command-injection.js:124:22:124:25 | opts | | command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts | -| command-line-parameter-command-injection.js:124:22:124:25 | opts | command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | -| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | +| command-line-parameter-command-injection.js:124:22:124:25 | opts | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | | command-line-parameter-command-injection.js:127:6:127:26 | opts | command-line-parameter-command-injection.js:129:22:129:25 | opts | | command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts | -| command-line-parameter-command-injection.js:129:22:129:25 | opts | command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | -| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | +| command-line-parameter-command-injection.js:129:22:129:25 | opts | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | | command-line-parameter-command-injection.js:133:8:133:41 | program | command-line-parameter-command-injection.js:137:22:137:28 | program | | command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:28 | program | command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:137:22:137:28 | program | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | | command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | +nodes +| actions.js:4:6:4:16 | process.env | semmle.label | process.env | +| actions.js:4:6:4:29 | process ... _DATA'] | semmle.label | process ... _DATA'] | +| actions.js:7:15:7:15 | e | semmle.label | e | +| actions.js:8:10:8:10 | e | semmle.label | e | +| actions.js:8:10:8:23 | e['TEST_DATA'] | semmle.label | e['TEST_DATA'] | +| actions.js:12:6:12:16 | process.env | semmle.label | process.env | +| actions.js:14:6:14:21 | getInput('data') | semmle.label | getInput('data') | +| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | semmle.label | "cmd.sh ... argv[2] | +| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:10:6:10:33 | args | semmle.label | args | +| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | semmle.label | args [ArrayElement] | +| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] | +| command-line-parameter-command-injection.js:11:14:11:17 | args | semmle.label | args | +| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | semmle.label | args[0] | +| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | semmle.label | "cmd.sh " + args[0] | +| command-line-parameter-command-injection.js:12:26:12:29 | args | semmle.label | args | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:14:18:14:21 | args | semmle.label | args | +| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | semmle.label | args [ArrayElement] | +| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | semmle.label | args.slice(1) | +| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | semmle.label | fewerArgs[0] | +| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | semmle.label | "cmd.sh ... Args[0] | +| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | semmle.label | arg0 | +| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | semmle.label | arg0 | +| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | semmle.label | "cmd.sh " + arg0 | +| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | semmle.label | arg0 | +| command-line-parameter-command-injection.js:24:8:24:35 | args | semmle.label | args | +| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | semmle.label | `node $ ... ption"` | +| command-line-parameter-command-injection.js:26:32:26:35 | args | semmle.label | args | +| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | semmle.label | `node $ ... ption"` | +| command-line-parameter-command-injection.js:27:32:27:35 | args | semmle.label | args | +| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | semmle.label | args.join(' ') | +| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | semmle.label | "cmd.sh ... )().foo | +| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | semmle.label | require ... rgs")() | +| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | semmle.label | "cmd.sh ... rgv.foo | +| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | semmle.label | require ... ").argv | +| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | semmle.label | "cmd.sh ... rgv.foo | +| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | semmle.label | require ... ").argv | +| command-line-parameter-command-injection.js:36:6:39:7 | args | semmle.label | args | +| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | semmle.label | require ... \\t\\t.argv | +| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | semmle.label | "cmd.sh " + args | +| command-line-parameter-command-injection.js:41:22:41:25 | args | semmle.label | args | +| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | semmle.label | "cmd.sh ... e().foo | +| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | semmle.label | require ... parse() | +| command-line-parameter-command-injection.js:47:8:53:12 | args | semmle.label | args | +| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | semmle.label | argv: { ... rgs\\n\\t\\t} | +| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | semmle.label | {\\n\\t\\t\\t...args\\n\\t\\t} | +| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | semmle.label | "cmd.sh " + args | +| command-line-parameter-command-injection.js:55:22:55:25 | args | semmle.label | args | +| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | semmle.label | tainted1 | +| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | semmle.label | require ... ').argv | +| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | semmle.label | tainted2 | +| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | semmle.label | require ... parse() | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | semmle.label | {taint1 ... 2rest}} [taint1] | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | semmle.label | {taint1 ... 2rest}} [taint2] | +| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | semmle.label | taint1rest | +| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | semmle.label | taint2rest | +| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | semmle.label | taint1: ... t1rest} | +| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | semmle.label | {...taint1rest} | +| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | semmle.label | taint2: ... t2rest} | +| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | semmle.label | {...taint2rest} | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | semmle.label | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | semmle.label | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | +| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | semmle.label | tainted1 | +| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | semmle.label | tainted2 | +| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | semmle.label | "cmd.sh ... nt1rest | +| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | semmle.label | taint1rest | +| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | semmle.label | "cmd.sh ... nt2rest | +| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | semmle.label | taint2rest | +| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | semmle.label | {...taint3} | +| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | semmle.label | taint3 | +| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | semmle.label | require ... ').argv | +| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | semmle.label | "cmd.sh " + taint3 | +| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | semmle.label | taint3 | +| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | semmle.label | [...taint4] | +| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | semmle.label | taint4 | +| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | semmle.label | require ... ').argv | +| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | semmle.label | "cmd.sh " + taint4 | +| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | semmle.label | taint4 | +| command-line-parameter-command-injection.js:76:8:76:35 | argv | semmle.label | argv | +| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | semmle.label | "cmd.sh ... gv).foo | +| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | semmle.label | minimist(argv) | +| command-line-parameter-command-injection.js:79:31:79:34 | argv | semmle.label | argv | +| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | semmle.label | "cmd.sh ... 2)).foo | +| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | semmle.label | subarg( ... ice(2)) | +| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | semmle.label | "cmd.sh ... 2)).foo | +| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | semmle.label | yargsPa ... ice(2)) | +| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:88:6:88:37 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | semmle.label | args.pa ... s.argv) | +| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | semmle.label | "cmd.sh ... ags.foo | +| command-line-parameter-command-injection.js:89:22:89:26 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:91:6:91:38 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | semmle.label | require ... .spec}) | +| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | semmle.label | "cmd.sh ... ags.foo | +| command-line-parameter-command-injection.js:92:22:92:26 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | semmle.label | "cmd.sh ... s().foo | +| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | semmle.label | parser.parse_args() | +| command-line-parameter-command-injection.js:107:8:107:51 | options | semmle.label | options | +| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | semmle.label | command ... itions) | +| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | semmle.label | "cmd.sh ... ons.foo | +| command-line-parameter-command-injection.js:108:22:108:28 | options | semmle.label | options | +| command-line-parameter-command-injection.js:114:8:114:52 | cli | semmle.label | cli | +| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | semmle.label | meow(`h ... lags}}) | +| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | semmle.label | "cmd.sh ... nput[0] | +| command-line-parameter-command-injection.js:116:22:116:24 | cli | semmle.label | cli | +| command-line-parameter-command-injection.js:122:6:122:46 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | semmle.label | dashdas ... tions}) | +| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | semmle.label | "cmd.sh " + opts.foo | +| command-line-parameter-command-injection.js:124:22:124:25 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:127:6:127:26 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | semmle.label | parser.parse() | +| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | semmle.label | "cmd.sh " + opts.foo | +| command-line-parameter-command-injection.js:129:22:129:25 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:133:8:133:41 | program | semmle.label | program | +| command-line-parameter-command-injection.js:133:10:133:16 | program | semmle.label | program | +| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | semmle.label | program.opts() | +| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | semmle.label | program ... zzaType | +| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:137:22:137:28 | program | semmle.label | program | +| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | semmle.label | program.pizzaType | +| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | semmle.label | program.opts() | +| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | semmle.label | program ... zzaType | +| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | semmle.label | program.pizzaType | +subpaths #select | actions.js:4:6:4:29 | process ... _DATA'] | actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | This command depends on an unsanitized $@. | actions.js:4:6:4:16 | process.env | environment variable | | actions.js:8:10:8:23 | e['TEST_DATA'] | actions.js:12:6:12:16 | process.env | actions.js:8:10:8:23 | e['TEST_DATA'] | This command depends on an unsanitized $@. | actions.js:12:6:12:16 | process.env | environment variable | From 99f63b1cfa6de7d9ef9d8f5f82b144127d0871f6 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:20:46 +0200 Subject: [PATCH 081/223] JS: Port InsecureDownload --- .../dataflow/InsecureDownloadQuery.qll | 30 ++++++-- .../src/Security/CWE-829/InsecureDownload.ql | 6 +- .../CWE-829/InsecureDownload.expected | 71 ++++++++++--------- 3 files changed, 65 insertions(+), 42 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll index 8b7eb42dd255..7f7d3341d5ae 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll @@ -12,19 +12,41 @@ import InsecureDownloadCustomizations::InsecureDownload /** * A taint tracking configuration for download of sensitive file through insecure connection. */ -class Configuration extends DataFlow::Configuration { +module InsecureDownloadConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getALabel() = label + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink.(Sink).getALabel() = label + } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking for download of sensitive file through insecure connection. + */ +module InsecureDownload = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `InsecureDownload` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { Configuration() { this = "InsecureDownload" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getALabel() = label + InsecureDownloadConfig::isSource(source, label) } override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink.(Sink).getALabel() = label + InsecureDownloadConfig::isSink(sink, label) } override predicate isBarrier(DataFlow::Node node) { super.isBarrier(node) or - node instanceof Sanitizer + InsecureDownloadConfig::isBarrier(node) } } diff --git a/javascript/ql/src/Security/CWE-829/InsecureDownload.ql b/javascript/ql/src/Security/CWE-829/InsecureDownload.ql index d1f272674772..4644f9813927 100644 --- a/javascript/ql/src/Security/CWE-829/InsecureDownload.ql +++ b/javascript/ql/src/Security/CWE-829/InsecureDownload.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.InsecureDownloadQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where InsecureDownload::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "$@ of sensitive file from $@.", sink.getNode().(Sink).getDownloadCall(), "Download", source.getNode(), "HTTP source" diff --git a/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected b/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected index 8f3d1e04673b..8e0f2f5af591 100644 --- a/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected +++ b/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected @@ -1,43 +1,44 @@ nodes -| insecure-download.js:5:16:5:28 | installer.url | -| insecure-download.js:5:16:5:28 | installer.url | -| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | -| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | -| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | -| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | -| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | -| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | -| insecure-download.js:36:9:36:45 | url | -| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | -| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | -| insecure-download.js:37:23:37:25 | url | -| insecure-download.js:37:23:37:25 | url | -| insecure-download.js:39:26:39:28 | url | -| insecure-download.js:39:26:39:28 | url | -| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | -| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | -| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | -| insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | -| insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | -| insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | -| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | -| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | -| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | +| insecure-download.js:4:28:4:36 | installer [url] | semmle.label | installer [url] | +| insecure-download.js:5:16:5:24 | installer [url] | semmle.label | installer [url] | +| insecure-download.js:5:16:5:28 | installer.url | semmle.label | installer.url | +| insecure-download.js:7:9:11:5 | constants [buildTools, installerUrl] | semmle.label | constants [buildTools, installerUrl] | +| insecure-download.js:7:21:11:5 | {\\n ... }\\n } [buildTools, installerUrl] | semmle.label | {\\n ... }\\n } [buildTools, installerUrl] | +| insecure-download.js:8:21:10:9 | {\\n ... } [installerUrl] | semmle.label | {\\n ... } [installerUrl] | +| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | semmle.label | 'http:/ ... ll.exe' | +| insecure-download.js:13:15:13:47 | buildTools [installerUrl] | semmle.label | buildTools [installerUrl] | +| insecure-download.js:13:28:13:36 | constants [buildTools, installerUrl] | semmle.label | constants [buildTools, installerUrl] | +| insecure-download.js:13:28:13:47 | constants.buildTools [installerUrl] | semmle.label | constants.buildTools [installerUrl] | +| insecure-download.js:14:16:16:9 | {\\n ... } [url] | semmle.label | {\\n ... } [url] | +| insecure-download.js:15:18:15:27 | buildTools [installerUrl] | semmle.label | buildTools [installerUrl] | +| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | semmle.label | buildTo ... llerUrl | +| insecure-download.js:19:19:19:46 | getBuil ... rPath() [url] | semmle.label | getBuil ... rPath() [url] | +| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | semmle.label | "http:/ ... fe.APK" | +| insecure-download.js:36:9:36:45 | url | semmle.label | url | +| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | semmle.label | "http:/ ... fe.APK" | +| insecure-download.js:37:23:37:25 | url | semmle.label | url | +| insecure-download.js:39:26:39:28 | url | semmle.label | url | +| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | semmle.label | "ftp:// ... fe.APK" | +| insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | semmle.label | "http:/ ... unsafe" | +| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | semmle.label | "http:/ ... nknown" | edges -| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:15:18:15:40 | buildTo ... llerUrl | -| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:15:18:15:40 | buildTo ... llerUrl | -| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:5:16:5:28 | installer.url | -| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:5:16:5:28 | installer.url | -| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | +| insecure-download.js:4:28:4:36 | installer [url] | insecure-download.js:5:16:5:24 | installer [url] | +| insecure-download.js:5:16:5:24 | installer [url] | insecure-download.js:5:16:5:28 | installer.url | +| insecure-download.js:7:9:11:5 | constants [buildTools, installerUrl] | insecure-download.js:13:28:13:36 | constants [buildTools, installerUrl] | +| insecure-download.js:7:21:11:5 | {\\n ... }\\n } [buildTools, installerUrl] | insecure-download.js:7:9:11:5 | constants [buildTools, installerUrl] | +| insecure-download.js:8:21:10:9 | {\\n ... } [installerUrl] | insecure-download.js:7:21:11:5 | {\\n ... }\\n } [buildTools, installerUrl] | +| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:8:21:10:9 | {\\n ... } [installerUrl] | +| insecure-download.js:13:15:13:47 | buildTools [installerUrl] | insecure-download.js:15:18:15:27 | buildTools [installerUrl] | +| insecure-download.js:13:28:13:36 | constants [buildTools, installerUrl] | insecure-download.js:13:28:13:47 | constants.buildTools [installerUrl] | +| insecure-download.js:13:28:13:47 | constants.buildTools [installerUrl] | insecure-download.js:13:15:13:47 | buildTools [installerUrl] | +| insecure-download.js:14:16:16:9 | {\\n ... } [url] | insecure-download.js:19:19:19:46 | getBuil ... rPath() [url] | +| insecure-download.js:15:18:15:27 | buildTools [installerUrl] | insecure-download.js:15:18:15:40 | buildTo ... llerUrl | +| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:14:16:16:9 | {\\n ... } [url] | +| insecure-download.js:19:19:19:46 | getBuil ... rPath() [url] | insecure-download.js:4:28:4:36 | installer [url] | | insecure-download.js:36:9:36:45 | url | insecure-download.js:37:23:37:25 | url | -| insecure-download.js:36:9:36:45 | url | insecure-download.js:37:23:37:25 | url | -| insecure-download.js:36:9:36:45 | url | insecure-download.js:39:26:39:28 | url | | insecure-download.js:36:9:36:45 | url | insecure-download.js:39:26:39:28 | url | | insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url | -| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url | -| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | -| insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | -| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | insecure-download.js:52:11:52:45 | "http:/ ... nknown" | +subpaths #select | insecure-download.js:5:16:5:28 | installer.url | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:5:16:5:28 | installer.url | $@ of sensitive file from $@. | insecure-download.js:5:9:5:44 | nugget( ... => { }) | Download | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | HTTP source | | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | $@ of sensitive file from $@. | insecure-download.js:30:5:30:43 | nugget( ... e.APK") | Download | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | HTTP source | From cd1a1e25ae6dfa1da9bb4f154ecd48abf6b7e718 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:20:58 +0200 Subject: [PATCH 082/223] JS: Port InsecureRandomness --- .../dataflow/InsecureRandomnessQuery.qll | 32 ++- .../Security/CWE-338/InsecureRandomness.ql | 6 +- .../CWE-338/InsecureRandomness.expected | 197 +++++------------- 3 files changed, 91 insertions(+), 144 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll index 78dfdbfe8336..b4804e8f4644 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll @@ -15,7 +15,37 @@ private import InsecureRandomnessCustomizations::InsecureRandomness as InsecureR /** * A taint tracking configuration for random values that are not cryptographically secure. */ -class Configuration extends TaintTracking::Configuration { +module InsecureRandomnessConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierOut(DataFlow::Node node) { + // stop propagation at the sinks to avoid double reporting + isSink(node) + } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + InsecureRandomness::isAdditionalTaintStep(pred, succ) + or + // We want to make use of default taint steps but not the default taint sanitizers, as they + // generally assume numbers aren't taintable. So we use a data-flow configuration that includes all + // taint steps as additional flow steps. + TaintTracking::defaultTaintStep(pred, succ) + } +} + +/** + * Taint tracking for random values that are not cryptographically secure. + */ +module InsecureRandomnessFlow = DataFlow::Global; + +/** + * DEPRECATED. Use the `InsecureRandomnessFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "InsecureRandomness" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql index 1d30221358d3..2bfcfc14d509 100644 --- a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql +++ b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.InsecureRandomnessQuery -import DataFlow::PathGraph +import InsecureRandomnessFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from InsecureRandomnessFlow::PathNode source, InsecureRandomnessFlow::PathNode sink +where InsecureRandomnessFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This uses a cryptographically insecure random number generated at $@ in a security context.", source.getNode(), source.getNode().toString() diff --git a/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected b/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected index a5a06eba7dbf..8d4e9c108fbb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected +++ b/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected @@ -1,176 +1,93 @@ -nodes -| tst.js:2:20:2:32 | Math.random() | -| tst.js:2:20:2:32 | Math.random() | -| tst.js:2:20:2:32 | Math.random() | -| tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:31:6:43 | Math.random() | -| tst.js:6:31:6:43 | Math.random() | -| tst.js:10:20:10:32 | Math.random() | -| tst.js:10:20:10:32 | Math.random() | -| tst.js:10:20:10:32 | Math.random() | -| tst.js:19:9:19:36 | suffix | -| tst.js:19:18:19:30 | Math.random() | -| tst.js:19:18:19:30 | Math.random() | -| tst.js:19:18:19:36 | Math.random() % 255 | -| tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:20:31:20:36 | suffix | -| tst.js:28:9:28:26 | pw | -| tst.js:28:14:28:26 | Math.random() | -| tst.js:28:14:28:26 | Math.random() | -| tst.js:29:20:29:21 | pw | -| tst.js:29:20:29:21 | pw | -| tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | -| tst.js:41:21:41:33 | Math.random() | -| tst.js:45:18:45:30 | Math.random() | -| tst.js:45:18:45:30 | Math.random() | -| tst.js:45:18:45:30 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | -| tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:22:61:34 | Math.random() | -| tst.js:61:22:61:34 | Math.random() | -| tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:29:66:41 | Math.random() | -| tst.js:66:29:66:41 | Math.random() | -| tst.js:71:9:71:48 | rand | -| tst.js:71:16:71:48 | Math.fl ... 999999) | -| tst.js:71:27:71:39 | Math.random() | -| tst.js:71:27:71:39 | Math.random() | -| tst.js:71:27:71:47 | Math.ra ... 9999999 | -| tst.js:72:9:72:48 | concat | -| tst.js:72:18:72:48 | ts.toSt ... tring() | -| tst.js:72:34:72:37 | rand | -| tst.js:72:34:72:48 | rand.toString() | -| tst.js:73:23:73:28 | concat | -| tst.js:73:23:73:28 | concat | -| tst.js:77:16:77:21 | secret | -| tst.js:77:16:77:21 | secret | -| tst.js:80:7:80:19 | Math.random() | -| tst.js:80:7:80:19 | Math.random() | -| tst.js:84:19:84:31 | Math.random() | -| tst.js:84:19:84:31 | Math.random() | -| tst.js:84:19:84:31 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | -| tst.js:115:16:115:56 | Math.fl ... 00_000) | -| tst.js:115:16:115:56 | Math.fl ... 00_000) | -| tst.js:115:27:115:39 | Math.random() | -| tst.js:115:27:115:39 | Math.random() | -| tst.js:115:27:115:55 | Math.ra ... 000_000 | -| tst.js:116:22:116:62 | Math.fl ... 00_000) | -| tst.js:116:22:116:62 | Math.fl ... 00_000) | -| tst.js:116:33:116:45 | Math.random() | -| tst.js:116:33:116:45 | Math.random() | -| tst.js:116:33:116:61 | Math.ra ... 000_000 | -| tst.js:117:15:117:55 | Math.fl ... 00_000) | -| tst.js:117:15:117:55 | Math.fl ... 00_000) | -| tst.js:117:26:117:38 | Math.random() | -| tst.js:117:26:117:38 | Math.random() | -| tst.js:117:26:117:54 | Math.ra ... 000_000 | -| tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:118:34:118:46 | Math.random() | -| tst.js:118:34:118:46 | Math.random() | -| tst.js:118:34:118:62 | Math.ra ... 000_000 | -| tst.js:120:16:120:28 | Math.random() | -| tst.js:120:16:120:28 | Math.random() | -| tst.js:120:16:120:28 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | -| tst.js:136:9:136:67 | password | -| tst.js:136:9:136:67 | password | -| tst.js:136:21:136:67 | chars[M ... ength)] | -| tst.js:136:27:136:66 | Math.fl ... length) | -| tst.js:136:38:136:50 | Math.random() | -| tst.js:136:38:136:50 | Math.random() | -| tst.js:136:38:136:65 | Math.ra ... .length | edges -| tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | | tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:10:20:10:32 | Math.random() | tst.js:10:20:10:32 | Math.random() | | tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix | | tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | -| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | | tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix | | tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | | tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | -| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | -| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | | tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | | tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:45:18:45:30 | Math.random() | tst.js:45:18:45:30 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | tst.js:50:16:50:28 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | tst.js:55:17:55:29 | Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | | tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | | tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | | tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand | | tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand | | tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | -| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | | tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) | | tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | -| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | | tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat | | tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() | | tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() | | tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret | | tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | -| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | -| tst.js:84:19:84:31 | Math.random() | tst.js:84:19:84:31 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | tst.js:90:32:90:44 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | tst.js:95:33:95:45 | Math.random() | | tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | -| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | -| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | | tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | | tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | -| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | -| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | | tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | | tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | -| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | -| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | | tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | | tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | -| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | -| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | | tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:120:16:120:28 | Math.random() | tst.js:120:16:120:28 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | tst.js:121:18:121:30 | Math.random() | -| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | | tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | | tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] | | tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | -| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | | tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) | +nodes +| tst.js:2:20:2:32 | Math.random() | semmle.label | Math.random() | +| tst.js:6:20:6:43 | "prefix ... andom() | semmle.label | "prefix ... andom() | +| tst.js:6:31:6:43 | Math.random() | semmle.label | Math.random() | +| tst.js:10:20:10:32 | Math.random() | semmle.label | Math.random() | +| tst.js:19:9:19:36 | suffix | semmle.label | suffix | +| tst.js:19:18:19:30 | Math.random() | semmle.label | Math.random() | +| tst.js:19:18:19:36 | Math.random() % 255 | semmle.label | Math.random() % 255 | +| tst.js:20:20:20:36 | "prefix" + suffix | semmle.label | "prefix" + suffix | +| tst.js:20:31:20:36 | suffix | semmle.label | suffix | +| tst.js:28:9:28:26 | pw | semmle.label | pw | +| tst.js:28:14:28:26 | Math.random() | semmle.label | Math.random() | +| tst.js:29:20:29:21 | pw | semmle.label | pw | +| tst.js:41:20:41:33 | !Math.random() | semmle.label | !Math.random() | +| tst.js:41:21:41:33 | Math.random() | semmle.label | Math.random() | +| tst.js:45:18:45:30 | Math.random() | semmle.label | Math.random() | +| tst.js:50:16:50:28 | Math.random() | semmle.label | Math.random() | +| tst.js:55:17:55:29 | Math.random() | semmle.label | Math.random() | +| tst.js:61:17:61:34 | '' + Math.random() | semmle.label | '' + Math.random() | +| tst.js:61:22:61:34 | Math.random() | semmle.label | Math.random() | +| tst.js:66:18:66:42 | Math.fl ... ndom()) | semmle.label | Math.fl ... ndom()) | +| tst.js:66:29:66:41 | Math.random() | semmle.label | Math.random() | +| tst.js:71:9:71:48 | rand | semmle.label | rand | +| tst.js:71:16:71:48 | Math.fl ... 999999) | semmle.label | Math.fl ... 999999) | +| tst.js:71:27:71:39 | Math.random() | semmle.label | Math.random() | +| tst.js:71:27:71:47 | Math.ra ... 9999999 | semmle.label | Math.ra ... 9999999 | +| tst.js:72:9:72:48 | concat | semmle.label | concat | +| tst.js:72:18:72:48 | ts.toSt ... tring() | semmle.label | ts.toSt ... tring() | +| tst.js:72:34:72:37 | rand | semmle.label | rand | +| tst.js:72:34:72:48 | rand.toString() | semmle.label | rand.toString() | +| tst.js:73:23:73:28 | concat | semmle.label | concat | +| tst.js:77:16:77:21 | secret | semmle.label | secret | +| tst.js:77:16:77:21 | secret | semmle.label | secret | +| tst.js:80:7:80:19 | Math.random() | semmle.label | Math.random() | +| tst.js:84:19:84:31 | Math.random() | semmle.label | Math.random() | +| tst.js:90:32:90:44 | Math.random() | semmle.label | Math.random() | +| tst.js:95:33:95:45 | Math.random() | semmle.label | Math.random() | +| tst.js:115:16:115:56 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:115:27:115:39 | Math.random() | semmle.label | Math.random() | +| tst.js:115:27:115:55 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:116:22:116:62 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:116:33:116:45 | Math.random() | semmle.label | Math.random() | +| tst.js:116:33:116:61 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:117:15:117:55 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:117:26:117:38 | Math.random() | semmle.label | Math.random() | +| tst.js:117:26:117:54 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:118:23:118:63 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:118:34:118:46 | Math.random() | semmle.label | Math.random() | +| tst.js:118:34:118:62 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:120:16:120:28 | Math.random() | semmle.label | Math.random() | +| tst.js:121:18:121:30 | Math.random() | semmle.label | Math.random() | +| tst.js:136:9:136:67 | password | semmle.label | password | +| tst.js:136:21:136:67 | chars[M ... ength)] | semmle.label | chars[M ... ength)] | +| tst.js:136:27:136:66 | Math.fl ... length) | semmle.label | Math.fl ... length) | +| tst.js:136:38:136:50 | Math.random() | semmle.label | Math.random() | +| tst.js:136:38:136:65 | Math.ra ... .length | semmle.label | Math.ra ... .length | +subpaths #select | tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | This uses a cryptographically insecure random number generated at $@ in a security context. | tst.js:2:20:2:32 | Math.random() | Math.random() | | tst.js:6:20:6:43 | "prefix ... andom() | tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | This uses a cryptographically insecure random number generated at $@ in a security context. | tst.js:6:31:6:43 | Math.random() | Math.random() | From fd98b2546d37a90b39bc418f0e1417212f8d133f Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:21:12 +0200 Subject: [PATCH 083/223] JS: Port InsecureTemporaryFile --- .../dataflow/InsecureTemporaryFileQuery.qll | 18 ++++++- .../Security/CWE-377/InsecureTemporaryFile.ql | 6 +-- .../CWE-377/InsecureTemporaryFile.expected | 53 +++++++------------ 3 files changed, 38 insertions(+), 39 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll index 56c22972c163..66e63b0a7a49 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll @@ -13,7 +13,23 @@ import InsecureTemporaryFileCustomizations::InsecureTemporaryFile /** * A taint-tracking configuration for reasoning about insecure temporary file creation. */ -class Configuration extends TaintTracking::Configuration { +module InsecureTemporaryFileConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about insecure temporary file creation. + */ +module InsecureTemporaryFileFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `InsecureTemporaryFileFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "InsecureTemporaryFile" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql b/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql index 9e9a9f126590..9a13bfbe4a51 100644 --- a/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql +++ b/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql @@ -13,10 +13,10 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.InsecureTemporaryFileQuery +import InsecureTemporaryFileFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from InsecureTemporaryFileFlow::PathNode source, InsecureTemporaryFileFlow::PathNode sink +where InsecureTemporaryFileFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Insecure creation of file in $@.", source.getNode(), "the os temp dir" diff --git a/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected b/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected index 8952998dd9c5..113ac3bd205c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected +++ b/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected @@ -1,50 +1,33 @@ -nodes -| insecure-temporary-file.js:7:9:11:5 | tmpLocation | -| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | -| insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | -| insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:15:9:15:34 | tmpPath | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | -| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:17:32:17:38 | tmpPath | -| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:32:23:38 | tmpPath | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | -| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | -| insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:28:17:28:24 | tmpPath2 | -| insecure-temporary-file.js:28:17:28:24 | tmpPath2 | edges | insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation | | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | insecure-temporary-file.js:7:9:11:5 | tmpLocation | -| insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | +| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | | insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:17:32:17:38 | tmpPath | | insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:23:32:23:38 | tmpPath | | insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath | | insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | | insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | | insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 | | insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 | | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | insecure-temporary-file.js:25:11:25:92 | tmpPath2 | | insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | +nodes +| insecure-temporary-file.js:7:9:11:5 | tmpLocation | semmle.label | tmpLocation | +| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | semmle.label | path.jo ... )\\n ) | +| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | semmle.label | os.tmpdir() | +| insecure-temporary-file.js:13:22:13:32 | tmpLocation | semmle.label | tmpLocation | +| insecure-temporary-file.js:15:9:15:34 | tmpPath | semmle.label | tmpPath | +| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | semmle.label | "/tmp/something" | +| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | semmle.label | path.jo ... /foo/") | +| insecure-temporary-file.js:17:32:17:38 | tmpPath | semmle.label | tmpPath | +| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | semmle.label | path.jo ... /foo/") | +| insecure-temporary-file.js:23:32:23:38 | tmpPath | semmle.label | tmpPath | +| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | semmle.label | tmpPath2 | +| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | semmle.label | path.jo ... )}.md`) | +| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | semmle.label | os.tmpdir() | +| insecure-temporary-file.js:26:22:26:29 | tmpPath2 | semmle.label | tmpPath2 | +| insecure-temporary-file.js:28:17:28:24 | tmpPath2 | semmle.label | tmpPath2 | +subpaths #select | insecure-temporary-file.js:13:22:13:32 | tmpLocation | insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:13:22:13:32 | tmpLocation | Insecure creation of file in $@. | insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | the os temp dir | | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | Insecure creation of file in $@. | insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | the os temp dir | From e1fae3d16d72254f2ab9603614f0ddd551c71d83 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:21:25 +0200 Subject: [PATCH 084/223] JS: Port InsufficientPasswordHash --- .../dataflow/InsufficientPasswordHashQuery.qll | 18 +++++++++++++++++- .../CWE-916/InsufficientPasswordHash.ql | 6 +++--- .../CWE-916/InsufficientPasswordHash.expected | 18 +++++------------- 3 files changed, 25 insertions(+), 17 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll index 40bfcc1072bd..d01e46360fd0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll @@ -19,7 +19,23 @@ import InsufficientPasswordHashCustomizations::InsufficientPasswordHash * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module InsufficientPasswordHashConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking for password hashing with insufficient computational effort. + */ +module InsufficientPasswordHashFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `InsufficientPasswordHashFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "InsufficientPasswordHash" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql index a40689f41dfd..1cfc3111ad91 100644 --- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql +++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql @@ -12,9 +12,9 @@ import javascript import semmle.javascript.security.dataflow.InsufficientPasswordHashQuery -import DataFlow::PathGraph +import InsufficientPasswordHashFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from InsufficientPasswordHashFlow::PathNode source, InsufficientPasswordHashFlow::PathNode sink +where InsufficientPasswordHashFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Password from $@ is hashed insecurely.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/test/query-tests/Security/CWE-916/InsufficientPasswordHash.expected b/javascript/ql/test/query-tests/Security/CWE-916/InsufficientPasswordHash.expected index 40cd78138e4a..231a40251383 100644 --- a/javascript/ql/test/query-tests/Security/CWE-916/InsufficientPasswordHash.expected +++ b/javascript/ql/test/query-tests/Security/CWE-916/InsufficientPasswordHash.expected @@ -1,17 +1,9 @@ -nodes -| tst.js:5:48:5:55 | password | -| tst.js:5:48:5:55 | password | -| tst.js:5:48:5:55 | password | -| tst.js:7:46:7:53 | password | -| tst.js:7:46:7:53 | password | -| tst.js:7:46:7:53 | password | -| tst.js:9:43:9:50 | password | -| tst.js:9:43:9:50 | password | -| tst.js:9:43:9:50 | password | edges -| tst.js:5:48:5:55 | password | tst.js:5:48:5:55 | password | -| tst.js:7:46:7:53 | password | tst.js:7:46:7:53 | password | -| tst.js:9:43:9:50 | password | tst.js:9:43:9:50 | password | +nodes +| tst.js:5:48:5:55 | password | semmle.label | password | +| tst.js:7:46:7:53 | password | semmle.label | password | +| tst.js:9:43:9:50 | password | semmle.label | password | +subpaths #select | tst.js:5:48:5:55 | password | tst.js:5:48:5:55 | password | tst.js:5:48:5:55 | password | Password from $@ is hashed insecurely. | tst.js:5:48:5:55 | password | an access to password | | tst.js:7:46:7:53 | password | tst.js:7:46:7:53 | password | tst.js:7:46:7:53 | password | Password from $@ is hashed insecurely. | tst.js:7:46:7:53 | password | an access to password | From 2400af4bc3ed11586a0a50460a59e4da6640aade Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:21:37 +0200 Subject: [PATCH 085/223] JS: Port PostMessageStar --- .../dataflow/PostMessageStarQuery.qll | 24 +++++++++- .../src/Security/CWE-201/PostMessageStar.ql | 6 +-- .../Security/CWE-201/PostMessageStar.expected | 48 +++++++------------ 3 files changed, 43 insertions(+), 35 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll index ae7366146da1..c267c9df8e09 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll @@ -11,7 +11,7 @@ import javascript import PostMessageStarCustomizations::PostMessageStar // Materialize flow labels -private class ConcretePartiallyTaintedObject extends PartiallyTaintedObject { +deprecated private class ConcretePartiallyTaintedObject extends PartiallyTaintedObject { ConcretePartiallyTaintedObject() { this = this } } @@ -26,7 +26,27 @@ private class ConcretePartiallyTaintedObject extends PartiallyTaintedObject { * Additional sources or sinks can be added either by extending the relevant class, or by subclassing * this configuration itself, and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module PostMessageStarConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + isSink(node) and contents = DataFlow::ContentSet::anyProperty() + } +} + +/** + * A taint tracking configuration for cross-window communication with unrestricted origin. + */ +module PostMessageStarFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `PostMessageStarFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "PostMessageStar" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql index 90a3d526db56..71da63e3f50a 100644 --- a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql +++ b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.PostMessageStarQuery -import DataFlow::PathGraph +import PostMessageStarFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PostMessageStarFlow::PathNode source, PostMessageStarFlow::PathNode sink +where PostMessageStarFlow::flowPath(source, sink) select sink.getNode(), source, sink, "$@ is sent to another window without origin restriction.", source.getNode(), "Sensitive data" diff --git a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected index e4c14a2060c6..c5a5a9ac2067 100644 --- a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected +++ b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected @@ -1,34 +1,22 @@ -nodes -| PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:4:7:4:15 | data | -| PostMessageStar2.js:4:14:4:15 | {} | -| PostMessageStar2.js:5:14:5:21 | password | -| PostMessageStar2.js:5:14:5:21 | password | -| PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar.js:1:27:1:34 | userName | -| PostMessageStar.js:1:27:1:34 | userName | -| PostMessageStar.js:1:27:1:34 | userName | edges -| PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:4:14:4:15 | {} | PostMessageStar2.js:4:7:4:15 | data | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:13:27:13:33 | authKey | PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar.js:1:27:1:34 | userName | PostMessageStar.js:1:27:1:34 | userName | +| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:8:29:8:32 | data [foo] | +| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:9:29:9:32 | data [foo] | +| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:4:7:4:15 | data [foo] | +| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | +| PostMessageStar2.js:8:29:8:32 | data [foo] | PostMessageStar2.js:8:29:8:32 | data | +| PostMessageStar2.js:9:29:9:32 | data [foo] | PostMessageStar2.js:9:29:9:36 | data.foo | +nodes +| PostMessageStar2.js:1:27:1:34 | password | semmle.label | password | +| PostMessageStar2.js:4:7:4:15 | data [foo] | semmle.label | data [foo] | +| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | semmle.label | [post update] data [foo] | +| PostMessageStar2.js:5:14:5:21 | password | semmle.label | password | +| PostMessageStar2.js:8:29:8:32 | data | semmle.label | data | +| PostMessageStar2.js:8:29:8:32 | data [foo] | semmle.label | data [foo] | +| PostMessageStar2.js:9:29:9:32 | data [foo] | semmle.label | data [foo] | +| PostMessageStar2.js:9:29:9:36 | data.foo | semmle.label | data.foo | +| PostMessageStar2.js:13:27:13:33 | authKey | semmle.label | authKey | +| PostMessageStar.js:1:27:1:34 | userName | semmle.label | userName | +subpaths #select | PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | $@ is sent to another window without origin restriction. | PostMessageStar2.js:1:27:1:34 | password | Sensitive data | | PostMessageStar2.js:8:29:8:32 | data | PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:8:29:8:32 | data | $@ is sent to another window without origin restriction. | PostMessageStar2.js:5:14:5:21 | password | Sensitive data | From dcc73a7f90c7b7b4c22a36807cac820cebc08aa4 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:21:46 +0200 Subject: [PATCH 086/223] JS: Port RegExpInjection --- .../dataflow/RegExpInjectionQuery.qll | 18 +- .../src/Security/CWE-730/RegExpInjection.ql | 6 +- .../Security/CWE-730/RegExpInjection.expected | 179 +++++++----------- 3 files changed, 87 insertions(+), 116 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll index 00fe3779e12a..476fd9ccd850 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll @@ -13,7 +13,23 @@ import RegExpInjectionCustomizations::RegExpInjection /** * A taint-tracking configuration for untrusted user input used to construct regular expressions. */ -class Configuration extends TaintTracking::Configuration { +module RegExpInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for untrusted user input used to construct regular expressions. + */ +module RegExpInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `RegExpInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "RegExpInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql index 5b679cf1dcf5..4260c5e23eee 100644 --- a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.RegExpInjectionQuery -import DataFlow::PathGraph +import RegExpInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from RegExpInjectionFlow::PathNode source, RegExpInjectionFlow::PathNode sink +where RegExpInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This regular expression is constructed from a $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected b/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected index 391be36fbb90..936d17028e3d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected @@ -1,78 +1,3 @@ -nodes -| RegExpInjection.js:5:7:5:28 | key | -| RegExpInjection.js:5:13:5:28 | req.param("key") | -| RegExpInjection.js:5:13:5:28 | req.param("key") | -| RegExpInjection.js:5:31:5:56 | input | -| RegExpInjection.js:5:39:5:56 | req.param("input") | -| RegExpInjection.js:5:39:5:56 | req.param("input") | -| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | -| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | -| RegExpInjection.js:8:31:8:33 | key | -| RegExpInjection.js:19:14:19:22 | wrap(key) | -| RegExpInjection.js:19:14:19:22 | wrap(key) | -| RegExpInjection.js:19:19:19:21 | key | -| RegExpInjection.js:21:14:21:22 | wrap(key) | -| RegExpInjection.js:21:14:21:22 | wrap(key) | -| RegExpInjection.js:21:19:21:21 | key | -| RegExpInjection.js:24:12:24:27 | req.param("key") | -| RegExpInjection.js:24:12:24:27 | req.param("key") | -| RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:29:21:29:21 | s | -| RegExpInjection.js:29:21:29:21 | s | -| RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:33:12:33:14 | key | -| RegExpInjection.js:34:12:34:19 | getKey() | -| RegExpInjection.js:40:23:40:27 | input | -| RegExpInjection.js:40:23:40:27 | input | -| RegExpInjection.js:41:26:41:30 | input | -| RegExpInjection.js:41:26:41:30 | input | -| RegExpInjection.js:42:25:42:29 | input | -| RegExpInjection.js:42:25:42:29 | input | -| RegExpInjection.js:45:24:45:28 | input | -| RegExpInjection.js:45:24:45:28 | input | -| RegExpInjection.js:46:27:46:31 | input | -| RegExpInjection.js:46:27:46:31 | input | -| RegExpInjection.js:47:26:47:30 | input | -| RegExpInjection.js:47:26:47:30 | input | -| RegExpInjection.js:54:14:54:16 | key | -| RegExpInjection.js:54:14:54:27 | key.split(".") | -| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | -| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | -| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | -| RegExpInjection.js:60:31:60:56 | input | -| RegExpInjection.js:60:39:60:56 | req.param("input") | -| RegExpInjection.js:60:39:60:56 | req.param("input") | -| RegExpInjection.js:64:14:64:18 | input | -| RegExpInjection.js:64:14:64:18 | input | -| RegExpInjection.js:82:7:82:32 | input | -| RegExpInjection.js:82:15:82:32 | req.param("input") | -| RegExpInjection.js:82:15:82:32 | req.param("input") | -| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | -| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | -| RegExpInjection.js:87:25:87:29 | input | -| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | -| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | -| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | -| RegExpInjection.js:91:20:91:30 | process.env | -| RegExpInjection.js:91:20:91:30 | process.env | -| RegExpInjection.js:91:20:91:35 | process.env.HOME | -| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | -| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | -| RegExpInjection.js:93:20:93:31 | process.argv | -| RegExpInjection.js:93:20:93:31 | process.argv | -| RegExpInjection.js:93:20:93:34 | process.argv[1] | -| tst.js:1:46:1:46 | e | -| tst.js:1:46:1:46 | e | -| tst.js:2:9:2:21 | data | -| tst.js:2:16:2:16 | e | -| tst.js:2:16:2:21 | e.data | -| tst.js:3:16:3:35 | "^"+ data.name + "$" | -| tst.js:3:16:3:35 | "^"+ data.name + "$" | -| tst.js:3:21:3:24 | data | -| tst.js:3:21:3:29 | data.name | edges | RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:8:31:8:33 | key | | RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:19:19:19:21 | key | @@ -80,69 +5,99 @@ edges | RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:33:12:33:14 | key | | RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:54:14:54:16 | key | | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key | -| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key | | RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input | | RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input | | RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input | | RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input | | RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input | | RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input | -| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input | | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input | | RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | -| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | +| RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:26:11:26 | s | +| RegExpInjection.js:11:20:11:27 | wrap2(s) | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | +| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:11:20:11:27 | wrap2(s) | +| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:14:18:14:18 | s | +| RegExpInjection.js:14:18:14:18 | s | RegExpInjection.js:15:12:15:12 | s | +| RegExpInjection.js:15:12:15:12 | s | RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | +| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:10:17:10:17 | s | | RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) | -| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) | -| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) | +| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:10:17:10:17 | s | | RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) | | RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | | RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() | -| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | | RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | | RegExpInjection.js:33:12:33:14 | key | RegExpInjection.js:29:21:29:21 | s | | RegExpInjection.js:34:12:34:19 | getKey() | RegExpInjection.js:29:21:29:21 | s | | RegExpInjection.js:54:14:54:16 | key | RegExpInjection.js:54:14:54:27 | key.split(".") | | RegExpInjection.js:54:14:54:27 | key.split(".") | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | -| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | | RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input | -| RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input | -| RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input | | RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input | | RegExpInjection.js:82:7:82:32 | input | RegExpInjection.js:87:25:87:29 | input | | RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:82:7:82:32 | input | -| RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:82:7:82:32 | input | | RegExpInjection.js:87:25:87:29 | input | RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | | RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | -| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | -| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:20:91:35 | process.env.HOME | -| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:20:91:35 | process.env.HOME | -| RegExpInjection.js:91:20:91:35 | process.env.HOME | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | -| RegExpInjection.js:91:20:91:35 | process.env.HOME | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | -| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:20:93:34 | process.argv[1] | -| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:20:93:34 | process.argv[1] | -| RegExpInjection.js:93:20:93:34 | process.argv[1] | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | -| RegExpInjection.js:93:20:93:34 | process.argv[1] | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | -| tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e | +| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | +| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | | tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e | | tst.js:2:9:2:21 | data | tst.js:3:21:3:24 | data | -| tst.js:2:16:2:16 | e | tst.js:2:16:2:21 | e.data | -| tst.js:2:16:2:21 | e.data | tst.js:2:9:2:21 | data | -| tst.js:3:21:3:24 | data | tst.js:3:21:3:29 | data.name | -| tst.js:3:21:3:29 | data.name | tst.js:3:16:3:35 | "^"+ data.name + "$" | -| tst.js:3:21:3:29 | data.name | tst.js:3:16:3:35 | "^"+ data.name + "$" | +| tst.js:2:16:2:16 | e | tst.js:2:9:2:21 | data | +| tst.js:3:21:3:24 | data | tst.js:3:16:3:35 | "^"+ data.name + "$" | +nodes +| RegExpInjection.js:5:7:5:28 | key | semmle.label | key | +| RegExpInjection.js:5:13:5:28 | req.param("key") | semmle.label | req.param("key") | +| RegExpInjection.js:5:31:5:56 | input | semmle.label | input | +| RegExpInjection.js:5:39:5:56 | req.param("input") | semmle.label | req.param("input") | +| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | semmle.label | "\\\\b" + ... (.*)\\n" | +| RegExpInjection.js:8:31:8:33 | key | semmle.label | key | +| RegExpInjection.js:10:17:10:17 | s | semmle.label | s | +| RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | semmle.label | "\\\\b" + wrap2(s) | +| RegExpInjection.js:11:20:11:27 | wrap2(s) | semmle.label | wrap2(s) | +| RegExpInjection.js:11:26:11:26 | s | semmle.label | s | +| RegExpInjection.js:14:18:14:18 | s | semmle.label | s | +| RegExpInjection.js:15:12:15:12 | s | semmle.label | s | +| RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | semmle.label | s + "=(.*)\\n" | +| RegExpInjection.js:19:14:19:22 | wrap(key) | semmle.label | wrap(key) | +| RegExpInjection.js:19:19:19:21 | key | semmle.label | key | +| RegExpInjection.js:21:14:21:22 | wrap(key) | semmle.label | wrap(key) | +| RegExpInjection.js:21:19:21:21 | key | semmle.label | key | +| RegExpInjection.js:24:12:24:27 | req.param("key") | semmle.label | req.param("key") | +| RegExpInjection.js:27:14:27:21 | getKey() | semmle.label | getKey() | +| RegExpInjection.js:29:21:29:21 | s | semmle.label | s | +| RegExpInjection.js:31:23:31:23 | s | semmle.label | s | +| RegExpInjection.js:33:12:33:14 | key | semmle.label | key | +| RegExpInjection.js:34:12:34:19 | getKey() | semmle.label | getKey() | +| RegExpInjection.js:40:23:40:27 | input | semmle.label | input | +| RegExpInjection.js:41:26:41:30 | input | semmle.label | input | +| RegExpInjection.js:42:25:42:29 | input | semmle.label | input | +| RegExpInjection.js:45:24:45:28 | input | semmle.label | input | +| RegExpInjection.js:46:27:46:31 | input | semmle.label | input | +| RegExpInjection.js:47:26:47:30 | input | semmle.label | input | +| RegExpInjection.js:54:14:54:16 | key | semmle.label | key | +| RegExpInjection.js:54:14:54:27 | key.split(".") | semmle.label | key.split(".") | +| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | semmle.label | key.spl ... x => x) | +| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | semmle.label | key.spl ... in("-") | +| RegExpInjection.js:60:31:60:56 | input | semmle.label | input | +| RegExpInjection.js:60:39:60:56 | req.param("input") | semmle.label | req.param("input") | +| RegExpInjection.js:64:14:64:18 | input | semmle.label | input | +| RegExpInjection.js:82:7:82:32 | input | semmle.label | input | +| RegExpInjection.js:82:15:82:32 | req.param("input") | semmle.label | req.param("input") | +| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | semmle.label | "^.*\\.( ... + ")$" | +| RegExpInjection.js:87:25:87:29 | input | semmle.label | input | +| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | semmle.label | input.r ... g, "\|") | +| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | semmle.label | `^${pro ... r.app$` | +| RegExpInjection.js:91:20:91:30 | process.env | semmle.label | process.env | +| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | semmle.label | `^${pro ... r.app$` | +| RegExpInjection.js:93:20:93:31 | process.argv | semmle.label | process.argv | +| tst.js:1:46:1:46 | e | semmle.label | e | +| tst.js:2:9:2:21 | data | semmle.label | data | +| tst.js:2:16:2:16 | e | semmle.label | e | +| tst.js:3:16:3:35 | "^"+ data.name + "$" | semmle.label | "^"+ data.name + "$" | +| tst.js:3:21:3:24 | data | semmle.label | data | +subpaths +| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:14:18:14:18 | s | RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | RegExpInjection.js:11:20:11:27 | wrap2(s) | +| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:19:14:19:22 | wrap(key) | +| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:21:14:21:22 | wrap(key) | #select | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value | | RegExpInjection.js:19:14:19:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:19:14:19:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value | From b9bd0520e27799810cf7fff8ad3cea232f5d2784 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:21:55 +0200 Subject: [PATCH 087/223] JS: Port RemotePropertyInjection --- .../dataflow/RemotePropertyInjectionQuery.qll | 21 +++++++- .../CWE-400/RemotePropertyInjection.ql | 6 +-- .../RemotePropertyInjection.expected | 48 +++++++++---------- 3 files changed, 46 insertions(+), 29 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll index 83422e8f0dea..d3cbfeb8268d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll @@ -14,7 +14,26 @@ import RemotePropertyInjectionCustomizations::RemotePropertyInjection /** * A taint-tracking configuration for reasoning about remote property injection. */ -class Configuration extends TaintTracking::Configuration { +module RemotePropertyInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = StringConcatenation::getRoot(any(ConstantString str).flow()) + } +} + +/** + * Taint-tracking for reasoning about remote property injection. + */ +module RemotePropertyInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `RemotePropertyInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "RemotePropertyInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql index 287b196feff8..92d18b3f1a27 100644 --- a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.RemotePropertyInjectionQuery -import DataFlow::PathGraph +import RemotePropertyInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from RemotePropertyInjectionFlow::PathNode source, RemotePropertyInjectionFlow::PathNode sink +where RemotePropertyInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, sink.getNode().(Sink).getMessage() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected b/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected index 7907cc417260..d6d347c996d0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected @@ -1,37 +1,35 @@ -nodes -| tst.js:8:6:8:52 | prop | -| tst.js:8:13:8:52 | myCoolL ... rolled) | -| tst.js:8:28:8:51 | req.que ... trolled | -| tst.js:8:28:8:51 | req.que ... trolled | -| tst.js:9:8:9:11 | prop | -| tst.js:9:8:9:11 | prop | -| tst.js:13:15:13:18 | prop | -| tst.js:13:15:13:18 | prop | -| tst.js:14:31:14:34 | prop | -| tst.js:14:31:14:34 | prop | -| tst.js:16:10:16:13 | prop | -| tst.js:16:10:16:13 | prop | -| tstNonExpr.js:5:7:5:23 | userVal | -| tstNonExpr.js:5:17:5:23 | req.url | -| tstNonExpr.js:5:17:5:23 | req.url | -| tstNonExpr.js:8:17:8:23 | userVal | -| tstNonExpr.js:8:17:8:23 | userVal | edges | tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop | -| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop | -| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop | | tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop | | tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop | -| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop | -| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | | tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | | tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop | | tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | -| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | -| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | +| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | +| tst.js:21:25:21:25 | x | tst.js:22:15:22:15 | x | +| tst.js:22:6:22:15 | result | tst.js:23:9:23:14 | result | +| tst.js:22:15:22:15 | x | tst.js:22:6:22:15 | result | +| tst.js:23:9:23:14 | result | tst.js:23:9:23:42 | result. ... length) | | tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | | tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | -| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | +nodes +| tst.js:8:6:8:52 | prop | semmle.label | prop | +| tst.js:8:13:8:52 | myCoolL ... rolled) | semmle.label | myCoolL ... rolled) | +| tst.js:8:28:8:51 | req.que ... trolled | semmle.label | req.que ... trolled | +| tst.js:9:8:9:11 | prop | semmle.label | prop | +| tst.js:13:15:13:18 | prop | semmle.label | prop | +| tst.js:14:31:14:34 | prop | semmle.label | prop | +| tst.js:16:10:16:13 | prop | semmle.label | prop | +| tst.js:21:25:21:25 | x | semmle.label | x | +| tst.js:22:6:22:15 | result | semmle.label | result | +| tst.js:22:15:22:15 | x | semmle.label | x | +| tst.js:23:9:23:14 | result | semmle.label | result | +| tst.js:23:9:23:42 | result. ... length) | semmle.label | result. ... length) | +| tstNonExpr.js:5:7:5:23 | userVal | semmle.label | userVal | +| tstNonExpr.js:5:17:5:23 | req.url | semmle.label | req.url | +| tstNonExpr.js:8:17:8:23 | userVal | semmle.label | userVal | +subpaths +| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | tst.js:23:9:23:42 | result. ... length) | tst.js:8:13:8:52 | myCoolL ... rolled) | #select | tst.js:9:8:9:11 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:9:8:9:11 | prop | A property name to write to depends on a $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value | | tst.js:13:15:13:18 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:13:15:13:18 | prop | A property name to write to depends on a $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value | From 4af76943098cafa146414806cf15beefb444822b Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:22:04 +0200 Subject: [PATCH 088/223] JS: Port ResourceExhaustion --- .../ResourceExhaustionCustomizations.qll | 15 +++ .../dataflow/ResourceExhaustionQuery.qll | 30 ++++- .../Security/CWE-770/ResourceExhaustion.ql | 6 +- .../ResourceExhaustion.expected | 119 ++++++------------ 4 files changed, 80 insertions(+), 90 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll index 8307c1f6f939..a26d4a2e9a58 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll @@ -31,6 +31,21 @@ module ResourceExhaustion { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for resource exhaustion vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** A source of remote user input, considered as a data flow source for resource exhaustion vulnerabilities. */ class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { RemoteFlowSourceAsSource() { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll index 366d1db69732..01cab9497413 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll @@ -13,7 +13,31 @@ import ResourceExhaustionCustomizations::ResourceExhaustion /** * A data flow configuration for resource exhaustion vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module ResourceExhaustionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = any(DataFlow::PropRead read | read.getPropertyName() = "length") or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node dst) { + isNumericFlowStep(src, dst) + } +} + +/** + * Data flow for resource exhaustion vulnerabilities. + */ +module ResourceExhaustionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ResourceExhaustionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ResourceExhaustion" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -49,10 +73,10 @@ predicate isNumericFlowStep(DataFlow::Node src, DataFlow::Node dst) { /** * A sanitizer that blocks taint flow if the size of a number is limited. */ -class UpperBoundsCheckSanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { +class UpperBoundsCheckSanitizerGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override RelationalComparison astNode; - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { true = outcome and e = astNode.getLesserOperand() or diff --git a/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql b/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql index 4a32424ac3ea..89452bea8ca2 100644 --- a/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql +++ b/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql @@ -13,10 +13,10 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.ResourceExhaustionQuery +import ResourceExhaustionFlow::PathGraph -from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink -where dataflow.hasFlowPath(source, sink) +from ResourceExhaustionFlow::PathNode source, ResourceExhaustionFlow::PathNode sink +where ResourceExhaustionFlow::flowPath(source, sink) select sink, source, sink, sink.getNode().(Sink).getProblemDescription() + " from a $@.", source, "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected b/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected index 1c8a7172c6d1..f3b767c64b4a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected +++ b/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected @@ -1,115 +1,66 @@ -nodes -| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | -| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | -| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | -| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | -| resource-exhaustion.js:5:7:5:42 | s | -| resource-exhaustion.js:5:11:5:34 | url.par ... , true) | -| resource-exhaustion.js:5:11:5:40 | url.par ... ).query | -| resource-exhaustion.js:5:11:5:42 | url.par ... query.s | -| resource-exhaustion.js:5:21:5:27 | req.url | -| resource-exhaustion.js:5:21:5:27 | req.url | -| resource-exhaustion.js:6:7:6:21 | n | -| resource-exhaustion.js:6:11:6:21 | parseInt(s) | -| resource-exhaustion.js:6:20:6:20 | s | -| resource-exhaustion.js:14:16:14:16 | n | -| resource-exhaustion.js:14:16:14:16 | n | -| resource-exhaustion.js:15:22:15:22 | n | -| resource-exhaustion.js:15:22:15:22 | n | -| resource-exhaustion.js:16:26:16:26 | n | -| resource-exhaustion.js:16:26:16:26 | n | -| resource-exhaustion.js:20:20:20:20 | n | -| resource-exhaustion.js:20:20:20:20 | n | -| resource-exhaustion.js:22:18:22:18 | n | -| resource-exhaustion.js:22:18:22:18 | n | -| resource-exhaustion.js:27:9:27:9 | n | -| resource-exhaustion.js:27:9:27:9 | n | -| resource-exhaustion.js:28:13:28:13 | n | -| resource-exhaustion.js:28:13:28:13 | n | -| resource-exhaustion.js:29:9:29:9 | n | -| resource-exhaustion.js:29:9:29:9 | n | -| resource-exhaustion.js:30:9:30:9 | n | -| resource-exhaustion.js:30:9:30:9 | n | -| resource-exhaustion.js:31:9:31:9 | n | -| resource-exhaustion.js:31:9:31:9 | n | -| resource-exhaustion.js:32:9:32:9 | n | -| resource-exhaustion.js:32:9:32:9 | n | -| resource-exhaustion.js:34:12:34:12 | n | -| resource-exhaustion.js:34:12:34:12 | n | -| resource-exhaustion.js:35:12:35:12 | s | -| resource-exhaustion.js:35:12:35:12 | s | -| resource-exhaustion.js:81:17:81:17 | n | -| resource-exhaustion.js:81:17:81:17 | n | -| resource-exhaustion.js:82:17:82:17 | s | -| resource-exhaustion.js:82:17:82:17 | s | -| resource-exhaustion.js:83:18:83:18 | n | -| resource-exhaustion.js:83:18:83:18 | n | -| resource-exhaustion.js:84:18:84:18 | s | -| resource-exhaustion.js:84:18:84:18 | s | -| resource-exhaustion.js:88:16:88:16 | n | -| resource-exhaustion.js:88:16:88:16 | n | -| resource-exhaustion.js:92:18:92:18 | n | -| resource-exhaustion.js:92:18:92:18 | n | edges | documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | | documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | +| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | | documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | -| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | | resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:6:20:6:20 | s | | resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:35:12:35:12 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:35:12:35:12 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:82:17:82:17 | s | | resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:82:17:82:17 | s | | resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:84:18:84:18 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:84:18:84:18 | s | -| resource-exhaustion.js:5:11:5:34 | url.par ... , true) | resource-exhaustion.js:5:11:5:40 | url.par ... ).query | -| resource-exhaustion.js:5:11:5:40 | url.par ... ).query | resource-exhaustion.js:5:11:5:42 | url.par ... query.s | -| resource-exhaustion.js:5:11:5:42 | url.par ... query.s | resource-exhaustion.js:5:7:5:42 | s | +| resource-exhaustion.js:5:11:5:34 | url.par ... , true) | resource-exhaustion.js:5:7:5:42 | s | | resource-exhaustion.js:5:21:5:27 | req.url | resource-exhaustion.js:5:11:5:34 | url.par ... , true) | -| resource-exhaustion.js:5:21:5:27 | req.url | resource-exhaustion.js:5:11:5:34 | url.par ... , true) | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:14:16:14:16 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:14:16:14:16 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:15:22:15:22 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:15:22:15:22 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:16:26:16:26 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:16:26:16:26 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:20:20:20:20 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:20:20:20:20 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:22:18:22:18 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:22:18:22:18 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:27:9:27:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:27:9:27:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:28:13:28:13 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:28:13:28:13 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:29:9:29:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:29:9:29:9 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:30:9:30:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:30:9:30:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:31:9:31:9 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:31:9:31:9 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:32:9:32:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:32:9:32:9 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:34:12:34:12 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:34:12:34:12 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:81:17:81:17 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:81:17:81:17 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:83:18:83:18 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:83:18:83:18 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:88:16:88:16 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:88:16:88:16 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:92:18:92:18 | n | | resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:92:18:92:18 | n | | resource-exhaustion.js:6:11:6:21 | parseInt(s) | resource-exhaustion.js:6:7:6:21 | n | | resource-exhaustion.js:6:20:6:20 | s | resource-exhaustion.js:6:11:6:21 | parseInt(s) | +nodes +| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | semmle.label | delay | +| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | semmle.label | parseIn ... .delay) | +| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | semmle.label | url.par ... , true) | +| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | semmle.label | url.par ... y.delay | +| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | semmle.label | req.url | +| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | semmle.label | delay | +| resource-exhaustion.js:5:7:5:42 | s | semmle.label | s | +| resource-exhaustion.js:5:11:5:34 | url.par ... , true) | semmle.label | url.par ... , true) | +| resource-exhaustion.js:5:21:5:27 | req.url | semmle.label | req.url | +| resource-exhaustion.js:6:7:6:21 | n | semmle.label | n | +| resource-exhaustion.js:6:11:6:21 | parseInt(s) | semmle.label | parseInt(s) | +| resource-exhaustion.js:6:20:6:20 | s | semmle.label | s | +| resource-exhaustion.js:14:16:14:16 | n | semmle.label | n | +| resource-exhaustion.js:15:22:15:22 | n | semmle.label | n | +| resource-exhaustion.js:16:26:16:26 | n | semmle.label | n | +| resource-exhaustion.js:20:20:20:20 | n | semmle.label | n | +| resource-exhaustion.js:22:18:22:18 | n | semmle.label | n | +| resource-exhaustion.js:27:9:27:9 | n | semmle.label | n | +| resource-exhaustion.js:28:13:28:13 | n | semmle.label | n | +| resource-exhaustion.js:29:9:29:9 | n | semmle.label | n | +| resource-exhaustion.js:30:9:30:9 | n | semmle.label | n | +| resource-exhaustion.js:31:9:31:9 | n | semmle.label | n | +| resource-exhaustion.js:32:9:32:9 | n | semmle.label | n | +| resource-exhaustion.js:34:12:34:12 | n | semmle.label | n | +| resource-exhaustion.js:35:12:35:12 | s | semmle.label | s | +| resource-exhaustion.js:81:17:81:17 | n | semmle.label | n | +| resource-exhaustion.js:82:17:82:17 | s | semmle.label | s | +| resource-exhaustion.js:83:18:83:18 | n | semmle.label | n | +| resource-exhaustion.js:84:18:84:18 | s | semmle.label | s | +| resource-exhaustion.js:88:16:88:16 | n | semmle.label | n | +| resource-exhaustion.js:92:18:92:18 | n | semmle.label | n | +subpaths #select | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | This creates a timer with a user-controlled duration from a $@. | documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | user-provided value | | resource-exhaustion.js:14:16:14:16 | n | resource-exhaustion.js:5:21:5:27 | req.url | resource-exhaustion.js:14:16:14:16 | n | This creates a buffer with a user-controlled size from a $@. | resource-exhaustion.js:5:21:5:27 | req.url | user-provided value | From 06835a800cd7f17394a08a9cce3b96806b04e384 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:22:40 +0200 Subject: [PATCH 089/223] JS: Port SecondOrderCommandInjection --- ...ondOrderCommandInjectionCustomizations.qll | 34 +++++++++--- .../SecondOrderCommandInjectionQuery.qll | 46 +++++++++++++++- .../CWE-078/SecondOrderCommandInjection.ql | 9 ++-- .../SecondOrderCommandInjection.expected | 53 +++++-------------- 4 files changed, 93 insertions(+), 49 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll index c405dec31f78..95a363bfa175 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll @@ -83,6 +83,30 @@ module SecondOrderCommandInjection { abstract string getVulnerableArgumentExample(); } + /** + * A barrier guard for second order command-injection vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** * A sink that invokes a command described by the `VulnerableCommand` class. */ @@ -190,9 +214,8 @@ module SecondOrderCommandInjection { /** * A sanitizer that blocks flow when a string is tested to start with a certain prefix. */ - class PrefixStringSanitizer extends TaintTracking::SanitizerGuardNode instanceof StringOps::StartsWith - { - override predicate sanitizes(boolean outcome, Expr e) { + class PrefixStringSanitizer extends BarrierGuardLegacy instanceof StringOps::StartsWith { + override predicate blocksExpr(boolean outcome, Expr e) { e = super.getBaseString().asExpr() and outcome = super.getPolarity() } @@ -201,11 +224,10 @@ module SecondOrderCommandInjection { /** * A sanitizer that blocks flow when a string does not start with "--" */ - class DoubleDashSanitizer extends TaintTracking::SanitizerGuardNode instanceof StringOps::StartsWith - { + class DoubleDashSanitizer extends BarrierGuardLegacy instanceof StringOps::StartsWith { DoubleDashSanitizer() { super.getSubstring().mayHaveStringValue("--") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = super.getBaseString().asExpr() and outcome = super.getPolarity().booleanNot() } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll index fc10cd30c716..86045d167f15 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll @@ -14,7 +14,51 @@ private import semmle.javascript.security.TaintedObject /** * A taint-tracking configuration for reasoning about second order command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module SecondOrderCommandInjectionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getALabel() = label + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink.(Sink).getALabel() = label + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + TaintTracking::defaultSanitizer(node) and + label.isTaint() + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) + or + node = TaintedObject::SanitizerGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node trg, DataFlow::FlowLabel outlbl + ) { + TaintedObject::step(src, trg, inlbl, outlbl) + or + inlbl.isTaint() and + TaintTracking::defaultTaintStep(src, trg) and + inlbl = outlbl + } +} + +/** + * Taint-tracking for reasoning about second order command-injection vulnerabilities. + */ +module SecondOrderCommandInjectionFlow = + DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `SecondOrderCommandInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "SecondOrderCommandInjection" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql b/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql index deb792a53ee3..47f9e02d3885 100644 --- a/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql @@ -14,11 +14,14 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.SecondOrderCommandInjectionQuery +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode() +from PathNode source, PathNode sink, Sink sinkNode +where + SecondOrderCommandInjectionFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) and + sinkNode = sink.getNode() select sink.getNode(), source, sink, "Command line argument that depends on $@ can execute an arbitrary command if " + sinkNode.getVulnerableArgumentExample() + " is used with " + sinkNode.getCommand() + ".", diff --git a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected index 653a4dcff9be..8f18ce1aa09d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected @@ -1,51 +1,26 @@ nodes -| second-order.js:6:9:6:33 | remote | -| second-order.js:6:18:6:33 | req.query.remote | -| second-order.js:6:18:6:33 | req.query.remote | -| second-order.js:7:33:7:38 | remote | -| second-order.js:7:33:7:38 | remote | -| second-order.js:9:29:9:34 | remote | -| second-order.js:9:29:9:34 | remote | -| second-order.js:11:33:11:38 | remote | -| second-order.js:11:33:11:38 | remote | -| second-order.js:13:9:13:31 | myArgs | -| second-order.js:13:18:13:31 | req.query.args | -| second-order.js:13:18:13:31 | req.query.args | -| second-order.js:15:19:15:24 | myArgs | -| second-order.js:15:19:15:24 | myArgs | -| second-order.js:26:35:26:40 | remote | -| second-order.js:26:35:26:40 | remote | -| second-order.js:29:19:29:32 | req.query.args | -| second-order.js:29:19:29:32 | req.query.args | -| second-order.js:29:19:29:32 | req.query.args | -| second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:44:18:44:31 | req.query.args | -| second-order.js:44:18:44:31 | req.query.args | -| second-order.js:44:18:44:31 | req.query.args | +| second-order.js:6:9:6:33 | remote | semmle.label | remote | +| second-order.js:6:18:6:33 | req.query.remote | semmle.label | req.query.remote | +| second-order.js:7:33:7:38 | remote | semmle.label | remote | +| second-order.js:9:29:9:34 | remote | semmle.label | remote | +| second-order.js:11:33:11:38 | remote | semmle.label | remote | +| second-order.js:13:9:13:31 | myArgs | semmle.label | myArgs | +| second-order.js:13:18:13:31 | req.query.args | semmle.label | req.query.args | +| second-order.js:15:19:15:24 | myArgs | semmle.label | myArgs | +| second-order.js:26:35:26:40 | remote | semmle.label | remote | +| second-order.js:29:19:29:32 | req.query.args | semmle.label | req.query.args | +| second-order.js:40:28:40:43 | req.query.remote | semmle.label | req.query.remote | +| second-order.js:42:31:42:46 | req.query.remote | semmle.label | req.query.remote | +| second-order.js:44:18:44:31 | req.query.args | semmle.label | req.query.args | edges | second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | | second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | | second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | | second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | | second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | -| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | -| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | | second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | | second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | -| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | -| second-order.js:29:19:29:32 | req.query.args | second-order.js:29:19:29:32 | req.query.args | -| second-order.js:40:28:40:43 | req.query.remote | second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:44:18:44:31 | req.query.args | second-order.js:44:18:44:31 | req.query.args | +subpaths #select | second-order.js:7:33:7:38 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:7:33:7:38 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | | second-order.js:9:29:9:34 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:9:29:9:34 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | From d446444667ad773b52182631038a36b5e0db3e00 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:23:18 +0200 Subject: [PATCH 090/223] JS: Port ShellCommandInjectionFromEnvironment --- ...llCommandInjectionFromEnvironmentQuery.qll | 26 ++++++++++++++- .../ShellCommandInjectionFromEnvironment.ql | 11 ++++--- ...llCommandInjectionFromEnvironment.expected | 33 +++++++------------ 3 files changed, 42 insertions(+), 28 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll index 6e0cff12efff..8d04d283c002 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll @@ -14,7 +14,31 @@ import IndirectCommandArgument /** * A taint-tracking configuration for reasoning about command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module ShellCommandInjectionFromEnvironmentConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + /** Holds if `sink` is a command-injection sink with `highlight` as the corresponding alert location. */ + additional predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { + sink instanceof Sink and highlight = sink + or + isIndirectCommandArgument(sink, highlight) + } + + predicate isSink(DataFlow::Node sink) { isSinkWithHighlight(sink, _) } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about command-injection vulnerabilities. + */ +module ShellCommandInjectionFromEnvironmentFlow = + TaintTracking::Global; + +/** + * DEPRECATED. Use the `ShellCommandInjectionFromEnvironmentFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ShellCommandInjectionFromEnvironment" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql b/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql index cad1039814cb..2fbb8187057d 100644 --- a/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql +++ b/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql @@ -14,17 +14,18 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentQuery +import ShellCommandInjectionFromEnvironmentFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight, + ShellCommandInjectionFromEnvironmentFlow::PathNode source, + ShellCommandInjectionFromEnvironmentFlow::PathNode sink, DataFlow::Node highlight, Source sourceNode where sourceNode = source.getNode() and - cfg.hasFlowPath(source, sink) and - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + ShellCommandInjectionFromEnvironmentFlow::flowPath(source, sink) and + if ShellCommandInjectionFromEnvironmentConfig::isSinkWithHighlight(sink.getNode(), _) + then ShellCommandInjectionFromEnvironmentConfig::isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() select highlight, source, sink, "This shell command depends on an uncontrolled $@.", sourceNode, sourceNode.getSourceType() diff --git a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected index 7bea597fc28e..c231dc9d8854 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected @@ -1,32 +1,21 @@ -nodes -| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | -| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | -| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | edges | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | | tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | +nodes +| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") | +| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | semmle.label | __dirname | +| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") | +| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | semmle.label | __dirname | +| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") | +| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | semmle.label | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | semmle.label | __dirname | +subpaths #select | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | absolute path | | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | absolute path | From 63343b1ba4106e0147203f999e2e4b0d1a832514 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:23:28 +0200 Subject: [PATCH 091/223] JS: Port StackTraceExposure --- .../dataflow/StackTraceExposureQuery.qll | 32 ++++++++++++++---- .../Security/CWE-209/StackTraceExposure.ql | 6 ++-- .../CWE-209/StackTraceExposure.expected | 33 +++++++------------ 3 files changed, 39 insertions(+), 32 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll index 4350fbab0615..cb05f91c7278 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll @@ -14,14 +14,10 @@ import StackTraceExposureCustomizations::StackTraceExposure * A taint-tracking configuration for reasoning about stack trace * exposure problems. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "StackTraceExposure" } - - override predicate isSource(DataFlow::Node src) { src instanceof Source } +module StackTraceExposureConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src instanceof Source } - override predicate isSanitizer(DataFlow::Node nd) { - super.isSanitizer(nd) - or + predicate isBarrier(DataFlow::Node nd) { // read of a property other than `stack` nd.(DataFlow::PropRead).getPropertyName() != "stack" or @@ -31,5 +27,27 @@ class Configuration extends TaintTracking::Configuration { nd = StringConcatenation::getAnOperand(_) } + predicate isSink(DataFlow::Node snk) { snk instanceof Sink } +} + +/** + * Taint-tracking for reasoning about stack trace exposure problems. + */ +module StackTraceExposureFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `StackTraceExposureFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "StackTraceExposure" } + + override predicate isSource(DataFlow::Node src) { src instanceof Source } + + override predicate isSanitizer(DataFlow::Node nd) { + super.isSanitizer(nd) + or + StackTraceExposureConfig::isBarrier(nd) + } + override predicate isSink(DataFlow::Node snk) { snk instanceof Sink } } diff --git a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql index 8342dea6e728..b6bf246387ce 100644 --- a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.StackTraceExposureQuery -import DataFlow::PathGraph +import StackTraceExposureFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StackTraceExposureFlow::PathNode source, StackTraceExposureFlow::PathNode sink +where StackTraceExposureFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This information exposed to the user depends on $@.", source.getNode(), "stack trace information" diff --git a/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected b/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected index d649d3b8a640..4a14ef0aaa6e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected +++ b/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected @@ -1,33 +1,22 @@ -nodes -| node.js:8:10:8:12 | err | -| node.js:8:10:8:12 | err | -| node.js:11:13:11:15 | err | -| node.js:11:13:11:21 | err.stack | -| node.js:11:13:11:21 | err.stack | -| tst.js:6:12:6:12 | e | -| tst.js:6:12:6:12 | e | -| tst.js:7:13:7:13 | e | -| tst.js:7:13:7:13 | e | -| tst.js:8:15:8:15 | e | -| tst.js:16:20:16:20 | e | -| tst.js:17:11:17:11 | e | -| tst.js:17:11:17:17 | e.stack | -| tst.js:17:11:17:17 | e.stack | edges | node.js:8:10:8:12 | err | node.js:11:13:11:15 | err | -| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err | -| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack | | node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack | | tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e | | tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e | | tst.js:8:15:8:15 | e | tst.js:16:20:16:20 | e | | tst.js:16:20:16:20 | e | tst.js:17:11:17:11 | e | | tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack | -| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack | +nodes +| node.js:8:10:8:12 | err | semmle.label | err | +| node.js:11:13:11:15 | err | semmle.label | err | +| node.js:11:13:11:21 | err.stack | semmle.label | err.stack | +| tst.js:6:12:6:12 | e | semmle.label | e | +| tst.js:7:13:7:13 | e | semmle.label | e | +| tst.js:8:15:8:15 | e | semmle.label | e | +| tst.js:16:20:16:20 | e | semmle.label | e | +| tst.js:17:11:17:11 | e | semmle.label | e | +| tst.js:17:11:17:17 | e.stack | semmle.label | e.stack | +subpaths #select | node.js:11:13:11:21 | err.stack | node.js:8:10:8:12 | err | node.js:11:13:11:21 | err.stack | This information exposed to the user depends on $@. | node.js:8:10:8:12 | err | stack trace information | | tst.js:7:13:7:13 | e | tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | This information exposed to the user depends on $@. | tst.js:6:12:6:12 | e | stack trace information | From 51624c02a2f4149eb2096bb3a72dc5b3f6f5c641 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:23:36 +0200 Subject: [PATCH 092/223] JS: Port TaintedFormatString --- .../dataflow/TaintedFormatStringQuery.qll | 18 ++- .../Security/CWE-134/TaintedFormatString.ql | 6 +- .../CWE-134/TaintedFormatString.expected | 103 ++++-------------- 3 files changed, 42 insertions(+), 85 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll index 0475999ed3c9..b10088af82ee 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll @@ -13,7 +13,23 @@ private import TaintedFormatStringCustomizations::TaintedFormatString /** * A taint-tracking configuration for format injections. */ -class Configuration extends TaintTracking::Configuration { +module TaintedFormatStringConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for format injections. + */ +module TaintedFormatStringFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `TaintedFormatStringFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "TaintedFormatString" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql index 0a595e7e05f9..1f315244cbee 100644 --- a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -12,9 +12,9 @@ import javascript import semmle.javascript.security.dataflow.TaintedFormatStringQuery -import DataFlow::PathGraph +import TaintedFormatStringFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from TaintedFormatStringFlow::PathNode source, TaintedFormatStringFlow::PathNode sink +where TaintedFormatStringFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Format string depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected b/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected index 856b4edf80a7..8a3688cad56c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected +++ b/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected @@ -1,85 +1,26 @@ -nodes -| tst.js:5:15:5:30 | req.query.format | -| tst.js:5:15:5:30 | req.query.format | -| tst.js:5:15:5:30 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | edges -| tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | tst.js:7:15:7:30 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | tst.js:8:17:8:32 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | tst.js:9:16:9:31 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | tst.js:10:12:10:27 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | tst.js:11:32:11:47 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | tst.js:12:21:12:36 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | tst.js:13:35:13:50 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | tst.js:14:29:14:44 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | tst.js:15:30:15:45 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | tst.js:16:26:16:41 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | tst.js:17:30:17:45 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | tst.js:18:38:18:53 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | tst.js:20:17:20:32 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | tst.js:21:16:21:31 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | tst.js:22:17:22:32 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | tst.js:24:25:24:40 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | tst.js:25:33:25:48 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | tst.js:26:34:26:49 | req.query.format | +nodes +| tst.js:5:15:5:30 | req.query.format | semmle.label | req.query.format | +| tst.js:6:26:6:41 | req.query.format | semmle.label | req.query.format | +| tst.js:7:15:7:30 | req.query.format | semmle.label | req.query.format | +| tst.js:8:17:8:32 | req.query.format | semmle.label | req.query.format | +| tst.js:9:16:9:31 | req.query.format | semmle.label | req.query.format | +| tst.js:10:12:10:27 | req.query.format | semmle.label | req.query.format | +| tst.js:11:32:11:47 | req.query.format | semmle.label | req.query.format | +| tst.js:12:21:12:36 | req.query.format | semmle.label | req.query.format | +| tst.js:13:35:13:50 | req.query.format | semmle.label | req.query.format | +| tst.js:14:29:14:44 | req.query.format | semmle.label | req.query.format | +| tst.js:15:30:15:45 | req.query.format | semmle.label | req.query.format | +| tst.js:16:26:16:41 | req.query.format | semmle.label | req.query.format | +| tst.js:17:30:17:45 | req.query.format | semmle.label | req.query.format | +| tst.js:18:38:18:53 | req.query.format | semmle.label | req.query.format | +| tst.js:20:17:20:32 | req.query.format | semmle.label | req.query.format | +| tst.js:21:16:21:31 | req.query.format | semmle.label | req.query.format | +| tst.js:22:17:22:32 | req.query.format | semmle.label | req.query.format | +| tst.js:24:25:24:40 | req.query.format | semmle.label | req.query.format | +| tst.js:25:33:25:48 | req.query.format | semmle.label | req.query.format | +| tst.js:26:34:26:49 | req.query.format | semmle.label | req.query.format | +subpaths #select | tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | Format string depends on a $@. | tst.js:5:15:5:30 | req.query.format | user-provided value | | tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | Format string depends on a $@. | tst.js:6:26:6:41 | req.query.format | user-provided value | From 25962a9ba6dbe776cb12a78ecbd66ef4ad785bc1 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:23:45 +0200 Subject: [PATCH 093/223] JS: Port TemplateObjectInjection --- .../dataflow/TemplateObjectInjectionQuery.qll | 41 ++++++- .../CWE-073/TemplateObjectInjection.ql | 7 +- .../CWE-073/TemplateObjectInjection.expected | 116 ++++++------------ 3 files changed, 81 insertions(+), 83 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll index 22bb06e4af3d..0d3c76578105 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll @@ -14,7 +14,46 @@ private import semmle.javascript.security.TaintedObject /** * A taint tracking configuration for reasoning about template object injection vulnerabilities. */ -class TemplateObjInjectionConfig extends TaintTracking::Configuration { +module TemplateObjectInjectionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getAFlowLabel() = label + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink instanceof Sink and label = TaintedObject::label() + } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + TaintTracking::defaultSanitizer(node) and + label.isTaint() + or + node = TaintedObject::SanitizerGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node trg, DataFlow::FlowLabel outlbl + ) { + TaintedObject::step(src, trg, inlbl, outlbl) + or + inlbl.isTaint() and + TaintTracking::defaultTaintStep(src, trg) and + inlbl = outlbl + } +} + +/** + * Taint tracking for reasoning about template object injection vulnerabilities. + */ +module TemplateObjectInjectionFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `TemplateObjectInjectionFlow` module instead. + */ +deprecated class TemplateObjInjectionConfig extends TaintTracking::Configuration { TemplateObjInjectionConfig() { this = "TemplateObjInjectionConfig" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql index 68ef1b12c79a..1db62b2e7f01 100644 --- a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql +++ b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql @@ -12,10 +12,11 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.TemplateObjectInjectionQuery +import DataFlow::DeduplicatePathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + TemplateObjectInjectionFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "Template object depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected index eee80b295923..3ba1cc1d2d9b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected @@ -1,112 +1,70 @@ nodes -| routes.js:2:23:2:30 | req.body | -| routes.js:2:23:2:30 | req.body | -| routes.js:2:23:2:30 | req.body | -| tst2.js:6:9:6:46 | bodyParameter | -| tst2.js:6:25:6:32 | req.body | -| tst2.js:6:25:6:32 | req.body | -| tst2.js:6:25:6:46 | req.bod ... rameter | -| tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:26:9:26:46 | bodyParameter | -| tst2.js:26:25:26:32 | req.body | -| tst2.js:26:25:26:32 | req.body | -| tst2.js:26:25:26:46 | req.bod ... rameter | -| tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:34:9:34:46 | bodyParameter | -| tst2.js:34:25:34:32 | req.body | -| tst2.js:34:25:34:32 | req.body | -| tst2.js:34:25:34:46 | req.bod ... rameter | -| tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:42:9:42:46 | bodyParameter | -| tst2.js:42:25:42:32 | req.body | -| tst2.js:42:25:42:32 | req.body | -| tst2.js:42:25:42:46 | req.bod ... rameter | -| tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:51:9:51:46 | bodyParameter | -| tst2.js:51:25:51:32 | req.body | -| tst2.js:51:25:51:32 | req.body | -| tst2.js:51:25:51:46 | req.bod ... rameter | -| tst2.js:52:28:52:40 | bodyParameter | -| tst2.js:52:28:52:40 | bodyParameter | -| tst.js:7:9:7:46 | bodyParameter | -| tst.js:7:25:7:32 | req.body | -| tst.js:7:25:7:32 | req.body | -| tst.js:7:25:7:46 | req.bod ... rameter | -| tst.js:8:9:8:49 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | -| tst.js:8:26:8:49 | req.que ... rameter | -| tst.js:8:26:8:49 | req.que ... rameter | -| tst.js:10:28:10:40 | bodyParameter | -| tst.js:10:28:10:40 | bodyParameter | -| tst.js:11:28:11:41 | queryParameter | -| tst.js:11:28:11:41 | queryParameter | -| tst.js:20:19:20:32 | queryParameter | -| tst.js:20:19:20:32 | queryParameter | -| tst.js:23:24:23:26 | obj | -| tst.js:23:24:23:26 | obj | -| tst.js:24:28:24:30 | obj | -| tst.js:24:28:24:30 | obj | -| tst.js:26:11:26:24 | str | -| tst.js:26:17:26:19 | obj | -| tst.js:26:17:26:24 | obj + "" | -| tst.js:29:28:29:42 | JSON.parse(str) | -| tst.js:29:28:29:42 | JSON.parse(str) | -| tst.js:29:39:29:41 | str | +| routes.js:2:23:2:30 | req.body | semmle.label | req.body | +| tst2.js:6:9:6:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:6:25:6:32 | req.body | semmle.label | req.body | +| tst2.js:6:25:6:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:7:28:7:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:26:9:26:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:26:25:26:32 | req.body | semmle.label | req.body | +| tst2.js:26:25:26:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:27:28:27:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:34:9:34:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:34:25:34:32 | req.body | semmle.label | req.body | +| tst2.js:34:25:34:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:35:28:35:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:42:9:42:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:42:25:42:32 | req.body | semmle.label | req.body | +| tst2.js:42:25:42:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:43:28:43:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:51:9:51:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:51:25:51:32 | req.body | semmle.label | req.body | +| tst2.js:51:25:51:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:52:28:52:40 | bodyParameter | semmle.label | bodyParameter | +| tst.js:7:9:7:46 | bodyParameter | semmle.label | bodyParameter | +| tst.js:7:25:7:32 | req.body | semmle.label | req.body | +| tst.js:7:25:7:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst.js:8:9:8:49 | queryParameter | semmle.label | queryParameter | +| tst.js:8:26:8:49 | req.que ... rameter | semmle.label | req.que ... rameter | +| tst.js:10:28:10:40 | bodyParameter | semmle.label | bodyParameter | +| tst.js:11:28:11:41 | queryParameter | semmle.label | queryParameter | +| tst.js:20:19:20:32 | queryParameter | semmle.label | queryParameter | +| tst.js:23:24:23:26 | obj | semmle.label | obj | +| tst.js:24:28:24:30 | obj | semmle.label | obj | +| tst.js:26:11:26:24 | str | semmle.label | str | +| tst.js:26:17:26:19 | obj | semmle.label | obj | +| tst.js:26:17:26:24 | obj + "" | semmle.label | obj + "" | +| tst.js:29:28:29:42 | JSON.parse(str) | semmle.label | JSON.parse(str) | +| tst.js:29:39:29:41 | str | semmle.label | str | edges -| routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | | tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | | tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | | tst2.js:6:25:6:46 | req.bod ... rameter | tst2.js:6:9:6:46 | bodyParameter | | tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | | tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | | tst2.js:26:25:26:46 | req.bod ... rameter | tst2.js:26:9:26:46 | bodyParameter | | tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | | tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | | tst2.js:34:25:34:46 | req.bod ... rameter | tst2.js:34:9:34:46 | bodyParameter | | tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | | tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | | tst2.js:42:25:42:46 | req.bod ... rameter | tst2.js:42:9:42:46 | bodyParameter | | tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | -| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | -| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | | tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | | tst2.js:51:25:51:46 | req.bod ... rameter | tst2.js:51:9:51:46 | bodyParameter | | tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | -| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | -| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | | tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | | tst.js:7:25:7:46 | req.bod ... rameter | tst.js:7:9:7:46 | bodyParameter | | tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | | tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | | tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | | tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | | tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | -| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | | tst.js:23:24:23:26 | obj | tst.js:26:17:26:19 | obj | | tst.js:26:11:26:24 | str | tst.js:29:39:29:41 | str | | tst.js:26:17:26:19 | obj | tst.js:26:17:26:24 | obj + "" | | tst.js:26:17:26:24 | obj + "" | tst.js:26:11:26:24 | str | | tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | -| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | +subpaths #select | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | Template object depends on a $@. | routes.js:2:23:2:30 | req.body | user-provided value | | tst2.js:7:28:7:40 | bodyParameter | tst2.js:6:25:6:32 | req.body | tst2.js:7:28:7:40 | bodyParameter | Template object depends on a $@. | tst2.js:6:25:6:32 | req.body | user-provided value | From 5af608c93719cedaac9656a0f0aa2e02de75de9c Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:24:00 +0200 Subject: [PATCH 094/223] JS: Port TypeConfusionThroughParameterTampering --- ...hroughParameterTamperingCustomizations.qll | 15 +++ ...onfusionThroughParameterTamperingQuery.qll | 56 ++++++--- .../TypeConfusionThroughParameterTampering.ql | 6 +- ...onfusionThroughParameterTampering.expected | 113 +++++++++--------- 4 files changed, 109 insertions(+), 81 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll index ad608017115d..6857ab308a4c 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll @@ -23,6 +23,21 @@ module TypeConfusionThroughParameterTampering { */ abstract class Barrier extends DataFlow::Node { } + /** + * A barrier guard for type confusion for HTTP request inputs. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** * An HTTP request parameter that the user controls the type of. * diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll index 9cc09987343d..a490d11a429a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll @@ -13,37 +13,33 @@ private import semmle.javascript.dataflow.InferredTypes import TypeConfusionThroughParameterTamperingCustomizations::TypeConfusionThroughParameterTampering /** - * A taint tracking configuration for type confusion for HTTP request inputs. + * Data flow configuration for type confusion for HTTP request inputs. */ -class Configuration extends DataFlow::Configuration { - Configuration() { this = "TypeConfusionThroughParameterTampering" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } +module TypeConfusionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink instanceof Sink and sink.analyze().getAType() = TTString() and sink.analyze().getAType() = TTObject() } - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) - or - node instanceof Barrier - } - - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof TypeOfTestBarrier or - guard instanceof IsArrayBarrier + predicate isBarrier(DataFlow::Node node) { + node instanceof Barrier or node = DataFlow::MakeBarrierGuard::getABarrierNode() } } -private class TypeOfTestBarrier extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { +/** + * Data flow for type confusion for HTTP request inputs. + */ +module TypeConfusionFlow = DataFlow::Global; + +private class TypeOfTestBarrier extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; TypeOfTestBarrier() { TaintTracking::isTypeofGuard(astNode, _, _) } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { exists(string tag | TaintTracking::isTypeofGuard(astNode, e, tag) and if tag = ["string", "object"] @@ -53,11 +49,33 @@ private class TypeOfTestBarrier extends DataFlow::BarrierGuardNode, DataFlow::Va } } -private class IsArrayBarrier extends DataFlow::BarrierGuardNode, DataFlow::CallNode { +private class IsArrayBarrier extends BarrierGuardLegacy, DataFlow::CallNode { IsArrayBarrier() { this = DataFlow::globalVarRef("Array").getAMemberCall("isArray") } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = this.getArgument(0).asExpr() and outcome = [true, false] // separation between string/array removes type confusion in both branches } } + +/** + * DEPRECATED. Use the `TypeConfusionFlow` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { + Configuration() { this = "TypeConfusionThroughParameterTampering" } + + override predicate isSource(DataFlow::Node source) { TypeConfusionConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TypeConfusionConfig::isSink(sink) } + + override predicate isBarrier(DataFlow::Node node) { + super.isBarrier(node) + or + node instanceof Barrier + } + + override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { + guard instanceof TypeOfTestBarrier or + guard instanceof IsArrayBarrier + } +} diff --git a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql index 795ad48409c7..5887cb1db373 100644 --- a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql +++ b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql @@ -12,10 +12,10 @@ import javascript import semmle.javascript.security.dataflow.TypeConfusionThroughParameterTamperingQuery -import DataFlow::PathGraph +import TypeConfusionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from TypeConfusionFlow::PathNode source, TypeConfusionFlow::PathNode sink +where TypeConfusionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Potential type confusion as $@ may be either an array or a string.", source.getNode(), "this HTTP request parameter" diff --git a/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected b/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected index 13c97e3f327b..d0234ead0793 100644 --- a/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected +++ b/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected @@ -1,81 +1,76 @@ -nodes -| tst.js:5:9:5:27 | foo | -| tst.js:5:15:5:27 | req.query.foo | -| tst.js:5:15:5:27 | req.query.foo | -| tst.js:6:5:6:7 | foo | -| tst.js:6:5:6:7 | foo | -| tst.js:8:5:8:7 | foo | -| tst.js:8:5:8:7 | foo | -| tst.js:11:9:11:11 | foo | -| tst.js:11:9:11:11 | foo | -| tst.js:14:16:14:18 | bar | -| tst.js:15:9:15:11 | bar | -| tst.js:15:9:15:11 | bar | -| tst.js:17:7:17:9 | foo | -| tst.js:27:5:27:7 | foo | -| tst.js:27:5:27:7 | foo | -| tst.js:28:5:28:7 | foo | -| tst.js:28:5:28:7 | foo | -| tst.js:45:9:45:35 | foo | -| tst.js:45:15:45:35 | ctx.req ... ery.foo | -| tst.js:45:15:45:35 | ctx.req ... ery.foo | -| tst.js:46:5:46:7 | foo | -| tst.js:46:5:46:7 | foo | -| tst.js:77:25:77:38 | req.query.path | -| tst.js:77:25:77:38 | req.query.path | -| tst.js:80:23:80:23 | p | -| tst.js:81:9:81:9 | p | -| tst.js:81:9:81:9 | p | -| tst.js:82:9:82:9 | p | -| tst.js:82:9:82:9 | p | -| tst.js:90:5:90:12 | data.foo | -| tst.js:90:5:90:12 | data.foo | -| tst.js:90:5:90:12 | data.foo | -| tst.js:92:9:92:16 | data.foo | -| tst.js:92:9:92:16 | data.foo | -| tst.js:92:9:92:16 | data.foo | -| tst.js:98:9:98:16 | data.foo | -| tst.js:98:9:98:16 | data.foo | -| tst.js:98:9:98:16 | data.foo | -| tst.js:103:9:103:29 | data | -| tst.js:103:16:103:29 | req.query.data | -| tst.js:103:16:103:29 | req.query.data | -| tst.js:104:5:104:8 | data | -| tst.js:104:5:104:8 | data | edges | tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo | | tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo | | tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo | | tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:11:9:11:11 | foo | -| tst.js:5:9:5:27 | foo | tst.js:11:9:11:11 | foo | | tst.js:5:9:5:27 | foo | tst.js:17:7:17:9 | foo | +| tst.js:5:9:5:27 | foo | tst.js:21:5:21:7 | foo | +| tst.js:5:9:5:27 | foo | tst.js:22:5:22:7 | foo | +| tst.js:5:9:5:27 | foo | tst.js:23:5:23:7 | foo | +| tst.js:5:9:5:27 | foo | tst.js:25:5:25:7 | foo | | tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo | | tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo | | tst.js:5:9:5:27 | foo | tst.js:28:5:28:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:28:5:28:7 | foo | -| tst.js:5:15:5:27 | req.query.foo | tst.js:5:9:5:27 | foo | | tst.js:5:15:5:27 | req.query.foo | tst.js:5:9:5:27 | foo | -| tst.js:14:16:14:18 | bar | tst.js:15:9:15:11 | bar | +| tst.js:6:5:6:7 | foo | tst.js:8:5:8:7 | foo | +| tst.js:6:5:6:7 | foo | tst.js:8:5:8:7 | foo | +| tst.js:8:5:8:7 | foo | tst.js:10:5:12:5 | functio ... K\\n } [foo] | +| tst.js:8:5:8:7 | foo | tst.js:17:7:17:9 | foo | +| tst.js:10:5:12:5 | functio ... K\\n } [foo] | tst.js:10:14:10:14 | f [foo] | +| tst.js:10:5:12:5 | functio ... K\\n } [foo] | tst.js:11:9:11:11 | foo | +| tst.js:10:14:10:14 | f [foo] | tst.js:39:12:39:12 | f [foo] | | tst.js:14:16:14:18 | bar | tst.js:15:9:15:11 | bar | | tst.js:17:7:17:9 | foo | tst.js:14:16:14:18 | bar | +| tst.js:17:7:17:9 | foo | tst.js:21:5:21:7 | foo | +| tst.js:21:5:21:7 | foo | tst.js:22:5:22:7 | foo | +| tst.js:22:5:22:7 | foo | tst.js:23:5:23:7 | foo | +| tst.js:23:5:23:7 | foo | tst.js:25:5:25:7 | foo | +| tst.js:25:5:25:7 | foo | tst.js:27:5:27:7 | foo | +| tst.js:25:5:25:7 | foo | tst.js:27:5:27:7 | foo | +| tst.js:27:5:27:7 | foo | tst.js:28:5:28:7 | foo | +| tst.js:39:12:39:12 | f [foo] | tst.js:11:9:11:11 | foo | | tst.js:45:9:45:35 | foo | tst.js:46:5:46:7 | foo | -| tst.js:45:9:45:35 | foo | tst.js:46:5:46:7 | foo | -| tst.js:45:15:45:35 | ctx.req ... ery.foo | tst.js:45:9:45:35 | foo | | tst.js:45:15:45:35 | ctx.req ... ery.foo | tst.js:45:9:45:35 | foo | | tst.js:77:25:77:38 | req.query.path | tst.js:80:23:80:23 | p | -| tst.js:77:25:77:38 | req.query.path | tst.js:80:23:80:23 | p | -| tst.js:80:23:80:23 | p | tst.js:81:9:81:9 | p | | tst.js:80:23:80:23 | p | tst.js:81:9:81:9 | p | | tst.js:80:23:80:23 | p | tst.js:82:9:82:9 | p | -| tst.js:80:23:80:23 | p | tst.js:82:9:82:9 | p | -| tst.js:90:5:90:12 | data.foo | tst.js:90:5:90:12 | data.foo | -| tst.js:92:9:92:16 | data.foo | tst.js:92:9:92:16 | data.foo | -| tst.js:98:9:98:16 | data.foo | tst.js:98:9:98:16 | data.foo | | tst.js:103:9:103:29 | data | tst.js:104:5:104:8 | data | -| tst.js:103:9:103:29 | data | tst.js:104:5:104:8 | data | -| tst.js:103:16:103:29 | req.query.data | tst.js:103:9:103:29 | data | | tst.js:103:16:103:29 | req.query.data | tst.js:103:9:103:29 | data | +nodes +| tst.js:5:9:5:27 | foo | semmle.label | foo | +| tst.js:5:15:5:27 | req.query.foo | semmle.label | req.query.foo | +| tst.js:6:5:6:7 | foo | semmle.label | foo | +| tst.js:6:5:6:7 | foo | semmle.label | foo | +| tst.js:8:5:8:7 | foo | semmle.label | foo | +| tst.js:8:5:8:7 | foo | semmle.label | foo | +| tst.js:10:5:12:5 | functio ... K\\n } [foo] | semmle.label | functio ... K\\n } [foo] | +| tst.js:10:14:10:14 | f [foo] | semmle.label | f [foo] | +| tst.js:11:9:11:11 | foo | semmle.label | foo | +| tst.js:14:16:14:18 | bar | semmle.label | bar | +| tst.js:15:9:15:11 | bar | semmle.label | bar | +| tst.js:17:7:17:9 | foo | semmle.label | foo | +| tst.js:21:5:21:7 | foo | semmle.label | foo | +| tst.js:22:5:22:7 | foo | semmle.label | foo | +| tst.js:23:5:23:7 | foo | semmle.label | foo | +| tst.js:25:5:25:7 | foo | semmle.label | foo | +| tst.js:27:5:27:7 | foo | semmle.label | foo | +| tst.js:27:5:27:7 | foo | semmle.label | foo | +| tst.js:28:5:28:7 | foo | semmle.label | foo | +| tst.js:39:12:39:12 | f [foo] | semmle.label | f [foo] | +| tst.js:45:9:45:35 | foo | semmle.label | foo | +| tst.js:45:15:45:35 | ctx.req ... ery.foo | semmle.label | ctx.req ... ery.foo | +| tst.js:46:5:46:7 | foo | semmle.label | foo | +| tst.js:77:25:77:38 | req.query.path | semmle.label | req.query.path | +| tst.js:80:23:80:23 | p | semmle.label | p | +| tst.js:81:9:81:9 | p | semmle.label | p | +| tst.js:82:9:82:9 | p | semmle.label | p | +| tst.js:90:5:90:12 | data.foo | semmle.label | data.foo | +| tst.js:92:9:92:16 | data.foo | semmle.label | data.foo | +| tst.js:98:9:98:16 | data.foo | semmle.label | data.foo | +| tst.js:103:9:103:29 | data | semmle.label | data | +| tst.js:103:16:103:29 | req.query.data | semmle.label | req.query.data | +| tst.js:104:5:104:8 | data | semmle.label | data | +subpaths #select | tst.js:6:5:6:7 | foo | tst.js:5:15:5:27 | req.query.foo | tst.js:6:5:6:7 | foo | Potential type confusion as $@ may be either an array or a string. | tst.js:5:15:5:27 | req.query.foo | this HTTP request parameter | | tst.js:8:5:8:7 | foo | tst.js:5:15:5:27 | req.query.foo | tst.js:8:5:8:7 | foo | Potential type confusion as $@ may be either an array or a string. | tst.js:5:15:5:27 | req.query.foo | this HTTP request parameter | From 32022ccbdaebbeb9f744f5c86c9b38eb88769d94 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:24:48 +0200 Subject: [PATCH 095/223] JS: Port UnsafeCodeConstruction --- .../dataflow/UnsafeCodeConstruction.qll | 29 +++- .../CWE-094/UnsafeCodeConstruction.ql | 8 +- .../UnsafeCodeConstruction.expected | 127 ++---------------- 3 files changed, 43 insertions(+), 121 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll index 2c45483f0dbd..5e2c3d8f195b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll @@ -19,7 +19,34 @@ module UnsafeCodeConstruction { /** * A taint-tracking configuration for reasoning about unsafe code constructed from library input. */ - class Configuration extends TaintTracking::Configuration { + module UnsafeCodeConstructionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof CodeInjection::Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { + // HTML sanitizers are insufficient protection against code injection + src = trg.(HtmlSanitizerCall).getInput() + or + none() + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } + } + + /** + * Taint-tracking for reasoning about unsafe code constructed from library input. + */ + module UnsafeCodeConstructionFlow = TaintTracking::Global; + + /** + * DEPRECATED. Use the `UnsafeCodeConstructionFlow` module instead. + */ + deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeCodeConstruction" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql b/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql index 2adf02114b94..e68a482f8d20 100644 --- a/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql +++ b/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql @@ -14,11 +14,13 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.UnsafeCodeConstruction::UnsafeCodeConstruction +import UnsafeCodeConstructionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode() +from + UnsafeCodeConstructionFlow::PathNode source, UnsafeCodeConstructionFlow::PathNode sink, + Sink sinkNode +where UnsafeCodeConstructionFlow::flowPath(source, sink) and sinkNode = sink.getNode() select sink.getNode(), source, sink, "This " + sinkNode.getSinkType() + " which depends on $@ is later $@.", source.getNode(), "library input", sinkNode.getCodeSink(), "interpreted as code" diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected index 725c600ecaa3..a54acabbb642 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected @@ -1,127 +1,20 @@ -nodes -| lib/index.js:1:35:1:38 | data | -| lib/index.js:1:35:1:38 | data | -| lib/index.js:2:21:2:24 | data | -| lib/index.js:2:21:2:24 | data | -| lib/index.js:5:35:5:38 | name | -| lib/index.js:5:35:5:38 | name | -| lib/index.js:6:26:6:29 | name | -| lib/index.js:6:26:6:29 | name | -| lib/index.js:13:38:13:41 | data | -| lib/index.js:13:38:13:41 | data | -| lib/index.js:14:21:14:24 | data | -| lib/index.js:14:21:14:24 | data | -| lib/index.js:19:26:19:29 | data | -| lib/index.js:19:26:19:29 | data | -| lib/index.js:22:7:22:10 | data | -| lib/index.js:22:7:22:10 | data | -| lib/index.js:41:32:41:35 | opts | -| lib/index.js:41:32:41:35 | opts | -| lib/index.js:42:3:42:19 | opts | -| lib/index.js:42:10:42:13 | opts | -| lib/index.js:42:10:42:19 | opts \|\| {} | -| lib/index.js:44:21:44:24 | opts | -| lib/index.js:44:21:44:32 | opts.varName | -| lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:86:15:86:19 | taint | -| lib/index.js:86:15:86:19 | taint | -| lib/index.js:87:18:87:22 | taint | -| lib/index.js:89:36:89:40 | taint | -| lib/index.js:93:32:93:36 | taint | -| lib/index.js:98:30:98:34 | taint | -| lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:112:17:112:21 | taint | -| lib/index.js:112:17:112:21 | taint | -| lib/index.js:113:20:113:24 | taint | -| lib/index.js:115:38:115:42 | taint | -| lib/index.js:121:34:121:38 | taint | -| lib/index.js:129:32:129:36 | taint | -| lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:137:23:137:49 | this.op ... dOption | -| lib/index.js:137:23:137:49 | this.op ... dOption | -| lib/index.js:138:23:138:32 | this.taint | -| lib/index.js:138:23:138:32 | this.taint | edges | lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | | lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | | lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | | lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | -| lib/index.js:41:32:41:35 | opts | lib/index.js:42:10:42:13 | opts | -| lib/index.js:41:32:41:35 | opts | lib/index.js:42:10:42:13 | opts | -| lib/index.js:42:3:42:19 | opts | lib/index.js:44:21:44:24 | opts | -| lib/index.js:42:10:42:13 | opts | lib/index.js:42:10:42:19 | opts \|\| {} | -| lib/index.js:42:10:42:19 | opts \|\| {} | lib/index.js:42:3:42:19 | opts | -| lib/index.js:44:21:44:24 | opts | lib/index.js:44:21:44:32 | opts.varName | -| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:86:15:86:19 | taint | lib/index.js:87:18:87:22 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:87:18:87:22 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:89:36:89:40 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:89:36:89:40 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:93:32:93:36 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:93:32:93:36 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:98:30:98:34 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:98:30:98:34 | taint | -| lib/index.js:87:18:87:22 | taint | lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:87:18:87:22 | taint | lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:89:36:89:40 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:89:36:89:40 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:93:32:93:36 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:93:32:93:36 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:98:30:98:34 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:98:30:98:34 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:112:17:112:21 | taint | lib/index.js:113:20:113:24 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:113:20:113:24 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:115:38:115:42 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:115:38:115:42 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:121:34:121:38 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:121:34:121:38 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:129:32:129:36 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:129:32:129:36 | taint | -| lib/index.js:113:20:113:24 | taint | lib/index.js:138:23:138:32 | this.taint | -| lib/index.js:113:20:113:24 | taint | lib/index.js:138:23:138:32 | this.taint | -| lib/index.js:115:38:115:42 | taint | lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:115:38:115:42 | taint | lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:121:34:121:38 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:121:34:121:38 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:129:32:129:36 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | -| lib/index.js:129:32:129:36 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | +nodes +| lib/index.js:1:35:1:38 | data | semmle.label | data | +| lib/index.js:2:21:2:24 | data | semmle.label | data | +| lib/index.js:5:35:5:38 | name | semmle.label | name | +| lib/index.js:6:26:6:29 | name | semmle.label | name | +| lib/index.js:13:38:13:41 | data | semmle.label | data | +| lib/index.js:14:21:14:24 | data | semmle.label | data | +| lib/index.js:19:26:19:29 | data | semmle.label | data | +| lib/index.js:22:7:22:10 | data | semmle.label | data | +subpaths #select | lib/index.js:2:21:2:24 | data | lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:1:35:1:38 | data | library input | lib/index.js:2:15:2:30 | "(" + data + ")" | interpreted as code | | lib/index.js:6:26:6:29 | name | lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | This string concatenation which depends on $@ is later $@. | lib/index.js:5:35:5:38 | name | library input | lib/index.js:6:17:6:29 | "obj." + name | interpreted as code | | lib/index.js:14:21:14:24 | data | lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:13:38:13:41 | data | library input | lib/index.js:14:15:14:30 | "(" + data + ")" | interpreted as code | | lib/index.js:22:7:22:10 | data | lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:19:26:19:29 | data | library input | lib/index.js:25:24:25:26 | str | interpreted as code | -| lib/index.js:51:21:51:32 | opts.varName | lib/index.js:41:32:41:35 | opts | lib/index.js:51:21:51:32 | opts.varName | This string concatenation which depends on $@ is later $@. | lib/index.js:41:32:41:35 | opts | library input | lib/index.js:51:10:51:52 | " var ... ing();" | interpreted as code | -| lib/index.js:103:21:103:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:103:10:103:67 | " var ... ing();" | interpreted as code | -| lib/index.js:104:21:104:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:104:10:104:67 | " var ... ing();" | interpreted as code | -| lib/index.js:105:21:105:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:105:10:105:67 | " var ... ing();" | interpreted as code | -| lib/index.js:106:21:106:30 | this.taint | lib/index.js:86:15:86:19 | taint | lib/index.js:106:21:106:30 | this.taint | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:106:10:106:50 | " var ... ing();" | interpreted as code | -| lib/index.js:135:23:135:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:135:23:135:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:135:12:135:69 | " var ... ing();" | interpreted as code | -| lib/index.js:136:23:136:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:136:12:136:69 | " var ... ing();" | interpreted as code | -| lib/index.js:137:23:137:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:137:12:137:69 | " var ... ing();" | interpreted as code | -| lib/index.js:138:23:138:32 | this.taint | lib/index.js:112:17:112:21 | taint | lib/index.js:138:23:138:32 | this.taint | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:138:12:138:52 | " var ... ing();" | interpreted as code | From 758f42495cc8091e260d83d4f580a1f1b212467f Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:25:16 +0200 Subject: [PATCH 096/223] JS: Port UnsafeDeserialization --- .../dataflow/UnsafeDeserializationQuery.qll | 18 +++++++- .../Security/CWE-502/UnsafeDeserialization.ql | 6 +-- .../CWE-502/UnsafeDeserialization.expected | 43 +++++-------------- 3 files changed, 30 insertions(+), 37 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll index f8afff17b3a6..edb3f93fa1b2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll @@ -12,7 +12,23 @@ import UnsafeDeserializationCustomizations::UnsafeDeserialization /** * A taint-tracking configuration for reasoning about unsafe deserialization. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeDeserializationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about unsafe deserialization. + */ +module UnsafeDeserializationFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `UnsafeDeserializationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeDeserialization" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 35ae85130c98..e940ddff3382 100644 --- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDeserializationQuery -import DataFlow::PathGraph +import UnsafeDeserializationFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from UnsafeDeserializationFlow::PathNode source, UnsafeDeserializationFlow::PathNode sink +where UnsafeDeserializationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Unsafe deserialization depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected b/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected index 7abe0b7f559d..dbd2e399114f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected +++ b/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected @@ -1,37 +1,14 @@ -nodes -| tst.js:13:22:13:36 | req.params.data | -| tst.js:13:22:13:36 | req.params.data | -| tst.js:13:22:13:36 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | edges -| tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | tst.js:15:26:15:40 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | tst.js:16:29:16:43 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | tst.js:20:22:20:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | tst.js:21:22:21:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | tst.js:24:22:24:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | tst.js:25:22:25:36 | req.params.data | +nodes +| tst.js:13:22:13:36 | req.params.data | semmle.label | req.params.data | +| tst.js:14:25:14:39 | req.params.data | semmle.label | req.params.data | +| tst.js:15:26:15:40 | req.params.data | semmle.label | req.params.data | +| tst.js:16:29:16:43 | req.params.data | semmle.label | req.params.data | +| tst.js:20:22:20:36 | req.params.data | semmle.label | req.params.data | +| tst.js:21:22:21:36 | req.params.data | semmle.label | req.params.data | +| tst.js:24:22:24:36 | req.params.data | semmle.label | req.params.data | +| tst.js:25:22:25:36 | req.params.data | semmle.label | req.params.data | +subpaths #select | tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data | Unsafe deserialization depends on a $@. | tst.js:13:22:13:36 | req.params.data | user-provided value | | tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data | Unsafe deserialization depends on a $@. | tst.js:14:25:14:39 | req.params.data | user-provided value | From 7f4d42ddcde6db10023806458b805323704b121f Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:25:26 +0200 Subject: [PATCH 097/223] JS: Port UnsafeDynamicMethodAccess --- .../UnsafeDynamicMethodAccessQuery.qll | 61 ++++++++++++++- .../CWE-094/UnsafeDynamicMethodAccess.ql | 6 +- .../UnsafeDynamicMethodAccess.expected | 76 ++++++++----------- 3 files changed, 93 insertions(+), 50 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll index 9ebe36a7cb8a..556204375df9 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll @@ -20,7 +20,66 @@ private class ConcreteUnsafeFunction extends UnsafeFunction { /** * A taint-tracking configuration for reasoning about unsafe dynamic method access. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeDynamicMethodAccessConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getFlowLabel() = label + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink.(Sink).getFlowLabel() = label + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer + or + exists(StringConcatenation::getOperand(node, _)) and + not StringConcatenation::isCoercion(node) + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + TaintTracking::defaultSanitizer(node) and + label.isTaint() + } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel srclabel, DataFlow::Node dst, + DataFlow::FlowLabel dstlabel + ) { + // Reading a property of the global object or of a function + exists(DataFlow::PropRead read | + PropertyInjection::hasUnsafeMethods(read.getBase().getALocalSource()) and + src = read.getPropertyNameExpr().flow() and + dst = read and + srclabel.isTaint() and + dstlabel = unsafeFunction() + ) + or + // Reading a chain of properties from any object with a prototype can lead to Function + exists(PropertyProjection proj | + not PropertyInjection::isPrototypeLessObject(proj.getObject().getALocalSource()) and + src = proj.getASelector() and + dst = proj and + srclabel.isTaint() and + dstlabel = unsafeFunction() + ) + or + srclabel.isTaint() and + TaintTracking::defaultTaintStep(src, dst) and + srclabel = dstlabel + } +} + +/** + * Taint-tracking for reasoning about unsafe dynamic method access. + */ +module UnsafeDynamicMethodAccessFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `UnsafeDynamicMethodAccessFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeDynamicMethodAccess" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql b/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql index 4659ce891784..3a108a79132c 100644 --- a/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql +++ b/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql @@ -12,10 +12,10 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDynamicMethodAccessQuery -import DataFlow::PathGraph +import UnsafeDynamicMethodAccessFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from UnsafeDynamicMethodAccessFlow::PathNode source, UnsafeDynamicMethodAccessFlow::PathNode sink +where UnsafeDynamicMethodAccessFlow::flowPath(source, sink) select sink, source, sink, "This method is invoked using a $@, which may allow remote code execution.", source.getNode(), "user-controlled value" diff --git a/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected b/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected index 4005bd32dba3..4a5f9141a993 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected @@ -1,53 +1,12 @@ -nodes -| example.js:9:37:9:38 | ev | -| example.js:9:37:9:38 | ev | -| example.js:10:9:10:37 | message | -| example.js:10:19:10:37 | JSON.parse(ev.data) | -| example.js:10:30:10:31 | ev | -| example.js:10:30:10:36 | ev.data | -| example.js:13:5:13:24 | window[message.name] | -| example.js:13:5:13:24 | window[message.name] | -| example.js:13:12:13:18 | message | -| example.js:13:12:13:23 | message.name | -| tst.js:3:37:3:38 | ev | -| tst.js:3:37:3:38 | ev | -| tst.js:4:9:4:37 | message | -| tst.js:4:19:4:37 | JSON.parse(ev.data) | -| tst.js:4:30:4:31 | ev | -| tst.js:4:30:4:36 | ev.data | -| tst.js:5:5:5:24 | window[message.name] | -| tst.js:5:5:5:24 | window[message.name] | -| tst.js:5:12:5:18 | message | -| tst.js:5:12:5:23 | message.name | -| tst.js:6:9:6:28 | window[message.name] | -| tst.js:6:9:6:28 | window[message.name] | -| tst.js:6:16:6:22 | message | -| tst.js:6:16:6:27 | message.name | -| tst.js:11:5:11:19 | f[message.name] | -| tst.js:11:5:11:19 | f[message.name] | -| tst.js:11:7:11:13 | message | -| tst.js:11:7:11:18 | message.name | -| tst.js:15:5:15:14 | window[ev] | -| tst.js:15:5:15:14 | window[ev] | -| tst.js:15:12:15:13 | ev | -| tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:12:21:28 | '' + message.name | -| tst.js:21:17:21:23 | message | -| tst.js:21:17:21:28 | message.name | edges | example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | -| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | | example.js:10:9:10:37 | message | example.js:13:12:13:18 | message | | example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message | | example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data | | example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) | | example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name | | example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | -| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | | tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | -| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | -| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | | tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | | tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message | | tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message | @@ -58,19 +17,44 @@ edges | tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) | | tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name | | tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | -| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | | tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name | | tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | -| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | | tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name | | tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | -| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | -| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | | tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | | tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | | tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name | | tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name | +nodes +| example.js:9:37:9:38 | ev | semmle.label | ev | +| example.js:10:9:10:37 | message | semmle.label | message | +| example.js:10:19:10:37 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| example.js:10:30:10:31 | ev | semmle.label | ev | +| example.js:10:30:10:36 | ev.data | semmle.label | ev.data | +| example.js:13:5:13:24 | window[message.name] | semmle.label | window[message.name] | +| example.js:13:12:13:18 | message | semmle.label | message | +| example.js:13:12:13:23 | message.name | semmle.label | message.name | +| tst.js:3:37:3:38 | ev | semmle.label | ev | +| tst.js:4:9:4:37 | message | semmle.label | message | +| tst.js:4:19:4:37 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| tst.js:4:30:4:31 | ev | semmle.label | ev | +| tst.js:4:30:4:36 | ev.data | semmle.label | ev.data | +| tst.js:5:5:5:24 | window[message.name] | semmle.label | window[message.name] | +| tst.js:5:12:5:18 | message | semmle.label | message | +| tst.js:5:12:5:23 | message.name | semmle.label | message.name | +| tst.js:6:9:6:28 | window[message.name] | semmle.label | window[message.name] | +| tst.js:6:16:6:22 | message | semmle.label | message | +| tst.js:6:16:6:27 | message.name | semmle.label | message.name | +| tst.js:11:5:11:19 | f[message.name] | semmle.label | f[message.name] | +| tst.js:11:7:11:13 | message | semmle.label | message | +| tst.js:11:7:11:18 | message.name | semmle.label | message.name | +| tst.js:15:5:15:14 | window[ev] | semmle.label | window[ev] | +| tst.js:15:12:15:13 | ev | semmle.label | ev | +| tst.js:21:5:21:29 | window[ ... e.name] | semmle.label | window[ ... e.name] | +| tst.js:21:12:21:28 | '' + message.name | semmle.label | '' + message.name | +| tst.js:21:17:21:23 | message | semmle.label | message | +| tst.js:21:17:21:28 | message.name | semmle.label | message.name | +subpaths #select | example.js:13:5:13:24 | window[message.name] | example.js:9:37:9:38 | ev | example.js:13:5:13:24 | window[message.name] | This method is invoked using a $@, which may allow remote code execution. | example.js:9:37:9:38 | ev | user-controlled value | | tst.js:5:5:5:24 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:5:5:5:24 | window[message.name] | This method is invoked using a $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | user-controlled value | From 6e3f4bd7d8645efbc0eb7844553927fdc6481b16 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:25:35 +0200 Subject: [PATCH 098/223] JS: Port UnsafeHtmlConstruction --- .../UnsafeHtmlConstructionCustomizations.qll | 28 +- .../dataflow/UnsafeHtmlConstructionQuery.qll | 66 +++- .../CWE-079/UnsafeHtmlConstruction.ql | 8 +- .../UnsafeHtmlConstruction.expected | 301 ++++-------------- 4 files changed, 150 insertions(+), 253 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll index 90579211a3f5..47535107bd89 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll @@ -61,6 +61,30 @@ module UnsafeHtmlConstruction { abstract string describe(); } + /** + * A barrier guard for unsafe HTML constructed from library input vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** * A sink for `js/html-constructed-from-input` that constructs some HTML where * that HTML is later used in `xssSink`. @@ -176,14 +200,14 @@ module UnsafeHtmlConstruction { } /** A test for the value of `typeof x`, restricting the potential types of `x`. */ - class TypeTestGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { + class TypeTestGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; boolean polarity; TypeTestGuard() { TaintTracking::isStringTypeGuard(astNode, operand, polarity) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { polarity = outcome and e = operand and lbl.isTaint() diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll index ed655e604121..2bd2dad9cd21 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll @@ -12,7 +12,66 @@ import semmle.javascript.security.TaintedObject /** * A taint-tracking configuration for reasoning about unsafe HTML constructed from library input vulnerabilities. */ -class Configration extends TaintTracking::Configuration { +module UnsafeHtmlConstructionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source instanceof Source and + label = [TaintedObject::label(), DataFlow::FlowLabel::taint(), DataFlow::FlowLabel::data()] + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink instanceof Sink and + label = DataFlow::FlowLabel::taint() + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof DomBasedXss::Sanitizer + or + node instanceof UnsafeJQueryPlugin::Sanitizer + or + DomBasedXss::isOptionallySanitizedNode(node) + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + TaintTracking::defaultSanitizer(node) and label.isTaint() + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::FlowLabel inlbl, DataFlow::Node succ, DataFlow::FlowLabel outlbl + ) { + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) and + // inlbl.isTaint() and + // outlbl.isTaint() + none() + or + TaintedObject::step(pred, succ, inlbl, outlbl) + or + // property read from a tainted object is considered tainted + succ.(DataFlow::PropRead).getBase() = pred and + inlbl = TaintedObject::label() and + outlbl = DataFlow::FlowLabel::taint() + or + TaintTracking::defaultTaintStep(pred, succ) and + inlbl.isTaint() and + outlbl = inlbl + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } +} + +/** + * Taint-tracking for reasoning about unsafe HTML constructed from library input vulnerabilities. + */ +module UnsafeHtmlConstructionFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `UnsafeHtmlConstructionFlow` module instead. + */ +deprecated class Configration extends TaintTracking::Configuration { Configration() { this = "UnsafeHtmlConstruction" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { @@ -65,11 +124,10 @@ class Configration extends TaintTracking::Configuration { private import semmle.javascript.security.dataflow.Xss::Shared as Shared -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql b/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql index 3e1818af026d..9746e21334c4 100644 --- a/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql +++ b/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql @@ -13,11 +13,13 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.UnsafeHtmlConstructionQuery +import DataFlow::DeduplicatePathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sink.getNode() = sinkNode +from PathNode source, PathNode sink, Sink sinkNode +where + UnsafeHtmlConstructionFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and + sink.getNode() = sinkNode select sinkNode, source, sink, "This " + sinkNode.describe() + " which depends on $@ might later allow $@.", source.getNode(), "library input", sinkNode.getSink(), sinkNode.getVulnerabilityKind().toLowerCase() diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected index b05425e65da6..997d26fb1271 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected @@ -1,287 +1,101 @@ nodes -| jquery-plugin.js:11:27:11:31 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:14:31:14:35 | stuff | -| lib2/index.ts:1:28:1:28 | s | -| lib2/index.ts:1:28:1:28 | s | -| lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:6:29:6:36 | settings | -| lib2/index.ts:6:29:6:36 | settings | -| lib2/index.ts:6:29:6:36 | settings | -| lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:13:9:13:41 | name | -| lib2/index.ts:13:16:13:23 | settings | -| lib2/index.ts:13:16:13:33 | settings.mySetting | -| lib2/index.ts:13:16:13:36 | setting ... ting[i] | -| lib2/index.ts:13:16:13:41 | setting ... i].name | -| lib2/index.ts:18:62:18:65 | name | -| lib2/index.ts:18:62:18:65 | name | -| lib2/src/MyNode.ts:1:28:1:28 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | -| lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | -| lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:2:29:2:29 | s | -| main.js:1:55:1:55 | s | -| main.js:1:55:1:55 | s | -| main.js:2:29:2:29 | s | -| main.js:2:29:2:29 | s | -| main.js:6:49:6:49 | s | -| main.js:6:49:6:49 | s | -| main.js:7:49:7:49 | s | -| main.js:7:49:7:49 | s | -| main.js:11:60:11:60 | s | -| main.js:11:60:11:60 | s | -| main.js:12:49:12:49 | s | -| main.js:12:49:12:49 | s | -| main.js:21:47:21:47 | s | -| main.js:21:47:21:47 | s | -| main.js:22:34:22:34 | s | -| main.js:22:34:22:34 | s | -| main.js:41:17:41:17 | s | -| main.js:42:21:42:21 | s | -| main.js:47:65:47:73 | this.step | -| main.js:47:65:47:73 | this.step | -| main.js:52:41:52:41 | s | -| main.js:52:41:52:41 | s | -| main.js:53:20:53:20 | s | -| main.js:56:28:56:34 | options | -| main.js:56:28:56:34 | options | -| main.js:56:28:56:34 | options | -| main.js:56:28:56:34 | options | -| main.js:57:11:59:5 | defaults | -| main.js:57:11:59:5 | defaults | -| main.js:57:11:59:5 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:11:60:48 | settings | -| main.js:60:11:60:48 | settings | -| main.js:60:11:60:48 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:31:60:38 | defaults | -| main.js:60:31:60:38 | defaults | -| main.js:60:31:60:38 | defaults | -| main.js:60:41:60:47 | options | -| main.js:60:41:60:47 | options | -| main.js:60:41:60:47 | options | -| main.js:62:19:62:26 | settings | -| main.js:62:19:62:26 | settings | -| main.js:62:19:62:26 | settings | -| main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:31 | settings.name | -| main.js:66:35:66:41 | attrVal | -| main.js:66:35:66:41 | attrVal | -| main.js:67:63:67:69 | attrVal | -| main.js:67:63:67:69 | attrVal | -| main.js:79:34:79:36 | val | -| main.js:79:34:79:36 | val | -| main.js:81:35:81:37 | val | -| main.js:81:35:81:37 | val | -| main.js:89:21:89:21 | x | -| main.js:90:23:90:23 | x | -| main.js:90:23:90:23 | x | -| main.js:93:43:93:43 | x | -| main.js:93:43:93:43 | x | -| main.js:94:31:94:31 | x | -| main.js:98:43:98:43 | x | -| main.js:98:43:98:43 | x | -| main.js:99:28:99:28 | x | -| main.js:99:28:99:28 | x | -| main.js:103:43:103:43 | x | -| main.js:103:43:103:43 | x | -| main.js:105:26:105:26 | x | -| main.js:105:26:105:26 | x | -| main.js:109:41:109:41 | x | -| main.js:109:41:109:41 | x | -| main.js:111:37:111:37 | x | -| main.js:111:37:111:37 | x | -| main.js:116:47:116:47 | s | -| main.js:116:47:116:47 | s | -| main.js:117:34:117:34 | s | -| main.js:117:34:117:34 | s | -| typed.ts:1:39:1:39 | s | -| typed.ts:1:39:1:39 | s | -| typed.ts:2:29:2:29 | s | -| typed.ts:2:29:2:29 | s | -| typed.ts:6:43:6:43 | s | -| typed.ts:6:43:6:43 | s | -| typed.ts:8:40:8:40 | s | -| typed.ts:8:40:8:40 | s | -| typed.ts:11:20:11:20 | s | -| typed.ts:11:20:11:20 | s | -| typed.ts:12:12:12:12 | s | -| typed.ts:16:11:16:21 | s | -| typed.ts:16:15:16:21 | id("x") | -| typed.ts:17:29:17:29 | s | -| typed.ts:17:29:17:29 | s | +| jquery-plugin.js:11:27:11:31 | stuff | semmle.label | stuff | +| jquery-plugin.js:11:34:11:40 | options | semmle.label | options | +| jquery-plugin.js:12:31:12:37 | options | semmle.label | options | +| jquery-plugin.js:12:31:12:41 | options.foo | semmle.label | options.foo | +| jquery-plugin.js:14:31:14:35 | stuff | semmle.label | stuff | +| lib2/index.ts:1:28:1:28 | s | semmle.label | s | +| lib2/index.ts:2:27:2:27 | s | semmle.label | s | +| lib2/index.ts:6:29:6:36 | settings | semmle.label | settings | +| lib2/index.ts:7:58:7:65 | settings | semmle.label | settings | +| lib2/index.ts:13:9:13:41 | name | semmle.label | name | +| lib2/index.ts:13:16:13:23 | settings | semmle.label | settings | +| lib2/index.ts:13:16:13:33 | settings.mySetting | semmle.label | settings.mySetting | +| lib2/index.ts:13:16:13:36 | setting ... ting[i] | semmle.label | setting ... ting[i] | +| lib2/index.ts:13:16:13:41 | setting ... i].name | semmle.label | setting ... i].name | +| lib2/index.ts:18:62:18:65 | name | semmle.label | name | +| lib2/src/MyNode.ts:1:28:1:28 | s | semmle.label | s | +| lib2/src/MyNode.ts:2:29:2:29 | s | semmle.label | s | +| lib/src/MyNode.ts:1:28:1:28 | s | semmle.label | s | +| lib/src/MyNode.ts:2:29:2:29 | s | semmle.label | s | +| main.js:1:55:1:55 | s | semmle.label | s | +| main.js:2:29:2:29 | s | semmle.label | s | +| main.js:6:49:6:49 | s | semmle.label | s | +| main.js:7:49:7:49 | s | semmle.label | s | +| main.js:11:60:11:60 | s | semmle.label | s | +| main.js:12:49:12:49 | s | semmle.label | s | +| main.js:21:47:21:47 | s | semmle.label | s | +| main.js:22:34:22:34 | s | semmle.label | s | +| main.js:56:28:56:34 | options | semmle.label | options | +| main.js:57:11:59:5 | defaults | semmle.label | defaults | +| main.js:57:22:59:5 | {\\n ... "\\n } | semmle.label | {\\n ... "\\n } | +| main.js:60:11:60:48 | settings | semmle.label | settings | +| main.js:60:22:60:48 | $.exten ... ptions) | semmle.label | $.exten ... ptions) | +| main.js:60:31:60:38 | defaults | semmle.label | defaults | +| main.js:60:41:60:47 | options | semmle.label | options | +| main.js:62:19:62:26 | settings | semmle.label | settings | +| main.js:62:19:62:31 | settings.name | semmle.label | settings.name | +| main.js:66:35:66:41 | attrVal | semmle.label | attrVal | +| main.js:67:63:67:69 | attrVal | semmle.label | attrVal | +| main.js:79:34:79:36 | val | semmle.label | val | +| main.js:81:35:81:37 | val | semmle.label | val | +| main.js:89:21:89:21 | x | semmle.label | x | +| main.js:90:23:90:23 | x | semmle.label | x | +| main.js:93:43:93:43 | x | semmle.label | x | +| main.js:94:31:94:31 | x | semmle.label | x | +| main.js:98:43:98:43 | x | semmle.label | x | +| main.js:99:28:99:28 | x | semmle.label | x | +| main.js:103:43:103:43 | x | semmle.label | x | +| main.js:105:26:105:26 | x | semmle.label | x | +| main.js:109:41:109:41 | x | semmle.label | x | +| main.js:111:37:111:37 | x | semmle.label | x | +| main.js:116:47:116:47 | s | semmle.label | s | +| main.js:117:34:117:34 | s | semmle.label | s | +| typed.ts:1:39:1:39 | s | semmle.label | s | +| typed.ts:2:29:2:29 | s | semmle.label | s | +| typed.ts:6:43:6:43 | s | semmle.label | s | +| typed.ts:8:40:8:40 | s | semmle.label | s | edges | jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | | jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | | jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | | lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | | lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | | lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | | lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | -| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | | lib2/index.ts:13:16:13:23 | settings | lib2/index.ts:13:16:13:33 | settings.mySetting | | lib2/index.ts:13:16:13:33 | settings.mySetting | lib2/index.ts:13:16:13:36 | setting ... ting[i] | | lib2/index.ts:13:16:13:36 | setting ... ting[i] | lib2/index.ts:13:16:13:41 | setting ... i].name | | lib2/index.ts:13:16:13:41 | setting ... i].name | lib2/index.ts:13:9:13:41 | name | | lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | | lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | | main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | | main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | | main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:41:17:41:17 | s | main.js:42:21:42:21 | s | -| main.js:42:21:42:21 | s | main.js:47:65:47:73 | this.step | -| main.js:42:21:42:21 | s | main.js:47:65:47:73 | this.step | -| main.js:52:41:52:41 | s | main.js:53:20:53:20 | s | -| main.js:52:41:52:41 | s | main.js:53:20:53:20 | s | -| main.js:53:20:53:20 | s | main.js:41:17:41:17 | s | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | | main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | | main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | -| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | | main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | | main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | -| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | -| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | | main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | -| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | | main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | | main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | | main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | | main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | | main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | | main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | | main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | -| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | -| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | | main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | | main.js:94:31:94:31 | x | main.js:89:21:89:21 | x | | main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | | main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | | main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | | main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | | main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | | main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | | typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | | typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | -| typed.ts:11:20:11:20 | s | typed.ts:12:12:12:12 | s | -| typed.ts:11:20:11:20 | s | typed.ts:12:12:12:12 | s | -| typed.ts:12:12:12:12 | s | typed.ts:16:15:16:21 | id("x") | -| typed.ts:16:11:16:21 | s | typed.ts:17:29:17:29 | s | -| typed.ts:16:11:16:21 | s | typed.ts:17:29:17:29 | s | -| typed.ts:16:15:16:21 | id("x") | typed.ts:16:11:16:21 | s | +subpaths #select | jquery-plugin.js:12:31:12:41 | options.foo | jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:41 | options.foo | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:34:11:40 | options | library input | jquery-plugin.js:12:20:12:53 | " ... /span>" | cross-site scripting | | jquery-plugin.js:14:31:14:35 | stuff | jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:27:11:31 | stuff | library input | jquery-plugin.js:14:20:14:47 | " ... /span>" | cross-site scripting | @@ -295,7 +109,6 @@ edges | main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting | | main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting | | main.js:22:34:22:34 | s | main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | This markdown rendering which depends on $@ might later allow $@. | main.js:21:47:21:47 | s | library input | main.js:23:53:23:56 | html | cross-site scripting | -| main.js:47:65:47:73 | this.step | main.js:52:41:52:41 | s | main.js:47:65:47:73 | this.step | This HTML construction which depends on $@ might later allow $@. | main.js:52:41:52:41 | s | library input | main.js:47:54:47:85 | " ... /span>" | cross-site scripting | | main.js:62:19:62:31 | settings.name | main.js:56:28:56:34 | options | main.js:62:19:62:31 | settings.name | This HTML construction which depends on $@ might later allow $@. | main.js:56:28:56:34 | options | library input | main.js:62:11:62:40 | "" + ... "" | cross-site scripting | | main.js:67:63:67:69 | attrVal | main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | This HTML construction which depends on $@ might later allow $@. | main.js:66:35:66:41 | attrVal | library input | main.js:67:47:67:78 | "" | cross-site scripting | | main.js:81:35:81:37 | val | main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | This HTML construction which depends on $@ might later allow $@. | main.js:79:34:79:36 | val | library input | main.js:81:24:81:49 | " ... /span>" | cross-site scripting | From d08e4504ff741602eea7d598eaa6b89e95a19b0a Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:25:48 +0200 Subject: [PATCH 099/223] JS: Port UnsafeJQueryPlugin --- .../UnsafeJQueryPluginCustomizations.qll | 27 +- .../dataflow/UnsafeJQueryPluginQuery.qll | 41 ++- .../Security/CWE-079/UnsafeJQueryPlugin.ql | 6 +- .../UnsafeJQueryPlugin.expected | 277 +++++------------- 4 files changed, 136 insertions(+), 215 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll index d1e35a91c26e..9209a7b1f8a5 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll @@ -31,6 +31,21 @@ module UnsafeJQueryPlugin { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for XSS in unsafe jQuery plugins. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** * The receiver of a function, seen as a sanitizer. * @@ -110,7 +125,7 @@ module UnsafeJQueryPlugin { /** * An expression of form `isElement(x)`, which sanitizes `x`. */ - class IsElementSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { + class IsElementSanitizer extends BarrierGuardLegacy, DataFlow::CallNode { IsElementSanitizer() { // common ad hoc sanitizing calls exists(string name | this.getCalleeName() = name | @@ -118,7 +133,7 @@ module UnsafeJQueryPlugin { ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } @@ -126,7 +141,7 @@ module UnsafeJQueryPlugin { /** * An expression like `typeof x. !== "undefined"` or `x.`, which sanitizes `x`, as it is unlikely to be a string afterwards. */ - class PropertyPresenceSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { + class PropertyPresenceSanitizer extends BarrierGuardLegacy, DataFlow::ValueNode { DataFlow::Node input; boolean polarity; @@ -155,20 +170,20 @@ module UnsafeJQueryPlugin { */ DataFlow::PropRead getPropRead() { result = this } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = polarity and e = input.asExpr() } } /** A guard that checks whether `x` is a number. */ - class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { + class NumberGuard extends BarrierGuardLegacy instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } /** diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll index e4b70c176ccf..1860ffa3be6f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll @@ -10,7 +10,46 @@ import UnsafeJQueryPluginCustomizations::UnsafeJQueryPlugin /** * A taint-tracking configuration for reasoning about XSS in unsafe jQuery plugins. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeJQueryPluginConfig implements DataFlow::ConfigSig { + // TODO: PropertyPresenceSanitizer should not block values in a content. + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof DomBasedXss::Sanitizer or + node instanceof Sanitizer or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node sink) { + // jQuery plugins tend to be implemented as classes that store data in fields initialized by the constructor. + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) + none() + or + aliasPropertyPresenceStep(src, sink) + } + + predicate isBarrierOut(DataFlow::Node node) { + // prefixing prevents forced html/css confusion: + // prefixing through concatenation: + StringConcatenation::taintStep(node, _, _, any(int i | i >= 1)) + or + // prefixing through a poor-mans templating system: + node = any(StringReplaceCall call).getRawReplacement() + } +} + +/** + * Taint-tracking for reasoning about XSS in unsafe jQuery plugins. + */ +module UnsafeJQueryPluginFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `UnsafeJQueryPluginFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeJQueryPlugin" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql index 0cd8312a8cd0..5bb2abb2564e 100644 --- a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql +++ b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql @@ -14,13 +14,13 @@ import javascript import semmle.javascript.security.dataflow.UnsafeJQueryPluginQuery -import DataFlow::PathGraph +import UnsafeJQueryPluginFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, + UnsafeJQueryPluginFlow::PathNode source, UnsafeJQueryPluginFlow::PathNode sink, JQuery::JQueryPluginMethod plugin where - cfg.hasFlowPath(source, sink) and + UnsafeJQueryPluginFlow::flowPath(source, sink) and source.getNode().(Source).getPlugin() = plugin select sink.getNode(), source, sink, "Potential XSS vulnerability in the $@.", plugin, "'$.fn." + plugin.getPluginName() + "' plugin" diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected index 23a7d82ca143..296f89e05afe 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected @@ -1,142 +1,7 @@ -nodes -| unsafe-jquery-plugin.js:2:38:2:44 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | -| unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:5:5:5:11 | options | -| unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:7:17:7:23 | options | -| unsafe-jquery-plugin.js:7:17:7:30 | options.target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | -| unsafe-jquery-plugin.js:11:16:11:22 | options | -| unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:36:6:36:11 | target | -| unsafe-jquery-plugin.js:36:6:36:11 | target | -| unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:48:6:48:11 | target | -| unsafe-jquery-plugin.js:48:6:48:11 | target | -| unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:60:6:60:11 | target | -| unsafe-jquery-plugin.js:60:6:60:11 | target | -| unsafe-jquery-plugin.js:65:47:65:53 | options | -| unsafe-jquery-plugin.js:65:47:65:53 | options | -| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:67:33:67:34 | {} | -| unsafe-jquery-plugin.js:67:37:67:43 | options | -| unsafe-jquery-plugin.js:68:7:68:18 | this.options | -| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | -| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:71:38:71:44 | options | -| unsafe-jquery-plugin.js:71:38:71:44 | options | -| unsafe-jquery-plugin.js:72:5:72:11 | options | -| unsafe-jquery-plugin.js:72:5:72:15 | options.foo | -| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | -| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:76:38:76:44 | options | -| unsafe-jquery-plugin.js:76:38:76:44 | options | -| unsafe-jquery-plugin.js:77:17:77:23 | options | -| unsafe-jquery-plugin.js:77:17:77:27 | options.foo | -| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | -| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:84:38:84:44 | options | -| unsafe-jquery-plugin.js:84:38:84:44 | options | -| unsafe-jquery-plugin.js:85:14:85:14 | o | -| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | -| unsafe-jquery-plugin.js:86:22:86:23 | {} | -| unsafe-jquery-plugin.js:86:26:86:26 | o | -| unsafe-jquery-plugin.js:87:8:87:24 | t | -| unsafe-jquery-plugin.js:87:12:87:17 | this.o | -| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | -| unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:92:5:92:11 | options | -| unsafe-jquery-plugin.js:101:38:101:44 | options | -| unsafe-jquery-plugin.js:101:38:101:44 | options | -| unsafe-jquery-plugin.js:102:3:105:13 | options | -| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | -| unsafe-jquery-plugin.js:105:6:105:12 | options | -| unsafe-jquery-plugin.js:107:5:107:11 | options | -| unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:114:38:114:44 | options | -| unsafe-jquery-plugin.js:114:38:114:44 | options | -| unsafe-jquery-plugin.js:115:3:115:58 | options | -| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:115:22:115:23 | {} | -| unsafe-jquery-plugin.js:115:51:115:57 | options | -| unsafe-jquery-plugin.js:117:5:117:11 | options | -| unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:121:40:121:46 | options | -| unsafe-jquery-plugin.js:121:40:121:46 | options | -| unsafe-jquery-plugin.js:122:5:122:11 | options | -| unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:126:33:126:39 | options | -| unsafe-jquery-plugin.js:126:33:126:39 | options | -| unsafe-jquery-plugin.js:127:6:127:12 | options | -| unsafe-jquery-plugin.js:127:6:127:19 | options.target | -| unsafe-jquery-plugin.js:127:6:127:19 | options.target | -| unsafe-jquery-plugin.js:131:34:131:40 | options | -| unsafe-jquery-plugin.js:131:34:131:40 | options | -| unsafe-jquery-plugin.js:132:5:132:11 | options | -| unsafe-jquery-plugin.js:132:5:132:18 | options.target | -| unsafe-jquery-plugin.js:132:5:132:18 | options.target | -| unsafe-jquery-plugin.js:135:36:135:42 | options | -| unsafe-jquery-plugin.js:135:36:135:42 | options | -| unsafe-jquery-plugin.js:136:5:136:11 | options | -| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | -| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:153:38:153:44 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | -| unsafe-jquery-plugin.js:154:16:154:22 | options | -| unsafe-jquery-plugin.js:154:16:154:29 | options.target | -| unsafe-jquery-plugin.js:156:3:156:9 | options | -| unsafe-jquery-plugin.js:156:3:156:16 | options.target | -| unsafe-jquery-plugin.js:157:44:157:50 | options | -| unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:160:38:160:44 | options | -| unsafe-jquery-plugin.js:160:38:160:44 | options | -| unsafe-jquery-plugin.js:165:7:165:29 | target | -| unsafe-jquery-plugin.js:165:16:165:22 | options | -| unsafe-jquery-plugin.js:165:16:165:29 | options.target | -| unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:178:27:178:33 | options | -| unsafe-jquery-plugin.js:178:27:178:33 | options | -| unsafe-jquery-plugin.js:179:5:179:11 | options | -| unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:185:28:185:34 | options | -| unsafe-jquery-plugin.js:185:28:185:34 | options | -| unsafe-jquery-plugin.js:186:21:186:27 | options | -| unsafe-jquery-plugin.js:186:21:186:30 | options.of | -| unsafe-jquery-plugin.js:192:19:192:28 | options.of | -| unsafe-jquery-plugin.js:192:19:192:28 | options.of | edges | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options | | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options | | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options | | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options | | unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | | unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | @@ -144,95 +9,39 @@ edges | unsafe-jquery-plugin.js:7:17:7:23 | options | unsafe-jquery-plugin.js:7:17:7:30 | options.target | | unsafe-jquery-plugin.js:7:17:7:30 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | | unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target | | unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target | | unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target | | unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target | | unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target | | unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target | | unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target | | unsafe-jquery-plugin.js:11:16:11:22 | options | unsafe-jquery-plugin.js:11:16:11:29 | options.target | | unsafe-jquery-plugin.js:11:16:11:29 | options.target | unsafe-jquery-plugin.js:11:7:11:29 | target | -| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options | -| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options | -| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | unsafe-jquery-plugin.js:68:7:68:18 | this.options | -| unsafe-jquery-plugin.js:67:33:67:34 | {} | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:33:67:34 | {} | -| unsafe-jquery-plugin.js:68:7:68:18 | this.options | unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | -| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options | | unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options | -| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:15 | options.foo | -| unsafe-jquery-plugin.js:72:5:72:15 | options.foo | unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | -| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | +| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | | unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options | -| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options | -| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:27 | options.foo | -| unsafe-jquery-plugin.js:77:17:77:27 | options.foo | unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | -| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options | -| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options | -| unsafe-jquery-plugin.js:85:14:85:14 | o | unsafe-jquery-plugin.js:86:26:86:26 | o | -| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | unsafe-jquery-plugin.js:87:12:87:17 | this.o | -| unsafe-jquery-plugin.js:86:22:86:23 | {} | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | -| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | -| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:22:86:23 | {} | -| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:87:12:87:17 | this.o | unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | -| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | unsafe-jquery-plugin.js:87:8:87:24 | t | -| unsafe-jquery-plugin.js:92:5:92:11 | options | unsafe-jquery-plugin.js:85:14:85:14 | o | -| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options | +| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | | unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options | | unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:107:5:107:11 | options | | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | unsafe-jquery-plugin.js:102:3:105:13 | options | -| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | | unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | | unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options | | unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options | | unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:117:5:117:11 | options | | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | unsafe-jquery-plugin.js:115:3:115:58 | options | -| unsafe-jquery-plugin.js:115:22:115:23 | {} | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | | unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:22:115:23 | {} | | unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options | | unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options | | unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | | unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options | -| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options | -| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | | unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | | unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options | -| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options | -| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | | unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | | unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options | -| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options | -| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | -| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | +| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options | | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options | | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options | | unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target | | unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:156:3:156:16 | options.target | | unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | @@ -240,22 +49,82 @@ edges | unsafe-jquery-plugin.js:156:3:156:16 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | | unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target | | unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options | | unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options | | unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:165:16:165:22 | options | unsafe-jquery-plugin.js:165:16:165:29 | options.target | -| unsafe-jquery-plugin.js:165:16:165:29 | options.target | unsafe-jquery-plugin.js:165:7:165:29 | target | -| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options | +| unsafe-jquery-plugin.js:165:16:165:22 | options | unsafe-jquery-plugin.js:165:7:165:29 | target | | unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options | | unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options | | unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options | | unsafe-jquery-plugin.js:186:21:186:27 | options | unsafe-jquery-plugin.js:186:21:186:30 | options.of | | unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of | -| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of | +nodes +| unsafe-jquery-plugin.js:2:38:2:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:3:5:3:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:5:5:5:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:5:5:5:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:5:5:5:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:7:17:7:23 | options | semmle.label | options | +| unsafe-jquery-plugin.js:7:17:7:30 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:11:7:11:29 | target | semmle.label | target | +| unsafe-jquery-plugin.js:11:16:11:22 | options | semmle.label | options | +| unsafe-jquery-plugin.js:11:16:11:29 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:22:6:22:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:30:6:30:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:36:6:36:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:40:6:40:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:48:6:48:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:52:6:52:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:60:6:60:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:71:38:71:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:72:5:72:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | semmle.label | options.foo.bar.baz | +| unsafe-jquery-plugin.js:76:38:76:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:77:17:77:23 | options | semmle.label | options | +| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | semmle.label | options.foo.bar.baz | +| unsafe-jquery-plugin.js:101:38:101:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:102:3:105:13 | options | semmle.label | options | +| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | semmle.label | $.exten ... ptions) | +| unsafe-jquery-plugin.js:105:6:105:12 | options | semmle.label | options | +| unsafe-jquery-plugin.js:107:5:107:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:107:5:107:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:114:38:114:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:115:3:115:58 | options | semmle.label | options | +| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | semmle.label | $.exten ... ptions) | +| unsafe-jquery-plugin.js:115:51:115:57 | options | semmle.label | options | +| unsafe-jquery-plugin.js:117:5:117:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:117:5:117:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:121:40:121:46 | options | semmle.label | options | +| unsafe-jquery-plugin.js:122:5:122:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:122:5:122:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:126:33:126:39 | options | semmle.label | options | +| unsafe-jquery-plugin.js:127:6:127:12 | options | semmle.label | options | +| unsafe-jquery-plugin.js:127:6:127:19 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:131:34:131:40 | options | semmle.label | options | +| unsafe-jquery-plugin.js:132:5:132:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:132:5:132:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:135:36:135:42 | options | semmle.label | options | +| unsafe-jquery-plugin.js:136:5:136:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | semmle.label | options ... elector | +| unsafe-jquery-plugin.js:153:38:153:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:154:16:154:22 | options | semmle.label | options | +| unsafe-jquery-plugin.js:154:16:154:29 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:156:3:156:9 | options | semmle.label | options | +| unsafe-jquery-plugin.js:156:3:156:16 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:157:44:157:50 | options | semmle.label | options | +| unsafe-jquery-plugin.js:157:44:157:57 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | semmle.label | options.target.a | +| unsafe-jquery-plugin.js:160:38:160:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:165:7:165:29 | target | semmle.label | target | +| unsafe-jquery-plugin.js:165:16:165:22 | options | semmle.label | options | +| unsafe-jquery-plugin.js:170:6:170:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:178:27:178:33 | options | semmle.label | options | +| unsafe-jquery-plugin.js:179:5:179:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:179:5:179:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:185:28:185:34 | options | semmle.label | options | +| unsafe-jquery-plugin.js:186:21:186:27 | options | semmle.label | options | +| unsafe-jquery-plugin.js:186:21:186:30 | options.of | semmle.label | options.of | +| unsafe-jquery-plugin.js:192:19:192:28 | options.of | semmle.label | options.of | +subpaths #select | unsafe-jquery-plugin.js:3:5:3:11 | options | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | @@ -266,10 +135,8 @@ edges | unsafe-jquery-plugin.js:48:6:48:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:48:6:48:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:52:6:52:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:52:6:52:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:60:6:60:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:60:6:60:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | -| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:65:19:69:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:71:19:74:2 | functio ... / OK\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:76:19:78:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin | -| unsafe-jquery-plugin.js:90:6:90:6 | t | unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:90:6:90:6 | t | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:84:19:93:2 | functio ... ns);\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:107:5:107:18 | options.target | unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:101:19:108:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:117:5:117:18 | options.target | unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:114:19:118:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:122:5:122:18 | options.target | unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:121:21:123:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin | From ba9edb4e549f140104c5209b3bf9cd2fa00e8665 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:26:09 +0200 Subject: [PATCH 100/223] JS: Port UnsafeShellCommandConstruction --- ...ShellCommandConstructionCustomizations.qll | 27 +- .../UnsafeShellCommandConstructionQuery.qll | 33 +- .../CWE-078/UnsafeShellCommandConstruction.ql | 8 +- .../UnsafeShellCommandConstruction.expected | 885 +++++------------- 4 files changed, 280 insertions(+), 673 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll index 77625874df9f..9a6710217e56 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll @@ -46,6 +46,21 @@ module UnsafeShellCommandConstruction { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for shell command constructed from library input vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** * A parameter of an exported function, seen as a source for shell command constructed from library input. */ @@ -270,13 +285,13 @@ module UnsafeShellCommandConstruction { * A sanitizer that sanitizers paths that exist in the file-system. * For example: `x` is sanitized in `fs.existsSync(x)` or `fs.existsSync(x + "/suffix/path")`. */ - class PathExistsSanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { + class PathExistsSanitizerGuard extends BarrierGuardLegacy, DataFlow::CallNode { PathExistsSanitizerGuard() { this = DataFlow::moduleMember("path", "exist").getACall() or this = DataFlow::moduleMember("fs", "existsSync").getACall() } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and ( e = this.getArgument(0).asExpr() or @@ -289,26 +304,26 @@ module UnsafeShellCommandConstruction { * A guard of the form `typeof x === ""`, where `` is "number", or "boolean", * which sanitizes `x` in its "then" branch. */ - class TypeOfSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { + class TypeOfSanitizer extends BarrierGuardLegacy, DataFlow::ValueNode { Expr x; override EqualityTest astNode; TypeOfSanitizer() { TaintTracking::isTypeofGuard(astNode, x, ["number", "boolean"]) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = astNode.getPolarity() and e = x } } /** A guard that checks whether `x` is a number. */ - class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { + class NumberGuard extends BarrierGuardLegacy instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } private import semmle.javascript.dataflow.internal.AccessPaths diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll index 7d5dae902094..1704bf3e3e6f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll @@ -13,7 +13,38 @@ import UnsafeShellCommandConstructionCustomizations::UnsafeShellCommandConstruct /** * A taint-tracking configuration for reasoning about shell command constructed from library input vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeShellCommandConstructionConfig implements DataFlow::ConfigSig { + // TODO: we get a FP in the test case due to SanitizingRegExpTest not being able to generate a barrier edge + // for an edge into a phi node. + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = DataFlow::MakeBarrierGuard::getABarrierNode() or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + none() + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } +} + +/** + * Taint-tracking for reasoning about shell command constructed from library input vulnerabilities. + */ +module UnsafeShellCommandConstructionFlow = + TaintTracking::Global; + +/** + * DEPRECATED. Use the `UnsafeShellCommandConstructionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeShellCommandConstruction" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql index 3b96b6beffb0..4b866c9cfff7 100644 --- a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql +++ b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql @@ -15,10 +15,12 @@ import javascript import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionQuery -import DataFlow::PathGraph +import UnsafeShellCommandConstructionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode() +from + UnsafeShellCommandConstructionFlow::PathNode source, + UnsafeShellCommandConstructionFlow::PathNode sink, Sink sinkNode +where UnsafeShellCommandConstructionFlow::flowPath(source, sink) and sinkNode = sink.getNode() select sinkNode.getAlertLocation(), source, sink, "This " + sinkNode.getSinkType() + " which depends on $@ is later used in a $@.", source.getNode(), "library input", sinkNode.getCommandExecution(), "shell command" diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected index b4022c8550c3..4755cc2a0ae7 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected @@ -1,787 +1,346 @@ -nodes -| lib/isImported.js:5:49:5:52 | name | -| lib/isImported.js:5:49:5:52 | name | -| lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:6:22:6:25 | name | -| lib/lib2.js:3:28:3:31 | name | -| lib/lib2.js:3:28:3:31 | name | -| lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:7:32:7:35 | name | -| lib/lib2.js:7:32:7:35 | name | -| lib/lib2.js:8:22:8:25 | name | -| lib/lib2.js:8:22:8:25 | name | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:4:22:4:25 | name | -| lib/lib.js:4:22:4:25 | name | -| lib/lib.js:10:32:10:35 | name | -| lib/lib.js:10:32:10:35 | name | -| lib/lib.js:11:22:11:25 | name | -| lib/lib.js:11:22:11:25 | name | -| lib/lib.js:14:36:14:39 | name | -| lib/lib.js:14:36:14:39 | name | -| lib/lib.js:15:22:15:25 | name | -| lib/lib.js:15:22:15:25 | name | -| lib/lib.js:19:34:19:37 | name | -| lib/lib.js:19:34:19:37 | name | -| lib/lib.js:20:22:20:25 | name | -| lib/lib.js:20:22:20:25 | name | -| lib/lib.js:26:35:26:38 | name | -| lib/lib.js:26:35:26:38 | name | -| lib/lib.js:27:22:27:25 | name | -| lib/lib.js:27:22:27:25 | name | -| lib/lib.js:34:14:34:17 | name | -| lib/lib.js:34:14:34:17 | name | -| lib/lib.js:35:23:35:26 | name | -| lib/lib.js:35:23:35:26 | name | -| lib/lib.js:37:13:37:16 | name | -| lib/lib.js:37:13:37:16 | name | -| lib/lib.js:38:23:38:26 | name | -| lib/lib.js:38:23:38:26 | name | -| lib/lib.js:40:6:40:9 | name | -| lib/lib.js:40:6:40:9 | name | -| lib/lib.js:41:23:41:26 | name | -| lib/lib.js:41:23:41:26 | name | -| lib/lib.js:49:31:49:34 | name | -| lib/lib.js:49:31:49:34 | name | -| lib/lib.js:50:47:50:50 | name | -| lib/lib.js:50:47:50:50 | name | -| lib/lib.js:53:33:53:36 | name | -| lib/lib.js:53:33:53:36 | name | -| lib/lib.js:54:25:54:28 | name | -| lib/lib.js:54:25:54:28 | name | -| lib/lib.js:57:25:57:28 | name | -| lib/lib.js:57:25:57:28 | name | -| lib/lib.js:64:41:64:44 | name | -| lib/lib.js:64:41:64:44 | name | -| lib/lib.js:65:22:65:25 | name | -| lib/lib.js:65:22:65:25 | name | -| lib/lib.js:69:27:69:30 | name | -| lib/lib.js:69:27:69:30 | name | -| lib/lib.js:71:28:71:31 | name | -| lib/lib.js:71:28:71:31 | name | -| lib/lib.js:73:21:73:24 | name | -| lib/lib.js:73:21:73:24 | name | -| lib/lib.js:75:20:75:23 | name | -| lib/lib.js:75:20:75:23 | name | -| lib/lib.js:77:28:77:31 | name | -| lib/lib.js:77:28:77:31 | name | -| lib/lib.js:82:35:82:38 | name | -| lib/lib.js:82:35:82:38 | name | -| lib/lib.js:83:22:83:25 | name | -| lib/lib.js:83:22:83:25 | name | -| lib/lib.js:86:13:86:16 | name | -| lib/lib.js:86:13:86:16 | name | -| lib/lib.js:89:21:89:24 | name | -| lib/lib.js:89:21:89:24 | name | -| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:91:28:91:31 | name | -| lib/lib.js:97:35:97:38 | name | -| lib/lib.js:97:35:97:38 | name | -| lib/lib.js:98:35:98:38 | name | -| lib/lib.js:98:35:98:38 | name | -| lib/lib.js:100:37:100:40 | name | -| lib/lib.js:100:37:100:40 | name | -| lib/lib.js:102:46:102:49 | name | -| lib/lib.js:102:46:102:49 | name | -| lib/lib.js:108:41:108:44 | name | -| lib/lib.js:108:41:108:44 | name | -| lib/lib.js:111:34:111:37 | name | -| lib/lib.js:111:34:111:37 | name | -| lib/lib.js:112:22:112:25 | name | -| lib/lib.js:112:22:112:25 | name | -| lib/lib.js:120:33:120:36 | name | -| lib/lib.js:120:33:120:36 | name | -| lib/lib.js:121:22:121:25 | name | -| lib/lib.js:121:22:121:25 | name | -| lib/lib.js:130:6:130:9 | name | -| lib/lib.js:130:6:130:9 | name | -| lib/lib.js:131:23:131:26 | name | -| lib/lib.js:131:23:131:26 | name | -| lib/lib.js:148:37:148:40 | name | -| lib/lib.js:148:37:148:40 | name | -| lib/lib.js:149:24:149:27 | name | -| lib/lib.js:149:24:149:27 | name | -| lib/lib.js:155:38:155:41 | name | -| lib/lib.js:155:38:155:41 | name | -| lib/lib.js:161:25:161:28 | name | -| lib/lib.js:161:25:161:28 | name | -| lib/lib.js:170:41:170:44 | name | -| lib/lib.js:170:41:170:44 | name | -| lib/lib.js:173:20:173:23 | name | -| lib/lib.js:173:20:173:23 | name | -| lib/lib.js:177:38:177:41 | name | -| lib/lib.js:177:38:177:41 | name | -| lib/lib.js:181:6:181:52 | broken | -| lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | -| lib/lib.js:181:21:181:24 | name | -| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:186:34:186:37 | name | -| lib/lib.js:186:34:186:37 | name | -| lib/lib.js:187:22:187:25 | name | -| lib/lib.js:187:22:187:25 | name | -| lib/lib.js:190:23:190:26 | name | -| lib/lib.js:190:23:190:26 | name | -| lib/lib.js:196:45:196:48 | name | -| lib/lib.js:196:45:196:48 | name | -| lib/lib.js:197:22:197:25 | name | -| lib/lib.js:197:22:197:25 | name | -| lib/lib.js:200:23:200:26 | name | -| lib/lib.js:200:23:200:26 | name | -| lib/lib.js:206:45:206:48 | name | -| lib/lib.js:206:45:206:48 | name | -| lib/lib.js:207:22:207:25 | name | -| lib/lib.js:207:22:207:25 | name | -| lib/lib.js:212:23:212:26 | name | -| lib/lib.js:212:23:212:26 | name | -| lib/lib.js:216:39:216:42 | name | -| lib/lib.js:216:39:216:42 | name | -| lib/lib.js:217:22:217:25 | name | -| lib/lib.js:217:22:217:25 | name | -| lib/lib.js:220:23:220:26 | name | -| lib/lib.js:220:23:220:26 | name | -| lib/lib.js:224:22:224:25 | name | -| lib/lib.js:224:22:224:25 | name | -| lib/lib.js:227:39:227:42 | name | -| lib/lib.js:227:39:227:42 | name | -| lib/lib.js:228:22:228:25 | name | -| lib/lib.js:228:22:228:25 | name | -| lib/lib.js:236:22:236:25 | name | -| lib/lib.js:236:22:236:25 | name | -| lib/lib.js:248:42:248:45 | name | -| lib/lib.js:248:42:248:45 | name | -| lib/lib.js:249:22:249:25 | name | -| lib/lib.js:249:22:249:25 | name | -| lib/lib.js:257:35:257:38 | name | -| lib/lib.js:257:35:257:38 | name | -| lib/lib.js:258:22:258:25 | name | -| lib/lib.js:258:22:258:25 | name | -| lib/lib.js:261:30:261:33 | name | -| lib/lib.js:261:30:261:33 | name | -| lib/lib.js:267:46:267:48 | obj | -| lib/lib.js:267:46:267:48 | obj | -| lib/lib.js:268:22:268:24 | obj | -| lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:276:8:276:11 | opts | -| lib/lib.js:276:8:276:11 | opts | -| lib/lib.js:277:23:277:26 | opts | -| lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:279:19:279:22 | opts | -| lib/lib.js:279:19:279:26 | opts.bla | -| lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:307:39:307:42 | name | -| lib/lib.js:307:39:307:42 | name | -| lib/lib.js:308:23:308:26 | name | -| lib/lib.js:308:23:308:26 | name | -| lib/lib.js:314:40:314:43 | name | -| lib/lib.js:314:40:314:43 | name | -| lib/lib.js:315:22:315:25 | name | -| lib/lib.js:315:22:315:25 | name | -| lib/lib.js:320:23:320:26 | name | -| lib/lib.js:320:23:320:26 | name | -| lib/lib.js:324:40:324:42 | arg | -| lib/lib.js:324:40:324:42 | arg | -| lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:329:13:329:13 | x | -| lib/lib.js:329:13:329:13 | x | -| lib/lib.js:330:9:330:9 | x | -| lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:339:39:339:39 | n | -| lib/lib.js:339:39:339:39 | n | -| lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:340:25:340:25 | n | -| lib/lib.js:349:29:349:34 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | -| lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:360:20:360:23 | opts | -| lib/lib.js:360:20:360:23 | opts | -| lib/lib.js:361:20:361:23 | opts | -| lib/lib.js:361:20:361:34 | opts.learn_args | -| lib/lib.js:366:28:366:42 | this.learn_args | -| lib/lib.js:366:28:366:42 | this.learn_args | -| lib/lib.js:405:39:405:42 | name | -| lib/lib.js:405:39:405:42 | name | -| lib/lib.js:406:22:406:25 | name | -| lib/lib.js:406:22:406:25 | name | -| lib/lib.js:414:40:414:43 | name | -| lib/lib.js:414:40:414:43 | name | -| lib/lib.js:415:22:415:25 | name | -| lib/lib.js:415:22:415:25 | name | -| lib/lib.js:417:28:417:31 | name | -| lib/lib.js:417:28:417:31 | name | -| lib/lib.js:418:25:418:28 | name | -| lib/lib.js:418:25:418:28 | name | -| lib/lib.js:419:32:419:35 | name | -| lib/lib.js:419:32:419:35 | name | -| lib/lib.js:420:29:420:32 | name | -| lib/lib.js:420:29:420:32 | name | -| lib/lib.js:424:24:424:27 | name | -| lib/lib.js:424:24:424:27 | name | -| lib/lib.js:425:6:425:13 | arr | -| lib/lib.js:425:12:425:13 | [] | -| lib/lib.js:426:11:426:14 | name | -| lib/lib.js:426:11:426:14 | name | -| lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:428:14:428:58 | build(" ... + '-') | -| lib/lib.js:428:14:428:58 | build(" ... + '-') | -| lib/lib.js:428:28:428:51 | (name ? ... ' : '') | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | -| lib/lib.js:428:29:428:50 | name ? ... :' : '' | -| lib/lib.js:428:36:428:39 | name | -| lib/lib.js:428:36:428:45 | name + ':' | -| lib/lib.js:431:23:431:26 | last | -| lib/lib.js:436:19:436:22 | last | -| lib/lib.js:436:19:436:22 | last | -| lib/lib.js:441:39:441:42 | name | -| lib/lib.js:441:39:441:42 | name | -| lib/lib.js:442:24:442:27 | name | -| lib/lib.js:442:24:442:27 | name | -| lib/lib.js:446:20:446:23 | name | -| lib/lib.js:446:20:446:23 | name | -| lib/lib.js:447:25:447:28 | name | -| lib/lib.js:447:25:447:28 | name | -| lib/lib.js:477:33:477:38 | config | -| lib/lib.js:477:33:477:38 | config | -| lib/lib.js:478:27:478:32 | config | -| lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:482:40:482:43 | name | -| lib/lib.js:482:40:482:43 | name | -| lib/lib.js:483:30:483:33 | name | -| lib/lib.js:483:30:483:33 | name | -| lib/lib.js:498:45:498:48 | name | -| lib/lib.js:498:45:498:48 | name | -| lib/lib.js:499:31:499:34 | name | -| lib/lib.js:499:31:499:34 | name | -| lib/lib.js:509:39:509:42 | name | -| lib/lib.js:509:39:509:42 | name | -| lib/lib.js:510:22:510:25 | name | -| lib/lib.js:510:22:510:25 | name | -| lib/lib.js:513:23:513:26 | name | -| lib/lib.js:513:23:513:26 | name | -| lib/lib.js:519:23:519:26 | name | -| lib/lib.js:519:23:519:26 | name | -| lib/lib.js:525:23:525:26 | name | -| lib/lib.js:525:23:525:26 | name | -| lib/lib.js:531:23:531:26 | name | -| lib/lib.js:531:23:531:26 | name | -| lib/lib.js:537:23:537:26 | name | -| lib/lib.js:537:23:537:26 | name | -| lib/lib.js:543:23:543:26 | name | -| lib/lib.js:543:23:543:26 | name | -| lib/lib.js:545:23:545:26 | name | -| lib/lib.js:545:23:545:26 | name | -| lib/lib.js:550:39:550:42 | name | -| lib/lib.js:550:39:550:42 | name | -| lib/lib.js:551:33:551:36 | args | -| lib/lib.js:552:23:552:26 | args | -| lib/lib.js:552:23:552:26 | args | -| lib/lib.js:555:25:555:37 | ["-rf", name] | -| lib/lib.js:555:33:555:36 | name | -| lib/lib.js:555:33:555:36 | name | -| lib/lib.js:558:41:558:44 | name | -| lib/lib.js:558:41:558:44 | name | -| lib/lib.js:560:26:560:29 | name | -| lib/lib.js:560:26:560:29 | name | -| lib/lib.js:562:26:562:29 | name | -| lib/lib.js:562:26:562:29 | name | -| lib/lib.js:566:26:566:29 | name | -| lib/lib.js:566:26:566:29 | name | -| lib/lib.js:572:41:572:44 | name | -| lib/lib.js:572:41:572:44 | name | -| lib/lib.js:573:22:573:25 | name | -| lib/lib.js:573:22:573:25 | name | -| lib/lib.js:579:25:579:28 | name | -| lib/lib.js:579:25:579:28 | name | -| lib/lib.js:590:29:590:32 | name | -| lib/lib.js:590:29:590:32 | name | -| lib/lib.js:593:25:593:28 | name | -| lib/lib.js:593:25:593:28 | name | -| lib/lib.js:608:42:608:45 | name | -| lib/lib.js:608:42:608:45 | name | -| lib/lib.js:609:22:609:25 | name | -| lib/lib.js:609:22:609:25 | name | -| lib/lib.js:626:29:626:32 | name | -| lib/lib.js:626:29:626:32 | name | -| lib/lib.js:629:25:629:28 | name | -| lib/lib.js:629:25:629:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | -| lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | -| lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | -| lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib4/index.js:6:32:6:35 | name | -| lib/subLib4/index.js:6:32:6:35 | name | -| lib/subLib4/index.js:7:18:7:21 | name | -| lib/subLib4/subsub.js:3:28:3:31 | name | -| lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | -| lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | -| lib/subLib/index.js:3:28:3:31 | name | -| lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | -| lib/subLib/index.js:7:32:7:35 | name | -| lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:13:44:13:46 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | -| lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:14:22:14:24 | arr | edges | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | | lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | | lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | | lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | | lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | | lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | | lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | | lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | | lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | | lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | | lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | | lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | | lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | | lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | | lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | | lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | | lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | | lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | | lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | | lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | | lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | | lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name | | lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name | | lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | | lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | | lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | | lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | | lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | | lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | | lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | | lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | | lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | | lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | | lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name | | lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name | | lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | lib/lib.js:181:6:181:52 | broken | | lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | | lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | +| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | lib/lib.js:181:6:181:52 | broken | | lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | | lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | | lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | | lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | | lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | | lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | | lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | | lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | | lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | | lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | | lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | +| lib/lib.js:239:28:239:28 | s | lib/lib.js:245:9:245:9 | s | | lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | +| lib/lib.js:248:42:248:45 | name | lib/lib.js:251:27:251:30 | name | +| lib/lib.js:251:6:251:31 | cleaned | lib/lib.js:253:22:253:28 | cleaned | +| lib/lib.js:251:16:251:31 | cleanInput(name) | lib/lib.js:251:6:251:31 | cleaned | +| lib/lib.js:251:27:251:30 | name | lib/lib.js:239:28:239:28 | s | +| lib/lib.js:251:27:251:30 | name | lib/lib.js:251:16:251:31 | cleanInput(name) | | lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | | lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj | | lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj | | lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version | | lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:26 | opts | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:26 | opts | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:279:19:279:22 | opts | | lib/lib.js:276:8:276:11 | opts | lib/lib.js:279:19:279:22 | opts | | lib/lib.js:277:23:277:26 | opts | lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:277:23:277:26 | opts | lib/lib.js:277:23:277:30 | opts.bla | +| lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | lib/lib.js:281:23:281:26 | this [opts, bla] | +| lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | | lib/lib.js:279:19:279:22 | opts | lib/lib.js:279:19:279:26 | opts.bla | -| lib/lib.js:279:19:279:26 | opts.bla | lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:279:19:279:26 | opts.bla | lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | +| lib/lib.js:279:19:279:26 | opts.bla | lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | +| lib/lib.js:281:23:281:26 | this [opts, bla] | lib/lib.js:281:23:281:31 | this.opts [bla] | +| lib/lib.js:281:23:281:31 | this.opts [bla] | lib/lib.js:281:23:281:35 | this.opts.bla | | lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | | lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | | lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | | lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | | lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) | | lib/lib.js:339:39:339:39 | n | lib/lib.js:340:25:340:25 | n | -| lib/lib.js:339:39:339:39 | n | lib/lib.js:340:25:340:25 | n | -| lib/lib.js:340:25:340:25 | n | lib/lib.js:340:22:340:26 | id(n) | +| lib/lib.js:340:25:340:25 | n | lib/lib.js:329:13:329:13 | x | | lib/lib.js:340:25:340:25 | n | lib/lib.js:340:22:340:26 | id(n) | | lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:360:20:360:23 | opts | lib/lib.js:361:20:361:23 | opts | -| lib/lib.js:360:20:360:23 | opts | lib/lib.js:361:20:361:23 | opts | -| lib/lib.js:361:20:361:23 | opts | lib/lib.js:361:20:361:34 | opts.learn_args | -| lib/lib.js:361:20:361:34 | opts.learn_args | lib/lib.js:366:28:366:42 | this.learn_args | -| lib/lib.js:361:20:361:34 | opts.learn_args | lib/lib.js:366:28:366:42 | this.learn_args | | lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | | lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | | lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | | lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | | lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | | lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | | lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | | lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | | lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | | lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | | lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:425:12:425:13 | [] | lib/lib.js:425:6:425:13 | arr | -| lib/lib.js:426:11:426:14 | name | lib/lib.js:425:12:425:13 | [] | -| lib/lib.js:428:28:428:51 | (name ? ... ' : '') | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | +| lib/lib.js:426:2:426:4 | [post update] arr | lib/lib.js:425:6:425:13 | arr | +| lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr | | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | -| lib/lib.js:428:29:428:50 | name ? ... :' : '' | lib/lib.js:428:28:428:51 | (name ? ... ' : '') | -| lib/lib.js:428:36:428:39 | name | lib/lib.js:428:36:428:45 | name + ':' | -| lib/lib.js:428:36:428:45 | name + ':' | lib/lib.js:428:29:428:50 | name ? ... :' : '' | +| lib/lib.js:428:36:428:39 | name | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | | lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | | lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | +| lib/lib.js:432:6:432:13 | arr | lib/lib.js:437:9:437:11 | arr | +| lib/lib.js:436:10:436:12 | [post update] arr | lib/lib.js:432:6:432:13 | arr | +| lib/lib.js:436:19:436:22 | last | lib/lib.js:436:10:436:12 | [post update] arr | | lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | | lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | | lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | | lib/lib.js:478:27:478:32 | config | lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:478:27:478:32 | config | lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | | lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | | lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | | lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | | lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | | lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | | lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | | lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | | lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | | lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | | lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | | lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | | lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:551:33:551:36 | args | lib/lib.js:552:23:552:26 | args | | lib/lib.js:551:33:551:36 | args | lib/lib.js:552:23:552:26 | args | | lib/lib.js:555:25:555:37 | ["-rf", name] | lib/lib.js:551:33:551:36 | args | | lib/lib.js:555:33:555:36 | name | lib/lib.js:555:25:555:37 | ["-rf", name] | | lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | | lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | | lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | | lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | | lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | | lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | | lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | | lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | | lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | | lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | | lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | | lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | | lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/index.js:7:18:7:21 | name | | lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/index.js:7:18:7:21 | name | | lib/subLib4/index.js:7:18:7:21 | name | lib/subLib4/subsub.js:3:28:3:31 | name | | lib/subLib4/subsub.js:3:28:3:31 | name | lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib4/subsub.js:3:28:3:31 | name | lib/subLib4/subsub.js:4:22:4:25 | name | | lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | | lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | | lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | | lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | +nodes +| lib/isImported.js:5:49:5:52 | name | semmle.label | name | +| lib/isImported.js:6:22:6:25 | name | semmle.label | name | +| lib/lib2.js:3:28:3:31 | name | semmle.label | name | +| lib/lib2.js:4:22:4:25 | name | semmle.label | name | +| lib/lib2.js:7:32:7:35 | name | semmle.label | name | +| lib/lib2.js:8:22:8:25 | name | semmle.label | name | +| lib/lib.js:3:28:3:31 | name | semmle.label | name | +| lib/lib.js:4:22:4:25 | name | semmle.label | name | +| lib/lib.js:10:32:10:35 | name | semmle.label | name | +| lib/lib.js:11:22:11:25 | name | semmle.label | name | +| lib/lib.js:14:36:14:39 | name | semmle.label | name | +| lib/lib.js:15:22:15:25 | name | semmle.label | name | +| lib/lib.js:19:34:19:37 | name | semmle.label | name | +| lib/lib.js:20:22:20:25 | name | semmle.label | name | +| lib/lib.js:26:35:26:38 | name | semmle.label | name | +| lib/lib.js:27:22:27:25 | name | semmle.label | name | +| lib/lib.js:34:14:34:17 | name | semmle.label | name | +| lib/lib.js:35:23:35:26 | name | semmle.label | name | +| lib/lib.js:37:13:37:16 | name | semmle.label | name | +| lib/lib.js:38:23:38:26 | name | semmle.label | name | +| lib/lib.js:40:6:40:9 | name | semmle.label | name | +| lib/lib.js:41:23:41:26 | name | semmle.label | name | +| lib/lib.js:49:31:49:34 | name | semmle.label | name | +| lib/lib.js:50:47:50:50 | name | semmle.label | name | +| lib/lib.js:53:33:53:36 | name | semmle.label | name | +| lib/lib.js:54:25:54:28 | name | semmle.label | name | +| lib/lib.js:57:25:57:28 | name | semmle.label | name | +| lib/lib.js:64:41:64:44 | name | semmle.label | name | +| lib/lib.js:65:22:65:25 | name | semmle.label | name | +| lib/lib.js:69:27:69:30 | name | semmle.label | name | +| lib/lib.js:71:28:71:31 | name | semmle.label | name | +| lib/lib.js:73:21:73:24 | name | semmle.label | name | +| lib/lib.js:75:20:75:23 | name | semmle.label | name | +| lib/lib.js:77:28:77:31 | name | semmle.label | name | +| lib/lib.js:82:35:82:38 | name | semmle.label | name | +| lib/lib.js:83:22:83:25 | name | semmle.label | name | +| lib/lib.js:86:13:86:16 | name | semmle.label | name | +| lib/lib.js:89:21:89:24 | name | semmle.label | name | +| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | semmle.label | "\\"" + name + "\\"" | +| lib/lib.js:91:28:91:31 | name | semmle.label | name | +| lib/lib.js:97:35:97:38 | name | semmle.label | name | +| lib/lib.js:98:35:98:38 | name | semmle.label | name | +| lib/lib.js:100:37:100:40 | name | semmle.label | name | +| lib/lib.js:102:46:102:49 | name | semmle.label | name | +| lib/lib.js:108:41:108:44 | name | semmle.label | name | +| lib/lib.js:111:34:111:37 | name | semmle.label | name | +| lib/lib.js:112:22:112:25 | name | semmle.label | name | +| lib/lib.js:120:33:120:36 | name | semmle.label | name | +| lib/lib.js:121:22:121:25 | name | semmle.label | name | +| lib/lib.js:130:6:130:9 | name | semmle.label | name | +| lib/lib.js:131:23:131:26 | name | semmle.label | name | +| lib/lib.js:148:37:148:40 | name | semmle.label | name | +| lib/lib.js:149:24:149:27 | name | semmle.label | name | +| lib/lib.js:155:38:155:41 | name | semmle.label | name | +| lib/lib.js:161:25:161:28 | name | semmle.label | name | +| lib/lib.js:170:41:170:44 | name | semmle.label | name | +| lib/lib.js:173:20:173:23 | name | semmle.label | name | +| lib/lib.js:177:38:177:41 | name | semmle.label | name | +| lib/lib.js:181:6:181:52 | broken | semmle.label | broken | +| lib/lib.js:181:21:181:24 | name | semmle.label | name | +| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | semmle.label | name.re ... "'\\''") | +| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | semmle.label | name.re ... "'\\''") | +| lib/lib.js:182:22:182:27 | broken | semmle.label | broken | +| lib/lib.js:186:34:186:37 | name | semmle.label | name | +| lib/lib.js:187:22:187:25 | name | semmle.label | name | +| lib/lib.js:190:23:190:26 | name | semmle.label | name | +| lib/lib.js:196:45:196:48 | name | semmle.label | name | +| lib/lib.js:197:22:197:25 | name | semmle.label | name | +| lib/lib.js:200:23:200:26 | name | semmle.label | name | +| lib/lib.js:206:45:206:48 | name | semmle.label | name | +| lib/lib.js:207:22:207:25 | name | semmle.label | name | +| lib/lib.js:212:23:212:26 | name | semmle.label | name | +| lib/lib.js:216:39:216:42 | name | semmle.label | name | +| lib/lib.js:217:22:217:25 | name | semmle.label | name | +| lib/lib.js:220:23:220:26 | name | semmle.label | name | +| lib/lib.js:224:22:224:25 | name | semmle.label | name | +| lib/lib.js:227:39:227:42 | name | semmle.label | name | +| lib/lib.js:228:22:228:25 | name | semmle.label | name | +| lib/lib.js:236:22:236:25 | name | semmle.label | name | +| lib/lib.js:239:28:239:28 | s | semmle.label | s | +| lib/lib.js:245:9:245:9 | s | semmle.label | s | +| lib/lib.js:248:42:248:45 | name | semmle.label | name | +| lib/lib.js:249:22:249:25 | name | semmle.label | name | +| lib/lib.js:251:6:251:31 | cleaned | semmle.label | cleaned | +| lib/lib.js:251:16:251:31 | cleanInput(name) | semmle.label | cleanInput(name) | +| lib/lib.js:251:27:251:30 | name | semmle.label | name | +| lib/lib.js:253:22:253:28 | cleaned | semmle.label | cleaned | +| lib/lib.js:257:35:257:38 | name | semmle.label | name | +| lib/lib.js:258:22:258:25 | name | semmle.label | name | +| lib/lib.js:261:30:261:33 | name | semmle.label | name | +| lib/lib.js:267:46:267:48 | obj | semmle.label | obj | +| lib/lib.js:268:22:268:24 | obj | semmle.label | obj | +| lib/lib.js:268:22:268:32 | obj.version | semmle.label | obj.version | +| lib/lib.js:276:8:276:11 | opts | semmle.label | opts | +| lib/lib.js:277:23:277:26 | opts | semmle.label | opts | +| lib/lib.js:277:23:277:30 | opts.bla | semmle.label | opts.bla | +| lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | semmle.label | [post update] this [opts, bla] | +| lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | semmle.label | [post update] this.opts [bla] | +| lib/lib.js:279:19:279:22 | opts | semmle.label | opts | +| lib/lib.js:279:19:279:26 | opts.bla | semmle.label | opts.bla | +| lib/lib.js:281:23:281:26 | this [opts, bla] | semmle.label | this [opts, bla] | +| lib/lib.js:281:23:281:31 | this.opts [bla] | semmle.label | this.opts [bla] | +| lib/lib.js:281:23:281:35 | this.opts.bla | semmle.label | this.opts.bla | +| lib/lib.js:307:39:307:42 | name | semmle.label | name | +| lib/lib.js:308:23:308:26 | name | semmle.label | name | +| lib/lib.js:314:40:314:43 | name | semmle.label | name | +| lib/lib.js:315:22:315:25 | name | semmle.label | name | +| lib/lib.js:320:23:320:26 | name | semmle.label | name | +| lib/lib.js:324:40:324:42 | arg | semmle.label | arg | +| lib/lib.js:325:49:325:51 | arg | semmle.label | arg | +| lib/lib.js:329:13:329:13 | x | semmle.label | x | +| lib/lib.js:330:9:330:9 | x | semmle.label | x | +| lib/lib.js:339:39:339:39 | n | semmle.label | n | +| lib/lib.js:340:22:340:26 | id(n) | semmle.label | id(n) | +| lib/lib.js:340:25:340:25 | n | semmle.label | n | +| lib/lib.js:349:29:349:34 | unsafe | semmle.label | unsafe | +| lib/lib.js:351:22:351:27 | unsafe | semmle.label | unsafe | +| lib/lib.js:405:39:405:42 | name | semmle.label | name | +| lib/lib.js:406:22:406:25 | name | semmle.label | name | +| lib/lib.js:414:40:414:43 | name | semmle.label | name | +| lib/lib.js:415:22:415:25 | name | semmle.label | name | +| lib/lib.js:417:28:417:31 | name | semmle.label | name | +| lib/lib.js:418:25:418:28 | name | semmle.label | name | +| lib/lib.js:419:32:419:35 | name | semmle.label | name | +| lib/lib.js:420:29:420:32 | name | semmle.label | name | +| lib/lib.js:424:24:424:27 | name | semmle.label | name | +| lib/lib.js:425:6:425:13 | arr | semmle.label | arr | +| lib/lib.js:426:2:426:4 | [post update] arr | semmle.label | [post update] arr | +| lib/lib.js:426:11:426:14 | name | semmle.label | name | +| lib/lib.js:426:11:426:14 | name | semmle.label | name | +| lib/lib.js:427:14:427:16 | arr | semmle.label | arr | +| lib/lib.js:428:14:428:58 | build(" ... + '-') | semmle.label | build(" ... + '-') | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | semmle.label | (name ? ... ) + '-' | +| lib/lib.js:428:36:428:39 | name | semmle.label | name | +| lib/lib.js:431:23:431:26 | last | semmle.label | last | +| lib/lib.js:432:6:432:13 | arr | semmle.label | arr | +| lib/lib.js:436:10:436:12 | [post update] arr | semmle.label | [post update] arr | +| lib/lib.js:436:19:436:22 | last | semmle.label | last | +| lib/lib.js:436:19:436:22 | last | semmle.label | last | +| lib/lib.js:437:9:437:11 | arr | semmle.label | arr | +| lib/lib.js:441:39:441:42 | name | semmle.label | name | +| lib/lib.js:442:24:442:27 | name | semmle.label | name | +| lib/lib.js:446:20:446:23 | name | semmle.label | name | +| lib/lib.js:447:25:447:28 | name | semmle.label | name | +| lib/lib.js:477:33:477:38 | config | semmle.label | config | +| lib/lib.js:478:27:478:32 | config | semmle.label | config | +| lib/lib.js:478:27:478:46 | config.installedPath | semmle.label | config.installedPath | +| lib/lib.js:482:40:482:43 | name | semmle.label | name | +| lib/lib.js:483:30:483:33 | name | semmle.label | name | +| lib/lib.js:498:45:498:48 | name | semmle.label | name | +| lib/lib.js:499:31:499:34 | name | semmle.label | name | +| lib/lib.js:509:39:509:42 | name | semmle.label | name | +| lib/lib.js:510:22:510:25 | name | semmle.label | name | +| lib/lib.js:513:23:513:26 | name | semmle.label | name | +| lib/lib.js:519:23:519:26 | name | semmle.label | name | +| lib/lib.js:525:23:525:26 | name | semmle.label | name | +| lib/lib.js:531:23:531:26 | name | semmle.label | name | +| lib/lib.js:537:23:537:26 | name | semmle.label | name | +| lib/lib.js:543:23:543:26 | name | semmle.label | name | +| lib/lib.js:545:23:545:26 | name | semmle.label | name | +| lib/lib.js:550:39:550:42 | name | semmle.label | name | +| lib/lib.js:551:33:551:36 | args | semmle.label | args | +| lib/lib.js:552:23:552:26 | args | semmle.label | args | +| lib/lib.js:555:25:555:37 | ["-rf", name] | semmle.label | ["-rf", name] | +| lib/lib.js:555:33:555:36 | name | semmle.label | name | +| lib/lib.js:555:33:555:36 | name | semmle.label | name | +| lib/lib.js:558:41:558:44 | name | semmle.label | name | +| lib/lib.js:560:26:560:29 | name | semmle.label | name | +| lib/lib.js:562:26:562:29 | name | semmle.label | name | +| lib/lib.js:566:26:566:29 | name | semmle.label | name | +| lib/lib.js:572:41:572:44 | name | semmle.label | name | +| lib/lib.js:573:22:573:25 | name | semmle.label | name | +| lib/lib.js:579:25:579:28 | name | semmle.label | name | +| lib/lib.js:590:29:590:32 | name | semmle.label | name | +| lib/lib.js:593:25:593:28 | name | semmle.label | name | +| lib/lib.js:608:42:608:45 | name | semmle.label | name | +| lib/lib.js:609:22:609:25 | name | semmle.label | name | +| lib/lib.js:626:29:626:32 | name | semmle.label | name | +| lib/lib.js:629:25:629:28 | name | semmle.label | name | +| lib/subLib2/compiled-file.ts:3:26:3:29 | name | semmle.label | name | +| lib/subLib2/compiled-file.ts:4:25:4:28 | name | semmle.label | name | +| lib/subLib2/special-file.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib2/special-file.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib3/my-file.ts:3:28:3:31 | name | semmle.label | name | +| lib/subLib3/my-file.ts:4:22:4:25 | name | semmle.label | name | +| lib/subLib4/index.js:6:32:6:35 | name | semmle.label | name | +| lib/subLib4/index.js:7:18:7:21 | name | semmle.label | name | +| lib/subLib4/subsub.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib4/subsub.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib/amdSub.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib/amdSub.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib/index.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib/index.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib/index.js:7:32:7:35 | name | semmle.label | name | +| lib/subLib/index.js:8:22:8:25 | name | semmle.label | name | +| lib/subLib/index.js:13:44:13:46 | arr | semmle.label | arr | +| lib/subLib/index.js:14:22:14:24 | arr | semmle.label | arr | +subpaths +| lib/lib.js:251:27:251:30 | name | lib/lib.js:239:28:239:28 | s | lib/lib.js:245:9:245:9 | s | lib/lib.js:251:16:251:31 | cleanInput(name) | +| lib/lib.js:340:25:340:25 | n | lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | lib/lib.js:437:9:437:11 | arr | lib/lib.js:428:14:428:58 | build(" ... + '-') | #select | lib/isImported.js:6:10:6:25 | "rm -rf " + name | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/isImported.js:5:49:5:52 | name | library input | lib/isImported.js:6:2:6:26 | cp.exec ... + name) | shell command | | lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:3:28:3:31 | name | library input | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | shell command | @@ -831,6 +390,7 @@ edges | lib/lib.js:228:10:228:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:228:2:228:26 | cp.exec ... + name) | shell command | | lib/lib.js:236:10:236:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:236:2:236:26 | cp.exec ... + name) | shell command | | lib/lib.js:249:10:249:25 | "rm -rf " + name | lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:249:2:249:26 | cp.exec ... + name) | shell command | +| lib/lib.js:253:10:253:28 | "rm -rf " + cleaned | lib/lib.js:248:42:248:45 | name | lib/lib.js:253:22:253:28 | cleaned | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:253:2:253:29 | cp.exec ... leaned) | shell command | | lib/lib.js:258:10:258:25 | "rm -rf " + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:258:2:258:26 | cp.exec ... + name) | shell command | | lib/lib.js:261:11:261:33 | "rm -rf ... + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:261:3:261:34 | cp.exec ... + name) | shell command | | lib/lib.js:268:10:268:32 | "rm -rf ... version | lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:32 | obj.version | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:267:46:267:48 | obj | library input | lib/lib.js:268:2:268:33 | cp.exec ... ersion) | shell command | @@ -842,7 +402,6 @@ edges | lib/lib.js:325:12:325:51 | "MyWind ... " + arg | lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:324:40:324:42 | arg | library input | lib/lib.js:326:2:326:13 | cp.exec(cmd) | shell command | | lib/lib.js:340:10:340:26 | "rm -rf " + id(n) | lib/lib.js:339:39:339:39 | n | lib/lib.js:340:22:340:26 | id(n) | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:339:39:339:39 | n | library input | lib/lib.js:340:2:340:27 | cp.exec ... id(n)) | shell command | | lib/lib.js:351:10:351:27 | "rm -rf " + unsafe | lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:349:29:349:34 | unsafe | library input | lib/lib.js:351:2:351:28 | cp.exec ... unsafe) | shell command | -| lib/lib.js:366:17:366:56 | "learn ... + model | lib/lib.js:360:20:360:23 | opts | lib/lib.js:366:28:366:42 | this.learn_args | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:360:20:360:23 | opts | library input | lib/lib.js:367:3:367:18 | cp.exec(command) | shell command | | lib/lib.js:406:10:406:25 | "rm -rf " + name | lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:405:39:405:42 | name | library input | lib/lib.js:406:2:406:26 | cp.exec ... + name) | shell command | | lib/lib.js:415:10:415:25 | "rm -rf " + name | lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:415:2:415:26 | cp.exec ... + name) | shell command | | lib/lib.js:417:28:417:31 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:417:2:417:66 | cp.exec ... => {}) | shell command | From 83095535f9590d221b60143503954202e9a00dba Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:26:19 +0200 Subject: [PATCH 101/223] JS: Port UnvalidatedDynamicMethodCall --- ...lidatedDynamicMethodCallCustomizations.qll | 32 ++- .../UnvalidatedDynamicMethodCallQuery.qll | 69 +++++-- .../CWE-754/UnvalidatedDynamicMethodCall.ql | 8 +- .../UnvalidatedDynamicMethodCall.expected | 191 ++++++------------ 4 files changed, 151 insertions(+), 149 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll index d81227bcd68b..139ddf880b46 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll @@ -54,6 +54,30 @@ module UnvalidatedDynamicMethodCall { } } + /** + * A barrier guard for unvalidated dynamic method calls. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** * A flow label describing values read from a user-controlled property that * may not be functions. @@ -109,13 +133,13 @@ module UnvalidatedDynamicMethodCall { * A check of the form `typeof x === 'function'`, which sanitizes away the `MaybeNonFunction` * taint kind. */ - class FunctionCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { + class FunctionCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; FunctionCheck() { TaintTracking::isTypeofGuard(astNode, operand, "function") } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { outcome = astNode.getPolarity() and e = operand and label instanceof MaybeNonFunction @@ -123,12 +147,12 @@ module UnvalidatedDynamicMethodCall { } /** A guard that checks whether `x` is a number. */ - class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { + class NumberGuard extends BarrierGuardLegacy instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll index 921ab7f88e26..e964770437d0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll @@ -27,30 +27,32 @@ private class ConcreteMaybeFromProto extends MaybeFromProto { /** * A taint-tracking configuration for reasoning about unvalidated dynamic method calls. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnvalidatedDynamicMethodCall" } +module UnvalidatedDynamicMethodCallConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { source.(Source).getFlowLabel() = label } - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { sink.(Sink).getFlowLabel() = label } - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { - super.isLabeledBarrier(node, label) - or + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { node.(Sanitizer).getFlowLabel() = label + or + TaintTracking::defaultSanitizer(node) and + label.isTaint() + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) } - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof NumberGuard or - guard instanceof FunctionCheck + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() } - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel srclabel, DataFlow::Node dst, DataFlow::FlowLabel dstlabel ) { exists(DataFlow::PropRead read | @@ -74,5 +76,48 @@ class Configuration extends TaintTracking::Configuration { ) and srclabel.isTaint() and dstlabel instanceof MaybeNonFunction + or + srclabel.isTaint() and + TaintTracking::defaultTaintStep(src, dst) and + srclabel = dstlabel + } +} + +/** + * Taint-tracking for reasoning about unvalidated dynamic method calls. + */ +module UnvalidatedDynamicMethodCallFlow = + DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `UnvalidatedDynamicMethodCallFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "UnvalidatedDynamicMethodCall" } + + override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getFlowLabel() = label + } + + override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink.(Sink).getFlowLabel() = label + } + + override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + super.isLabeledBarrier(node, label) + or + node.(Sanitizer).getFlowLabel() = label + } + + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { + guard instanceof NumberGuard or + guard instanceof FunctionCheck + } + + override predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, + DataFlow::FlowLabel dstlabel + ) { + UnvalidatedDynamicMethodCallConfig::isAdditionalFlowStep(src, srclabel, dst, dstlabel) } } diff --git a/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql b/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql index c2841c5e9021..df84c62edf77 100644 --- a/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql +++ b/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql @@ -13,10 +13,12 @@ import javascript import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + UnvalidatedDynamicMethodCallFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "Invocation of method with $@ name may dispatch to unexpected target and cause an exception.", source.getNode(), "user-controlled" diff --git a/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected b/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected index cd3f5d60a355..55d4ce165102 100644 --- a/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected +++ b/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected @@ -1,132 +1,83 @@ nodes -| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | -| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | -| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | -| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | -| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | -| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | -| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | -| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | -| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | -| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | -| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | -| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | -| UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | -| UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | -| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | -| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | -| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | -| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | -| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | -| UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | -| UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | -| tst.js:6:39:6:40 | ev | -| tst.js:6:39:6:40 | ev | -| tst.js:7:9:7:39 | name | -| tst.js:7:16:7:34 | JSON.parse(ev.data) | -| tst.js:7:16:7:39 | JSON.pa ... a).name | -| tst.js:7:27:7:28 | ev | -| tst.js:7:27:7:33 | ev.data | -| tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:9:9:9:10 | ev | -| tst.js:9:9:9:15 | ev.data | -| tst.js:11:5:11:13 | obj[name] | -| tst.js:11:5:11:13 | obj[name] | -| tst.js:11:5:11:13 | obj[name] | -| tst.js:11:9:11:12 | name | -| tst.js:17:9:17:22 | fn | -| tst.js:17:9:17:22 | fn | -| tst.js:17:14:17:22 | obj[name] | -| tst.js:17:14:17:22 | obj[name] | -| tst.js:17:18:17:21 | name | -| tst.js:18:5:18:6 | fn | -| tst.js:18:5:18:6 | fn | -| tst.js:18:5:18:6 | fn | -| tst.js:20:7:20:8 | fn | -| tst.js:20:7:20:8 | fn | -| tst.js:21:7:21:15 | obj[name] | -| tst.js:21:7:21:15 | obj[name] | -| tst.js:21:7:21:15 | obj[name] | -| tst.js:21:11:21:14 | name | -| tst.js:22:11:22:12 | fn | -| tst.js:22:11:22:12 | fn | -| tst.js:26:7:26:15 | obj[name] | -| tst.js:26:7:26:15 | obj[name] | -| tst.js:26:7:26:15 | obj[name] | -| tst.js:26:11:26:14 | name | -| tst.js:28:7:28:15 | obj[name] | -| tst.js:28:7:28:15 | obj[name] | -| tst.js:28:11:28:14 | name | -| tst.js:34:9:34:24 | key | -| tst.js:34:15:34:24 | "$" + name | -| tst.js:34:21:34:24 | name | -| tst.js:35:5:35:12 | obj[key] | -| tst.js:35:5:35:12 | obj[key] | -| tst.js:35:5:35:12 | obj[key] | -| tst.js:35:9:35:11 | key | -| tst.js:37:7:37:14 | obj[key] | -| tst.js:37:7:37:14 | obj[key] | -| tst.js:37:11:37:13 | key | -| tst.js:47:39:47:40 | ev | -| tst.js:47:39:47:40 | ev | -| tst.js:48:9:48:39 | name | -| tst.js:48:16:48:34 | JSON.parse(ev.data) | -| tst.js:48:16:48:39 | JSON.pa ... a).name | -| tst.js:48:27:48:28 | ev | -| tst.js:48:27:48:33 | ev.data | -| tst.js:49:9:49:23 | fn | -| tst.js:49:14:49:23 | obj2[name] | -| tst.js:49:19:49:22 | name | -| tst.js:50:5:50:6 | fn | -| tst.js:50:5:50:6 | fn | +| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | semmle.label | ev | +| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | semmle.label | message | +| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | semmle.label | ev | +| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | semmle.label | ev.data | +| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | semmle.label | obj[message.name] | +| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | semmle.label | message | +| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | semmle.label | message.name | +| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | semmle.label | action | +| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | semmle.label | actions ... action) | +| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | semmle.label | req.params.action | +| UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | semmle.label | action | +| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | semmle.label | action | +| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | semmle.label | actions ... action] | +| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | semmle.label | req.params.action | +| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | semmle.label | action | +| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | semmle.label | action | +| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | semmle.label | actions ... action) | +| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | semmle.label | req.params.action | +| UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | semmle.label | action | +| tst.js:6:39:6:40 | ev | semmle.label | ev | +| tst.js:7:9:7:39 | name | semmle.label | name | +| tst.js:7:16:7:34 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| tst.js:7:16:7:39 | JSON.pa ... a).name | semmle.label | JSON.pa ... a).name | +| tst.js:7:27:7:28 | ev | semmle.label | ev | +| tst.js:7:27:7:33 | ev.data | semmle.label | ev.data | +| tst.js:9:5:9:16 | obj[ev.data] | semmle.label | obj[ev.data] | +| tst.js:9:9:9:10 | ev | semmle.label | ev | +| tst.js:9:9:9:15 | ev.data | semmle.label | ev.data | +| tst.js:11:5:11:13 | obj[name] | semmle.label | obj[name] | +| tst.js:11:9:11:12 | name | semmle.label | name | +| tst.js:17:9:17:22 | fn | semmle.label | fn | +| tst.js:17:14:17:22 | obj[name] | semmle.label | obj[name] | +| tst.js:17:18:17:21 | name | semmle.label | name | +| tst.js:18:5:18:6 | fn | semmle.label | fn | +| tst.js:20:7:20:8 | fn | semmle.label | fn | +| tst.js:21:7:21:15 | obj[name] | semmle.label | obj[name] | +| tst.js:21:11:21:14 | name | semmle.label | name | +| tst.js:22:11:22:12 | fn | semmle.label | fn | +| tst.js:26:7:26:15 | obj[name] | semmle.label | obj[name] | +| tst.js:26:11:26:14 | name | semmle.label | name | +| tst.js:28:7:28:15 | obj[name] | semmle.label | obj[name] | +| tst.js:28:11:28:14 | name | semmle.label | name | +| tst.js:34:9:34:24 | key | semmle.label | key | +| tst.js:34:15:34:24 | "$" + name | semmle.label | "$" + name | +| tst.js:34:21:34:24 | name | semmle.label | name | +| tst.js:35:5:35:12 | obj[key] | semmle.label | obj[key] | +| tst.js:35:9:35:11 | key | semmle.label | key | +| tst.js:37:7:37:14 | obj[key] | semmle.label | obj[key] | +| tst.js:37:11:37:13 | key | semmle.label | key | +| tst.js:47:39:47:40 | ev | semmle.label | ev | +| tst.js:48:9:48:39 | name | semmle.label | name | +| tst.js:48:16:48:34 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| tst.js:48:16:48:39 | JSON.pa ... a).name | semmle.label | JSON.pa ... a).name | +| tst.js:48:27:48:28 | ev | semmle.label | ev | +| tst.js:48:27:48:33 | ev.data | semmle.label | ev.data | +| tst.js:49:9:49:23 | fn | semmle.label | fn | +| tst.js:49:14:49:23 | obj2[name] | semmle.label | obj2[name] | +| tst.js:49:19:49:22 | name | semmle.label | name | +| tst.js:50:5:50:6 | fn | semmle.label | fn | edges | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | -| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | | UnsafeDynamicMethodAccess.js:6:9:6:37 | message | UnsafeDynamicMethodAccess.js:15:9:15:15 | message | | UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | UnsafeDynamicMethodAccess.js:6:9:6:37 | message | | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | | UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | | UnsafeDynamicMethodAccess.js:15:9:15:15 | message | UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | | UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | | UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | | UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | | UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | -| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | -| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | | UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | | UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | | UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | | UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | -| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | -| tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev | | tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev | | tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev | -| tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev | | tst.js:7:9:7:39 | name | tst.js:11:9:11:12 | name | | tst.js:7:9:7:39 | name | tst.js:17:18:17:21 | name | | tst.js:7:9:7:39 | name | tst.js:21:11:21:14 | name | @@ -139,51 +90,31 @@ edges | tst.js:7:27:7:33 | ev.data | tst.js:7:16:7:34 | JSON.parse(ev.data) | | tst.js:9:9:9:10 | ev | tst.js:9:9:9:15 | ev.data | | tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] | | tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] | -| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] | -| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | -| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | | tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | -| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | -| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn | | tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn | | tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn | -| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn | -| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn | | tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn | | tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] | -| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] | -| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] | | tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] | -| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] | -| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] | -| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] | | tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] | | tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] | -| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] | | tst.js:34:9:34:24 | key | tst.js:35:9:35:11 | key | | tst.js:34:9:34:24 | key | tst.js:37:11:37:13 | key | | tst.js:34:15:34:24 | "$" + name | tst.js:34:9:34:24 | key | | tst.js:34:21:34:24 | name | tst.js:34:15:34:24 | "$" + name | | tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] | -| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] | -| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] | -| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] | | tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] | | tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev | -| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev | | tst.js:48:9:48:39 | name | tst.js:49:19:49:22 | name | | tst.js:48:16:48:34 | JSON.parse(ev.data) | tst.js:48:16:48:39 | JSON.pa ... a).name | | tst.js:48:16:48:39 | JSON.pa ... a).name | tst.js:48:9:48:39 | name | | tst.js:48:27:48:28 | ev | tst.js:48:27:48:33 | ev.data | | tst.js:48:27:48:33 | ev.data | tst.js:48:16:48:34 | JSON.parse(ev.data) | | tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn | -| tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn | | tst.js:49:14:49:23 | obj2[name] | tst.js:49:9:49:23 | fn | | tst.js:49:19:49:22 | name | tst.js:49:14:49:23 | obj2[name] | +subpaths #select | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | user-controlled | | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | user-controlled | From 03f8c0fc5ef9551660fcd24f7915d2951cb6803a Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:26:25 +0200 Subject: [PATCH 102/223] JS: Port XmlBomb --- .../security/dataflow/XmlBombQuery.qll | 18 ++++- javascript/ql/src/Security/CWE-776/XmlBomb.ql | 6 +- .../Security/CWE-776/XmlBomb.expected | 66 +++++-------------- 3 files changed, 38 insertions(+), 52 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll index 951b927f86ef..e6ff29f81c52 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll @@ -13,7 +13,23 @@ import XmlBombCustomizations::XmlBomb /** * A taint-tracking configuration for reasoning about XML-bomb vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module XmlBombConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about XML-bomb vulnerabilities. + */ +module XmlBombFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `XmlBombFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "XmlBomb" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/Security/CWE-776/XmlBomb.ql index e418f3298106..aa3f48c6037a 100644 --- a/javascript/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/Security/CWE-776/XmlBomb.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.XmlBombQuery -import DataFlow::PathGraph +import XmlBombFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XmlBombFlow::PathNode source, XmlBombFlow::PathNode sink +where XmlBombFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against uncontrolled entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected b/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected index fb1e8e683219..be99aaf75139 100644 --- a/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected +++ b/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected @@ -1,60 +1,30 @@ -nodes -| closure.js:2:7:2:36 | src | -| closure.js:2:13:2:36 | documen ... .search | -| closure.js:2:13:2:36 | documen ... .search | -| closure.js:4:24:4:26 | src | -| closure.js:4:24:4:26 | src | -| domparser.js:2:7:2:36 | src | -| domparser.js:2:13:2:36 | documen ... .search | -| domparser.js:2:13:2:36 | documen ... .search | -| domparser.js:6:37:6:39 | src | -| domparser.js:6:37:6:39 | src | -| domparser.js:11:55:11:57 | src | -| domparser.js:11:55:11:57 | src | -| domparser.js:14:57:14:59 | src | -| domparser.js:14:57:14:59 | src | -| expat.js:6:16:6:36 | req.par ... e-xml") | -| expat.js:6:16:6:36 | req.par ... e-xml") | -| expat.js:6:16:6:36 | req.par ... e-xml") | -| jquery.js:2:7:2:36 | src | -| jquery.js:2:13:2:36 | documen ... .search | -| jquery.js:2:13:2:36 | documen ... .search | -| jquery.js:5:14:5:16 | src | -| jquery.js:5:14:5:16 | src | -| libxml.js:6:21:6:41 | req.par ... e-xml") | -| libxml.js:6:21:6:41 | req.par ... e-xml") | -| libxml.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | edges | closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src | -| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src | -| closure.js:2:13:2:36 | documen ... .search | closure.js:2:7:2:36 | src | | closure.js:2:13:2:36 | documen ... .search | closure.js:2:7:2:36 | src | | domparser.js:2:7:2:36 | src | domparser.js:6:37:6:39 | src | -| domparser.js:2:7:2:36 | src | domparser.js:6:37:6:39 | src | -| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | | domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | | domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | -| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | -| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | | domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | -| expat.js:6:16:6:36 | req.par ... e-xml") | expat.js:6:16:6:36 | req.par ... e-xml") | -| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src | | jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src | | jquery.js:2:13:2:36 | documen ... .search | jquery.js:2:7:2:36 | src | -| jquery.js:2:13:2:36 | documen ... .search | jquery.js:2:7:2:36 | src | -| libxml.js:6:21:6:41 | req.par ... e-xml") | libxml.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | +nodes +| closure.js:2:7:2:36 | src | semmle.label | src | +| closure.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search | +| closure.js:4:24:4:26 | src | semmle.label | src | +| domparser.js:2:7:2:36 | src | semmle.label | src | +| domparser.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search | +| domparser.js:6:37:6:39 | src | semmle.label | src | +| domparser.js:11:55:11:57 | src | semmle.label | src | +| domparser.js:14:57:14:59 | src | semmle.label | src | +| expat.js:6:16:6:36 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| jquery.js:2:7:2:36 | src | semmle.label | src | +| jquery.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search | +| jquery.js:5:14:5:16 | src | semmle.label | src | +| libxml.js:6:21:6:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +subpaths #select | closure.js:4:24:4:26 | src | closure.js:2:13:2:36 | documen ... .search | closure.js:4:24:4:26 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | closure.js:2:13:2:36 | documen ... .search | user-provided value | | domparser.js:6:37:6:39 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:6:37:6:39 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value | From c2d170b4fd4bad9961bc03f5b8d5f37f185b89c3 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:26:36 +0200 Subject: [PATCH 103/223] JS: Port XpathInjection --- .../security/dataflow/XpathInjectionQuery.qll | 18 ++++++- .../ql/src/Security/CWE-643/XpathInjection.ql | 6 +-- .../Security/CWE-643/XpathInjection.expected | 51 ++++++------------- 3 files changed, 36 insertions(+), 39 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll index 08e84e834d01..9016c19bd9ea 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll @@ -14,7 +14,23 @@ import XpathInjectionCustomizations::XpathInjection /** * A taint-tracking configuration for untrusted user input used in XPath expression. */ -class Configuration extends TaintTracking::Configuration { +module XpathInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for untrusted user input used in XPath expression. + */ +module XpathInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `XpathInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "XpathInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/Security/CWE-643/XpathInjection.ql index 8a5bfbd791fc..c28441d8e24e 100644 --- a/javascript/ql/src/Security/CWE-643/XpathInjection.ql +++ b/javascript/ql/src/Security/CWE-643/XpathInjection.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.XpathInjectionQuery -import DataFlow::PathGraph +import XpathInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XpathInjectionFlow::PathNode source, XpathInjectionFlow::PathNode sink +where XpathInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected b/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected index f2e28eb3703c..5b216204dbe0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected @@ -1,50 +1,31 @@ -nodes -| XpathInjectionBad.js:6:7:6:38 | userName | -| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | -| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | -| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | -| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | -| XpathInjectionBad.js:9:66:9:73 | userName | -| tst2.js:1:13:1:34 | documen ... on.hash | -| tst2.js:1:13:1:34 | documen ... on.hash | -| tst2.js:1:13:1:47 | documen ... ring(1) | -| tst2.js:2:27:2:31 | query | -| tst2.js:2:27:2:31 | query | -| tst2.js:3:19:3:23 | query | -| tst2.js:3:19:3:23 | query | -| tst.js:6:7:6:37 | tainted | -| tst.js:6:17:6:37 | req.par ... rName") | -| tst.js:6:17:6:37 | req.par ... rName") | -| tst.js:7:15:7:21 | tainted | -| tst.js:7:15:7:21 | tainted | -| tst.js:8:16:8:22 | tainted | -| tst.js:8:16:8:22 | tainted | -| tst.js:9:17:9:23 | tainted | -| tst.js:9:17:9:23 | tainted | -| tst.js:11:8:11:14 | tainted | -| tst.js:11:8:11:14 | tainted | edges | XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName | | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName | -| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName | -| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | | XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | | tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) | -| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) | -| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query | | tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query | | tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query | -| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query | | tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted | | tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted | | tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted | | tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted | -| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted | | tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted | +nodes +| XpathInjectionBad.js:6:7:6:38 | userName | semmle.label | userName | +| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | semmle.label | req.par ... rName") | +| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | semmle.label | "//user ... text()" | +| XpathInjectionBad.js:9:66:9:73 | userName | semmle.label | userName | +| tst2.js:1:13:1:34 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst2.js:1:13:1:47 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst2.js:2:27:2:31 | query | semmle.label | query | +| tst2.js:3:19:3:23 | query | semmle.label | query | +| tst.js:6:7:6:37 | tainted | semmle.label | tainted | +| tst.js:6:17:6:37 | req.par ... rName") | semmle.label | req.par ... rName") | +| tst.js:7:15:7:21 | tainted | semmle.label | tainted | +| tst.js:8:16:8:22 | tainted | semmle.label | tainted | +| tst.js:9:17:9:23 | tainted | semmle.label | tainted | +| tst.js:11:8:11:14 | tainted | semmle.label | tainted | +subpaths #select | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XPath expression depends on a $@. | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | user-provided value | | tst2.js:2:27:2:31 | query | tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:2:27:2:31 | query | XPath expression depends on a $@. | tst2.js:1:13:1:34 | documen ... on.hash | user-provided value | From b8847dbc5d0328de7c7788abac52680ebf2eb8d5 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:26:42 +0200 Subject: [PATCH 104/223] JS: Port Xxe --- .../javascript/security/dataflow/XxeQuery.qll | 18 +++++- javascript/ql/src/Security/CWE-611/Xxe.ql | 6 +- .../query-tests/Security/CWE-611/Xxe.expected | 56 +++++-------------- 3 files changed, 34 insertions(+), 46 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll index 82d3fb4f6cc1..c82289b28bc4 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll @@ -13,7 +13,23 @@ import XxeCustomizations::Xxe /** * A taint-tracking configuration for reasoning about XXE vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module XxeConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about XXE vulnerabilities. + */ +module XxeFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `XxeFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "Xxe" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/Security/CWE-611/Xxe.ql index 6f544f3a2e52..e1e84e360480 100644 --- a/javascript/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/Security/CWE-611/Xxe.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.XxeQuery -import DataFlow::PathGraph +import XxeFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XxeFlow::PathNode source, XxeFlow::PathNode sink +where XxeFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against external entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected b/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected index b625cd91449b..8302bf16dd06 100644 --- a/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected +++ b/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected @@ -1,49 +1,21 @@ -nodes -| domparser.js:2:7:2:36 | src | -| domparser.js:2:13:2:36 | documen ... .search | -| domparser.js:2:13:2:36 | documen ... .search | -| domparser.js:11:55:11:57 | src | -| domparser.js:11:55:11:57 | src | -| domparser.js:14:57:14:59 | src | -| domparser.js:14:57:14:59 | src | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | -| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | -| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | -| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | -| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | -| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | -| libxml.noent.js:16:27:16:35 | req.files | -| libxml.noent.js:16:27:16:35 | req.files | -| libxml.noent.js:16:27:16:44 | req.files.products | -| libxml.noent.js:16:27:16:49 | req.fil ... ts.data | -| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | -| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | edges | domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | -| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | -| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | | domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | | domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | -| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | libxml.noent.js:11:21:11:41 | req.par ... e-xml") | -| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | libxml.noent.js:14:27:14:47 | req.par ... e-xml") | -| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:44 | req.files.products | -| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:44 | req.files.products | -| libxml.noent.js:16:27:16:44 | req.files.products | libxml.noent.js:16:27:16:49 | req.fil ... ts.data | -| libxml.noent.js:16:27:16:49 | req.fil ... ts.data | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | -| libxml.noent.js:16:27:16:49 | req.fil ... ts.data | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | +| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | +nodes +| domparser.js:2:7:2:36 | src | semmle.label | src | +| domparser.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search | +| domparser.js:11:55:11:57 | src | semmle.label | src | +| domparser.js:14:57:14:59 | src | semmle.label | src | +| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.noent.js:16:27:16:35 | req.files | semmle.label | req.files | +| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | semmle.label | req.fil ... 'utf8') | +| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +subpaths #select | domparser.js:11:55:11:57 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:11:55:11:57 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value | | domparser.js:14:57:14:59 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:14:57:14:59 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value | From c55300d4b05bcad1167530025d8d5c468b788bf9 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:26:50 +0200 Subject: [PATCH 105/223] JS: Port PolynomialReDoS --- .../regexp/PolynomialReDoSCustomizations.qll | 19 +- .../security/regexp/PolynomialReDoSQuery.qll | 26 +- .../ql/src/Performance/PolynomialReDoS.ql | 6 +- .../CWE-400/ReDoS/PolynomialReDoS.expected | 717 ++++++++++-------- 4 files changed, 444 insertions(+), 324 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll index 30bd36c124e7..196bead33f1a 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll @@ -46,6 +46,21 @@ module PolynomialReDoS { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for polynomial regular expression denial-of-service attacks. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** * A remote input to a server, seen as a source for polynomial * regular expression denial-of-service vulnerabilities. @@ -118,7 +133,7 @@ module PolynomialReDoS { /** * An check on the length of a string, seen as a sanitizer guard. */ - class LengthGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { + class LengthGuard extends BarrierGuardLegacy, DataFlow::ValueNode { DataFlow::Node input; boolean polarity; @@ -133,7 +148,7 @@ module PolynomialReDoS { ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = polarity and e = input.asExpr() } diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll index f8675bde3f28..dbe45503f2c7 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll @@ -11,7 +11,31 @@ import javascript import PolynomialReDoSCustomizations::PolynomialReDoS /** A taint-tracking configuration for reasoning about polynomial regular expression denial-of-service attacks. */ -class Configuration extends TaintTracking::Configuration { +module PolynomialReDoSConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + none() + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) + } +} + +/** Taint-tracking for reasoning about polynomial regular expression denial-of-service attacks. */ +module PolynomialReDoSFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `PolynomialReDoSFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "PolynomialReDoS" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Performance/PolynomialReDoS.ql b/javascript/ql/src/Performance/PolynomialReDoS.ql index befc556b0330..7a4e72136f4a 100644 --- a/javascript/ql/src/Performance/PolynomialReDoS.ql +++ b/javascript/ql/src/Performance/PolynomialReDoS.ql @@ -15,13 +15,13 @@ import javascript import semmle.javascript.security.regexp.PolynomialReDoSQuery -import DataFlow::PathGraph +import PolynomialReDoSFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode, + PolynomialReDoSFlow::PathNode source, PolynomialReDoSFlow::PathNode sink, Sink sinkNode, PolynomialBackTrackingTerm regexp where - cfg.hasFlowPath(source, sink) and + PolynomialReDoSFlow::flowPath(source, sink) and sinkNode = sink.getNode() and regexp = sinkNode.getRegExp() and not ( diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected index 4c534fffe134..e8593c903ca9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected @@ -1,341 +1,32 @@ -nodes -| lib/closure.js:3:21:3:21 | x | -| lib/closure.js:3:21:3:21 | x | -| lib/closure.js:4:16:4:16 | x | -| lib/closure.js:4:16:4:16 | x | -| lib/indirect.js:1:32:1:32 | x | -| lib/indirect.js:1:32:1:32 | x | -| lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:2:16:2:16 | x | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:4:14:4:17 | name | -| lib/lib.js:4:14:4:17 | name | -| lib/lib.js:7:19:7:22 | name | -| lib/lib.js:7:19:7:22 | name | -| lib/lib.js:8:13:8:16 | name | -| lib/lib.js:8:13:8:16 | name | -| lib/lib.js:21:14:21:14 | x | -| lib/lib.js:21:14:21:14 | x | -| lib/lib.js:22:9:22:9 | x | -| lib/lib.js:27:6:27:19 | y | -| lib/lib.js:27:10:27:19 | id("safe") | -| lib/lib.js:28:13:28:13 | y | -| lib/lib.js:28:13:28:13 | y | -| lib/lib.js:32:32:32:40 | arguments | -| lib/lib.js:32:32:32:40 | arguments | -| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | -| lib/lib.js:35:28:35:31 | name | -| lib/lib.js:36:13:36:16 | name | -| lib/lib.js:36:13:36:16 | name | -| lib/lib.js:41:32:41:35 | name | -| lib/lib.js:41:32:41:35 | name | -| lib/lib.js:42:17:42:20 | name | -| lib/lib.js:42:17:42:20 | name | -| lib/lib.js:44:5:44:25 | name | -| lib/lib.js:44:12:44:15 | name | -| lib/lib.js:44:12:44:25 | name.substr(1) | -| lib/lib.js:45:17:45:20 | name | -| lib/lib.js:45:17:45:20 | name | -| lib/lib.js:52:22:52:25 | name | -| lib/lib.js:52:22:52:25 | name | -| lib/lib.js:53:16:53:19 | name | -| lib/lib.js:53:16:53:19 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | -| lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | -| lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/snapdragon.js:3:34:3:38 | input | -| lib/snapdragon.js:3:34:3:38 | input | -| lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:9:12:9:16 | input | -| lib/snapdragon.js:12:34:12:38 | input | -| lib/snapdragon.js:12:34:12:38 | input | -| lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:17:20:17:24 | input | -| lib/snapdragon.js:20:34:20:38 | input | -| lib/snapdragon.js:20:34:20:38 | input | -| lib/snapdragon.js:22:44:22:47 | node | -| lib/snapdragon.js:23:5:23:8 | node | -| lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:25:22:25:26 | input | -| lib/subLib4/factory.js:7:27:7:30 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | -| lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | -| lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | -| lib/subLib5/main.js:1:28:1:31 | name | -| lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | -| lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib6/index.js:1:32:1:35 | name | -| lib/subLib6/index.js:1:32:1:35 | name | -| lib/subLib6/index.js:2:14:2:17 | name | -| lib/subLib6/index.js:2:14:2:17 | name | -| lib/sublib/factory.js:12:26:12:29 | name | -| lib/sublib/factory.js:12:26:12:29 | name | -| lib/sublib/factory.js:13:24:13:27 | name | -| lib/sublib/factory.js:13:24:13:27 | name | -| polynomial-redos.js:5:6:5:32 | tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | -| polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:69:18:69:25 | req.body | -| polynomial-redos.js:69:18:69:25 | req.body | -| polynomial-redos.js:69:18:69:25 | req.body | -| polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:121:7:121:55 | replaced | -| polynomial-redos.js:121:18:121:24 | tainted | -| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | -| polynomial-redos.js:123:3:123:20 | result | -| polynomial-redos.js:123:13:123:20 | replaced | -| polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:129:6:129:42 | modified | -| polynomial-redos.js:129:17:129:23 | tainted | -| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | -| polynomial-redos.js:130:2:130:9 | modified | -| polynomial-redos.js:130:2:130:9 | modified | -| polynomial-redos.js:132:6:132:50 | modified2 | -| polynomial-redos.js:132:18:132:24 | tainted | -| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | -| polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:135:9:135:47 | modified3 | -| polynomial-redos.js:135:21:135:27 | tainted | -| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | -| polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:138:5:138:11 | tainted | edges | lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | | lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | | lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | | lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:21:14:21:14 | x | lib/lib.js:22:9:22:9 | x | -| lib/lib.js:21:14:21:14 | x | lib/lib.js:22:9:22:9 | x | -| lib/lib.js:22:9:22:9 | x | lib/lib.js:27:10:27:19 | id("safe") | -| lib/lib.js:27:6:27:19 | y | lib/lib.js:28:13:28:13 | y | -| lib/lib.js:27:6:27:19 | y | lib/lib.js:28:13:28:13 | y | -| lib/lib.js:27:10:27:19 | id("safe") | lib/lib.js:27:6:27:19 | y | -| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | | lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | lib/lib.js:35:28:35:31 | name | | lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name | -| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name | | lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name | | lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name | | lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name | -| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name | | lib/lib.js:44:12:44:15 | name | lib/lib.js:44:12:44:25 | name.substr(1) | | lib/lib.js:44:12:44:25 | name.substr(1) | lib/lib.js:44:5:44:25 | name | | lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | | lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | | lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input | | lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input | | lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input | | lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input | | lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input | | lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input | | lib/snapdragon.js:22:44:22:47 | node | lib/snapdragon.js:23:5:23:8 | node | | lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val | | lib/snapdragon.js:25:22:25:26 | input | lib/snapdragon.js:22:44:22:47 | node | | lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | | lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | | lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | | lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | | lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | | lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | @@ -343,10 +34,13 @@ edges | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:10:2:10:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:13:2:13:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:14:2:14:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | @@ -359,12 +53,19 @@ edges | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:21:6:21:12 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:26:2:26:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:27:77:27:83 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:28:76:28:82 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:31:2:31:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:32:2:32:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:34:2:34:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | @@ -373,8 +74,12 @@ edges | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:41:2:41:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:44:2:44:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:46:2:46:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:47:2:47:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | @@ -397,6 +102,8 @@ edges | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:60:17:60:23 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:61:18:61:24 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | @@ -421,6 +128,9 @@ edges | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:82:2:82:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:83:2:83:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:84:2:84:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | @@ -429,6 +139,8 @@ edges | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:91:2:91:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:92:2:92:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | @@ -447,6 +159,7 @@ edges | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:105:2:105:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | @@ -463,34 +176,402 @@ edges | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:121:18:121:24 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:127:2:127:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:129:17:129:23 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:132:18:132:24 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:135:21:135:27 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted | | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted | -| polynomial-redos.js:68:18:68:24 | req.url | polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:69:18:69:25 | req.body | polynomial-redos.js:69:18:69:25 | req.body | +| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted | +| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted | +| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted | +| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted | +| polynomial-redos.js:9:2:9:8 | tainted | polynomial-redos.js:10:2:10:8 | tainted | +| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted | +| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted | +| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted | +| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted | +| polynomial-redos.js:12:2:12:8 | tainted | polynomial-redos.js:13:2:13:8 | tainted | +| polynomial-redos.js:13:2:13:8 | tainted | polynomial-redos.js:14:2:14:8 | tainted | +| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted | +| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted | +| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted | +| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted | +| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted | +| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted | +| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted | +| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted | +| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted | +| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted | +| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted | +| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted | +| polynomial-redos.js:20:2:20:8 | tainted | polynomial-redos.js:21:6:21:12 | tainted | +| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted | +| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted | +| polynomial-redos.js:25:2:25:8 | tainted | polynomial-redos.js:26:2:26:8 | tainted | +| polynomial-redos.js:26:2:26:8 | tainted | polynomial-redos.js:27:77:27:83 | tainted | +| polynomial-redos.js:27:77:27:83 | tainted | polynomial-redos.js:28:76:28:82 | tainted | +| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted | +| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted | +| polynomial-redos.js:30:2:30:8 | tainted | polynomial-redos.js:31:2:31:8 | tainted | +| polynomial-redos.js:31:2:31:8 | tainted | polynomial-redos.js:32:2:32:8 | tainted | +| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted | +| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted | +| polynomial-redos.js:33:2:33:8 | tainted | polynomial-redos.js:34:2:34:8 | tainted | +| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted | +| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted | +| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted | +| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted | +| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted | +| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted | +| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted | +| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted | +| polynomial-redos.js:40:2:40:8 | tainted | polynomial-redos.js:41:2:41:8 | tainted | +| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted | +| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted | +| polynomial-redos.js:43:2:43:8 | tainted | polynomial-redos.js:44:2:44:8 | tainted | +| polynomial-redos.js:44:2:44:8 | tainted | polynomial-redos.js:46:2:46:8 | tainted | +| polynomial-redos.js:46:2:46:8 | tainted | polynomial-redos.js:47:2:47:8 | tainted | +| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted | +| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted | +| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted | +| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted | +| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted | +| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted | +| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | +| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | +| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted | +| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted | +| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted | +| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted | +| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted | +| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted | +| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted | +| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted | +| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted | +| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted | +| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted | +| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted | +| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted | +| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted | +| polynomial-redos.js:59:23:59:29 | tainted | polynomial-redos.js:60:17:60:23 | tainted | +| polynomial-redos.js:60:17:60:23 | tainted | polynomial-redos.js:61:18:61:24 | tainted | +| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted | +| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted | +| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted | +| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted | +| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted | +| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted | +| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted | +| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted | +| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted | +| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted | +| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted | +| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted | +| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted | +| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted | +| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted | +| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted | +| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted | +| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted | +| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted | +| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted | +| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted | +| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted | +| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted | +| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted | +| polynomial-redos.js:81:2:81:8 | tainted | polynomial-redos.js:82:2:82:8 | tainted | +| polynomial-redos.js:82:2:82:8 | tainted | polynomial-redos.js:83:2:83:8 | tainted | +| polynomial-redos.js:83:2:83:8 | tainted | polynomial-redos.js:84:2:84:8 | tainted | +| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted | +| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted | +| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted | +| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted | +| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted | +| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted | +| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted | +| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted | +| polynomial-redos.js:90:2:90:8 | tainted | polynomial-redos.js:91:2:91:8 | tainted | +| polynomial-redos.js:91:2:91:8 | tainted | polynomial-redos.js:92:2:92:8 | tainted | +| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted | +| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted | +| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted | +| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted | +| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted | +| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted | +| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted | +| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted | +| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted | +| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted | +| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted | +| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted | +| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted | +| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted | +| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted | +| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted | +| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted | +| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted | +| polynomial-redos.js:104:2:104:8 | tainted | polynomial-redos.js:105:2:105:8 | tainted | +| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted | +| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted | +| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted | +| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted | +| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted | +| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted | +| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted | +| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted | +| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted | +| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted | +| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted | +| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted | +| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted | +| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted | +| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | +| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:121:18:121:24 | tainted | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:127:2:127:8 | tainted | +| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | polynomial-redos.js:121:18:121:24 | tainted | | polynomial-redos.js:121:7:121:55 | replaced | polynomial-redos.js:123:13:123:20 | replaced | | polynomial-redos.js:121:18:121:24 | tainted | polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | | polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | polynomial-redos.js:121:7:121:55 | replaced | | polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result | | polynomial-redos.js:123:13:123:20 | replaced | polynomial-redos.js:123:3:123:20 | result | -| polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified | +| polynomial-redos.js:127:2:127:8 | tainted | polynomial-redos.js:129:17:129:23 | tainted | | polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified | | polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | +| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:132:18:132:24 | tainted | | polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | polynomial-redos.js:129:6:129:42 | modified | | polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 | | polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | +| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:135:21:135:27 | tainted | | polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | polynomial-redos.js:132:6:132:50 | modified2 | | polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 | | polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | +| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:138:5:138:11 | tainted | | polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | polynomial-redos.js:135:9:135:47 | modified3 | +nodes +| lib/closure.js:3:21:3:21 | x | semmle.label | x | +| lib/closure.js:4:16:4:16 | x | semmle.label | x | +| lib/indirect.js:1:32:1:32 | x | semmle.label | x | +| lib/indirect.js:2:16:2:16 | x | semmle.label | x | +| lib/lib.js:3:28:3:31 | name | semmle.label | name | +| lib/lib.js:4:14:4:17 | name | semmle.label | name | +| lib/lib.js:7:19:7:22 | name | semmle.label | name | +| lib/lib.js:8:13:8:16 | name | semmle.label | name | +| lib/lib.js:32:32:32:40 | arguments | semmle.label | arguments | +| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | semmle.label | 'arguments' object of function usedWithArguments | +| lib/lib.js:35:28:35:31 | name | semmle.label | name | +| lib/lib.js:36:13:36:16 | name | semmle.label | name | +| lib/lib.js:41:32:41:35 | name | semmle.label | name | +| lib/lib.js:42:17:42:20 | name | semmle.label | name | +| lib/lib.js:44:5:44:25 | name | semmle.label | name | +| lib/lib.js:44:12:44:15 | name | semmle.label | name | +| lib/lib.js:44:12:44:25 | name.substr(1) | semmle.label | name.substr(1) | +| lib/lib.js:45:17:45:20 | name | semmle.label | name | +| lib/lib.js:52:22:52:25 | name | semmle.label | name | +| lib/lib.js:53:16:53:19 | name | semmle.label | name | +| lib/moduleLib/moduleLib.js:1:28:1:31 | name | semmle.label | name | +| lib/moduleLib/moduleLib.js:2:13:2:16 | name | semmle.label | name | +| lib/otherLib/js/src/index.js:1:28:1:31 | name | semmle.label | name | +| lib/otherLib/js/src/index.js:2:13:2:16 | name | semmle.label | name | +| lib/snapdragon.js:3:34:3:38 | input | semmle.label | input | +| lib/snapdragon.js:7:15:7:18 | this | semmle.label | this | +| lib/snapdragon.js:9:12:9:16 | input | semmle.label | input | +| lib/snapdragon.js:12:34:12:38 | input | semmle.label | input | +| lib/snapdragon.js:15:13:15:16 | this | semmle.label | this | +| lib/snapdragon.js:17:20:17:24 | input | semmle.label | input | +| lib/snapdragon.js:20:34:20:38 | input | semmle.label | input | +| lib/snapdragon.js:22:44:22:47 | node | semmle.label | node | +| lib/snapdragon.js:23:5:23:8 | node | semmle.label | node | +| lib/snapdragon.js:23:5:23:12 | node.val | semmle.label | node.val | +| lib/snapdragon.js:25:22:25:26 | input | semmle.label | input | +| lib/subLib4/factory.js:7:27:7:30 | name | semmle.label | name | +| lib/subLib4/factory.js:8:13:8:16 | name | semmle.label | name | +| lib/subLib5/feature.js:1:28:1:31 | name | semmle.label | name | +| lib/subLib5/feature.js:2:13:2:16 | name | semmle.label | name | +| lib/subLib5/main.js:1:28:1:31 | name | semmle.label | name | +| lib/subLib5/main.js:2:13:2:16 | name | semmle.label | name | +| lib/subLib5/subclass.js:4:10:4:13 | name | semmle.label | name | +| lib/subLib5/subclass.js:5:16:5:19 | name | semmle.label | name | +| lib/subLib6/index.js:1:32:1:35 | name | semmle.label | name | +| lib/subLib6/index.js:2:14:2:17 | name | semmle.label | name | +| lib/sublib/factory.js:12:26:12:29 | name | semmle.label | name | +| lib/sublib/factory.js:13:24:13:27 | name | semmle.label | name | +| polynomial-redos.js:5:6:5:32 | tainted | semmle.label | tainted | +| polynomial-redos.js:5:16:5:32 | req.query.tainted | semmle.label | req.query.tainted | +| polynomial-redos.js:7:2:7:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:7:2:7:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:8:2:8:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:8:2:8:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:9:2:9:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:9:2:9:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:10:2:10:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:11:2:11:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:11:2:11:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:12:2:12:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:12:2:12:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:13:2:13:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:14:2:14:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:15:2:15:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:15:2:15:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:16:2:16:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:16:2:16:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:17:23:17:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:17:23:17:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:18:2:18:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:18:2:18:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:19:2:19:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:19:2:19:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:20:2:20:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:20:2:20:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:21:6:21:12 | tainted | semmle.label | tainted | +| polynomial-redos.js:25:2:25:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:25:2:25:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:26:2:26:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:27:77:27:83 | tainted | semmle.label | tainted | +| polynomial-redos.js:28:76:28:82 | tainted | semmle.label | tainted | +| polynomial-redos.js:30:2:30:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:30:2:30:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:31:2:31:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:32:2:32:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:33:2:33:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:33:2:33:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:34:2:34:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:36:2:36:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:36:2:36:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:37:2:37:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:37:2:37:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:38:2:38:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:38:2:38:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:40:2:40:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:40:2:40:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:41:2:41:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:43:2:43:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:43:2:43:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:44:2:44:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:46:2:46:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:47:2:47:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:48:2:48:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:48:2:48:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:50:14:50:20 | tainted | semmle.label | tainted | +| polynomial-redos.js:50:14:50:20 | tainted | semmle.label | tainted | +| polynomial-redos.js:51:26:51:32 | tainted | semmle.label | tainted | +| polynomial-redos.js:51:26:51:32 | tainted | semmle.label | tainted | +| polynomial-redos.js:52:22:52:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:52:22:52:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:53:21:53:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:53:21:53:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:54:22:54:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:54:22:54:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:55:23:55:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:55:23:55:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:56:22:56:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:56:22:56:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:57:25:57:31 | tainted | semmle.label | tainted | +| polynomial-redos.js:57:25:57:31 | tainted | semmle.label | tainted | +| polynomial-redos.js:58:21:58:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:58:21:58:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:59:23:59:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:59:23:59:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:60:17:60:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:61:18:61:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:62:17:62:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:62:17:62:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:63:21:63:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:63:21:63:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:64:24:64:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:64:24:64:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:65:24:65:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:65:24:65:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:66:19:66:25 | tainted | semmle.label | tainted | +| polynomial-redos.js:66:19:66:25 | tainted | semmle.label | tainted | +| polynomial-redos.js:67:18:67:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:67:18:67:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:68:18:68:24 | req.url | semmle.label | req.url | +| polynomial-redos.js:69:18:69:25 | req.body | semmle.label | req.body | +| polynomial-redos.js:71:2:71:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:71:2:71:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:73:2:73:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:73:2:73:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:75:2:75:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:75:2:75:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:77:2:77:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:77:2:77:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:80:2:80:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:80:2:80:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:81:2:81:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:81:2:81:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:82:2:82:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:83:2:83:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:84:2:84:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:86:2:86:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:86:2:86:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:88:2:88:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:88:2:88:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:89:2:89:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:89:2:89:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:90:2:90:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:90:2:90:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:91:2:91:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:92:2:92:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:94:2:94:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:94:2:94:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:95:2:95:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:95:2:95:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:96:2:96:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:96:2:96:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:98:2:98:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:98:2:98:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:100:2:100:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:100:2:100:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:101:2:101:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:101:2:101:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:102:2:102:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:102:2:102:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:103:2:103:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:103:2:103:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:104:2:104:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:104:2:104:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:105:2:105:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:107:2:107:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:107:2:107:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:108:2:108:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:108:2:108:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:109:2:109:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:109:2:109:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:111:2:111:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:111:2:111:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:112:2:112:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:112:2:112:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:114:2:114:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:114:2:114:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:116:2:116:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:116:2:116:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:118:2:118:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:118:2:118:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | semmle.label | (functi ... OK\\n\\t}) [tainted] | +| polynomial-redos.js:121:7:121:55 | replaced | semmle.label | replaced | +| polynomial-redos.js:121:18:121:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | semmle.label | tainted ... /g, '') | +| polynomial-redos.js:123:3:123:20 | result | semmle.label | result | +| polynomial-redos.js:123:13:123:20 | replaced | semmle.label | replaced | +| polynomial-redos.js:124:12:124:17 | result | semmle.label | result | +| polynomial-redos.js:127:2:127:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:129:6:129:42 | modified | semmle.label | modified | +| polynomial-redos.js:129:17:129:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | semmle.label | tainted ... g, "b") | +| polynomial-redos.js:130:2:130:9 | modified | semmle.label | modified | +| polynomial-redos.js:132:6:132:50 | modified2 | semmle.label | modified2 | +| polynomial-redos.js:132:18:132:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | semmle.label | tainted ... g, "e") | +| polynomial-redos.js:133:2:133:10 | modified2 | semmle.label | modified2 | +| polynomial-redos.js:135:9:135:47 | modified3 | semmle.label | modified3 | +| polynomial-redos.js:135:21:135:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | semmle.label | tainted ... /g, "") | +| polynomial-redos.js:136:5:136:13 | modified3 | semmle.label | modified3 | +| polynomial-redos.js:138:5:138:11 | tainted | semmle.label | tainted | +subpaths #select | lib/closure.js:4:5:4:17 | /u*o/.test(x) | lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | This $@ that depends on $@ may run slow on strings with many repetitions of 'u'. | lib/closure.js:4:6:4:7 | u* | regular expression | lib/closure.js:3:21:3:21 | x | library input | | lib/indirect.js:2:5:2:17 | /k*h/.test(x) | lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | This $@ that depends on $@ may run slow on strings with many repetitions of 'k'. | lib/indirect.js:2:6:2:7 | k* | regular expression | lib/indirect.js:1:32:1:32 | x | library input | From 43be45207dea8322b8e1ab91a6bc1b16313afc22 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:28:27 +0200 Subject: [PATCH 106/223] JS: Port meta queries --- javascript/ql/src/meta/alerts/TaintedNodes.ql | 14 +++++++------- .../SanitizersReachableFromSource.ql | 12 ++++++------ .../SinksReachableFromSanitizer.ql | 12 ++++++------ .../ql/src/meta/analysis-quality/TaintedNodes.ql | 12 ++++++------ 4 files changed, 25 insertions(+), 25 deletions(-) diff --git a/javascript/ql/src/meta/alerts/TaintedNodes.ql b/javascript/ql/src/meta/alerts/TaintedNodes.ql index 6bdd0a6bc307..da9f7bab6f46 100644 --- a/javascript/ql/src/meta/alerts/TaintedNodes.ql +++ b/javascript/ql/src/meta/alerts/TaintedNodes.ql @@ -12,20 +12,20 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { // To reduce noise from synthetic nodes, only count value nodes node instanceof DataFlow::ValueNode and not node.getFile() instanceof IgnoredFile } } +module BasicTaintFlow = TaintTracking::Global; + // Avoid linking to the source as this would upset the statistics: nodes reachable -// from multiple sources would be counted multilpe times, and that's not what we intend to measure. +// from multiple sources would be counted multiple times, and that's not what we intend to measure. from DataFlow::Node node -where any(BasicTaintConfiguration cfg).hasFlow(_, node) +where BasicTaintFlow::flowTo(node) select node, "Tainted node" diff --git a/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql b/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql index a477c8af8a95..f99d3b9a3917 100644 --- a/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql +++ b/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql @@ -11,12 +11,12 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - - override predicate isSink(DataFlow::Node node) { node = relevantSanitizerInput() } + predicate isSink(DataFlow::Node node) { node = relevantSanitizerInput() } } -select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node)) +module BasicTaintFlow = TaintTracking::Global; + +select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node)) diff --git a/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql b/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql index e57d562aebbe..7786fce5ecef 100644 --- a/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql +++ b/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql @@ -11,12 +11,12 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantSanitizerOutput() } - override predicate isSource(DataFlow::Node node) { node = relevantSanitizerOutput() } - - override predicate isSink(DataFlow::Node node) { node = relevantTaintSink() } + predicate isSink(DataFlow::Node node) { node = relevantTaintSink() } } -select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node)) +module BasicTaintFlow = TaintTracking::Global; + +select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node)) diff --git a/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql b/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql index 208a39b9ab16..7b2dfbbf6427 100644 --- a/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql +++ b/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql @@ -12,16 +12,16 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { // To reduce noise from synthetic nodes, only count value nodes node instanceof DataFlow::ValueNode and not node.getFile() instanceof IgnoredFile } } -select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node)) +module BasicTaintFlow = TaintTracking::Global; + +select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node)) From d35959a09820341ac5ba51475a982200623c1b8e Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 09:29:42 +0200 Subject: [PATCH 107/223] JS: Add utility for comparing results in tests --- .../test/testUtilities/LegacyDataFlowDiff.qll | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 javascript/ql/test/testUtilities/LegacyDataFlowDiff.qll diff --git a/javascript/ql/test/testUtilities/LegacyDataFlowDiff.qll b/javascript/ql/test/testUtilities/LegacyDataFlowDiff.qll new file mode 100644 index 000000000000..00fd8217c211 --- /dev/null +++ b/javascript/ql/test/testUtilities/LegacyDataFlowDiff.qll @@ -0,0 +1,17 @@ +private import javascript + +private signature class LegacyConfigSig extends DataFlow::Configuration; + +module DataFlowDiff { + query predicate legacyDataFlowDifference( + DataFlow::Node source, DataFlow::Node sink, string message + ) { + NewFlow::flow(source, sink) and + not any(LegacyConfig cfg).hasFlow(source, sink) and + message = "only flow with NEW data flow library" + or + not NewFlow::flow(source, sink) and + any(LegacyConfig cfg).hasFlow(source, sink) and + message = "only flow with OLD data flow library" + } +} From ff086377cb4620e8506e1adc2979ad3b97b56dbc Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 14:48:34 +0200 Subject: [PATCH 108/223] JS: Port Arrays test --- .../library-tests/Arrays/DataFlow.expected | 2 ++ .../ql/test/library-tests/Arrays/DataFlow.ql | 24 ++++++++++++------- .../library-tests/Arrays/TaintFlow.expected | 2 ++ .../ql/test/library-tests/Arrays/TaintFlow.ql | 24 ++++++++++++------- 4 files changed, 36 insertions(+), 16 deletions(-) diff --git a/javascript/ql/test/library-tests/Arrays/DataFlow.expected b/javascript/ql/test/library-tests/Arrays/DataFlow.expected index 2f5179075cf2..042acffde4b6 100644 --- a/javascript/ql/test/library-tests/Arrays/DataFlow.expected +++ b/javascript/ql/test/library-tests/Arrays/DataFlow.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +flow | arrays.js:2:16:2:23 | "source" | arrays.js:5:8:5:14 | obj.foo | | arrays.js:2:16:2:23 | "source" | arrays.js:11:10:11:15 | arr[i] | | arrays.js:2:16:2:23 | "source" | arrays.js:15:27:15:27 | e | diff --git a/javascript/ql/test/library-tests/Arrays/DataFlow.ql b/javascript/ql/test/library-tests/Arrays/DataFlow.ql index 80c9f068a10f..dab899b56b07 100644 --- a/javascript/ql/test/library-tests/Arrays/DataFlow.ql +++ b/javascript/ql/test/library-tests/Arrays/DataFlow.ql @@ -1,15 +1,23 @@ import javascript -class ArrayFlowConfig extends DataFlow::Configuration { - ArrayFlowConfig() { this = "ArrayFlowConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - override predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } -from ArrayFlowConfig config, DataFlow::Node src, DataFlow::Node snk -where config.hasFlow(src, snk) -select src, snk +module TestFlow = DataFlow::Global; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/Arrays/TaintFlow.expected b/javascript/ql/test/library-tests/Arrays/TaintFlow.expected index 20dbaa46ae26..b3628576a39c 100644 --- a/javascript/ql/test/library-tests/Arrays/TaintFlow.expected +++ b/javascript/ql/test/library-tests/Arrays/TaintFlow.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +flow | arrays.js:2:16:2:23 | "source" | arrays.js:5:8:5:14 | obj.foo | | arrays.js:2:16:2:23 | "source" | arrays.js:11:10:11:15 | arr[i] | | arrays.js:2:16:2:23 | "source" | arrays.js:15:27:15:27 | e | diff --git a/javascript/ql/test/library-tests/Arrays/TaintFlow.ql b/javascript/ql/test/library-tests/Arrays/TaintFlow.ql index cee2f294a349..8e0763c8a394 100644 --- a/javascript/ql/test/library-tests/Arrays/TaintFlow.ql +++ b/javascript/ql/test/library-tests/Arrays/TaintFlow.ql @@ -1,15 +1,23 @@ import javascript -class ArrayTaintFlowConfig extends TaintTracking::Configuration { - ArrayTaintFlowConfig() { this = "ArrayTaintFlowConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - override predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } -from ArrayTaintFlowConfig config, DataFlow::Node src, DataFlow::Node snk -where config.hasFlow(src, snk) -select src, snk +module TestFlow = TaintTracking::Global; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; From 9a15a557b4eba6e309693ec0602302ccf0d8ad8d Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 14:48:52 +0200 Subject: [PATCH 109/223] JS: Port SimpleBarrierGuard test --- .../Barriers/SimpleBarrierGuard.expected | 8 +++-- .../Barriers/SimpleBarrierGuard.ql | 36 +++++++++++++------ 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected index 437c60684f8d..ef95465e01a6 100644 --- a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected +++ b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected @@ -1,3 +1,5 @@ -| tst.js:4:10:4:10 | x | tst.js:2:13:2:20 | SOURCE() | -| tst.js:9:14:9:14 | x | tst.js:2:13:2:20 | SOURCE() | -| tst.js:12:10:12:10 | x | tst.js:2:13:2:20 | SOURCE() | +legacyDataFlowDifference +flow +| tst.js:2:13:2:20 | SOURCE() | tst.js:4:10:4:10 | x | +| tst.js:2:13:2:20 | SOURCE() | tst.js:9:14:9:14 | x | +| tst.js:2:13:2:20 | SOURCE() | tst.js:12:10:12:10 | x | diff --git a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql index 595d7797d36f..a548e99a1ff4 100644 --- a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql +++ b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql @@ -1,33 +1,47 @@ import javascript -class Configuration extends DataFlow::Configuration { - Configuration() { this = "SimpleBarrierGuard" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::InvokeNode).getCalleeName() = "SOURCE" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::InvokeNode call | call.getCalleeName() = "SINK" and sink = call.getArgument(0) ) } - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof SimpleBarrierGuardNode + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() } } +module TestFlow = DataFlow::Global; + class SimpleBarrierGuardNode extends DataFlow::BarrierGuardNode, DataFlow::InvokeNode { SimpleBarrierGuardNode() { this.getCalleeName() = "BARRIER" } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocks(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, source +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } + + override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { + guard instanceof SimpleBarrierGuardNode + } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; From 1a95961bac5327a74def2c59c23072bce81a1e3a Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 14:49:04 +0200 Subject: [PATCH 110/223] JS: Port Classes test --- .../test/library-tests/Classes/tests.expected | 7 +++--- .../ql/test/library-tests/Classes/tests.ql | 22 +++++++++++++------ 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/javascript/ql/test/library-tests/Classes/tests.expected b/javascript/ql/test/library-tests/Classes/tests.expected index 1d4cce399def..aadd449349c2 100644 --- a/javascript/ql/test/library-tests/Classes/tests.expected +++ b/javascript/ql/test/library-tests/Classes/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference test_FieldInits | dataflow.js:5:3:5:17 | #priv = source; | dataflow.js:5:11:5:16 | source | | fields.js:3:3:3:8 | y = 42 | fields.js:3:7:3:8 | 42 | @@ -287,9 +288,6 @@ getAccessModifier | tst.js:12:3:12:8 | m() {} | tst.js:12:3:12:3 | m | Public | | tst.js:13:3:13:10 | [m]() {} | tst.js:13:4:13:4 | m | Public | | tst.js:17:3:17:20 | m() { return 42; } | tst.js:17:3:17:3 | m | Public | -dataflow -| dataflow.js:2:15:2:22 | "source" | dataflow.js:14:7:14:25 | new Foo().getPriv() | -| dataflow.js:2:15:2:22 | "source" | dataflow.js:16:7:16:33 | new Foo ... ivate() | staticInitializer | staticInitializer.js:1:1:18:1 | class M ... ;\\n }\\n} | staticInitializer.js:6:10:8:3 | {\\n M ... 3;\\n } | | staticInitializer.js:1:1:18:1 | class M ... ;\\n }\\n} | staticInitializer.js:15:10:17:3 | {\\n t ... 6;\\n } | @@ -312,3 +310,6 @@ privateIdentifier | privateFields.js:37:12:37:17 | #brand | | privateFields.js:37:29:37:35 | #method | | privateFields.js:37:47:37:53 | #getter | +dataflow +| dataflow.js:2:15:2:22 | "source" | dataflow.js:14:7:14:25 | new Foo().getPriv() | +| dataflow.js:2:15:2:22 | "source" | dataflow.js:16:7:16:33 | new Foo ... ivate() | diff --git a/javascript/ql/test/library-tests/Classes/tests.ql b/javascript/ql/test/library-tests/Classes/tests.ql index cd236367152d..d01f8f6f6408 100644 --- a/javascript/ql/test/library-tests/Classes/tests.ql +++ b/javascript/ql/test/library-tests/Classes/tests.ql @@ -57,22 +57,30 @@ query string getAccessModifier(DataFlow::PropRef ref, Expr prop) { if ref.isPrivateField() then result = "Private" else result = "Public" } -class Configuration extends DataFlow::Configuration { - Configuration() { this = "ClassDataFlowTestingConfig" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.getEnclosingExpr().(StringLiteral).getValue().toLowerCase() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() = sink } } -query predicate dataflow(DataFlow::Node pred, DataFlow::Node succ) { - any(Configuration c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate dataflow = TestFlow::flow/2; + query BlockStmt staticInitializer(ClassDefinition cd) { result = cd.getAStaticInitializerBlock() } query Identifier privateIdentifier() { result.getName().matches("#%") } From c652470e2f9fcd01f33787f175a3c8bb22efb331 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 14:49:18 +0200 Subject: [PATCH 111/223] JS: Do not port CustomLoadStoreStep test --- javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql | 1 + 1 file changed, 1 insertion(+) diff --git a/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql b/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql index 2c56d41ab4d5..c6721b522171 100644 --- a/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql +++ b/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql @@ -1,5 +1,6 @@ import javascript +// Note: this test has not been ported to ConfigSig, because isAdditionalLoadStep has no equivalent there class Configuration extends TaintTracking::Configuration { Configuration() { this = "PromiseFlowTestingConfig" } From af05789cbf7c9a09cc688f67639bf010c5c81c85 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 9 Oct 2023 10:36:17 +0200 Subject: [PATCH 112/223] JS: Remove noise from data flow test --- .../library-tests/DataFlow/tests.expected | 21 ++++++++++++++++++- .../ql/test/library-tests/DataFlow/tests.ql | 5 ++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/javascript/ql/test/library-tests/DataFlow/tests.expected b/javascript/ql/test/library-tests/DataFlow/tests.expected index 02bfbe09e2d9..c0e1edf1d3f6 100644 --- a/javascript/ql/test/library-tests/DataFlow/tests.expected +++ b/javascript/ql/test/library-tests/DataFlow/tests.expected @@ -16,12 +16,14 @@ basicBlock | arguments.js:1:1:12:4 | exceptional return of (functi ... );\\n})() | arguments.js:1:1:1:0 | entry node of | | arguments.js:1:2:1:1 | this | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:1:2:12:1 | 'arguments' object of anonymous function | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | +| arguments.js:1:2:12:1 | [function self-reference] functio ... , 3);\\n} | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:1:2:12:1 | exceptional return of anonymous function | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:1:2:12:1 | functio ... , 3);\\n} | arguments.js:1:1:1:0 | entry node of | | arguments.js:1:2:12:1 | return of anonymous function | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:2:5:2:4 | this | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:2:5 | arguments | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:10:5 | 'arguments' object of function f | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | +| arguments.js:2:5:10:5 | [function self-reference] functio ... ;\\n } | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:10:5 | exceptional return of function f | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:10:5 | functio ... ;\\n } | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:2:5:10:5 | return of function f | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | @@ -69,6 +71,7 @@ basicBlock | eval.js:1:1:1:0 | this | eval.js:1:1:1:0 | entry node of | | eval.js:1:1:1:0 | this | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | | eval.js:1:1:5:1 | 'arguments' object of function k | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | +| eval.js:1:1:5:1 | [function self-reference] functio ... eval`\\n} | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | | eval.js:1:1:5:1 | exceptional return of function k | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | | eval.js:1:1:5:1 | functio ... eval`\\n} | eval.js:1:1:1:0 | entry node of | | eval.js:1:1:5:1 | return of function k | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | @@ -89,6 +92,7 @@ basicBlock | sources.js:1:6:1:6 | x | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:6 | x | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:11 | 'arguments' object of anonymous function | sources.js:1:6:1:5 | entry node of x => x | +| sources.js:1:6:1:11 | [function self-reference] x => x | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:11 | exceptional return of anonymous function | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:11 | return of anonymous function | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:11 | x => x | sources.js:1:1:1:0 | entry node of | @@ -98,6 +102,7 @@ basicBlock | sources.js:3:1:5:6 | exceptional return of (functi ... \\n})(23) | sources.js:1:1:1:0 | entry node of | | sources.js:3:2:3:1 | this | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | | sources.js:3:2:5:1 | 'arguments' object of anonymous function | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | +| sources.js:3:2:5:1 | [function self-reference] functio ... x+19;\\n} | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | | sources.js:3:2:5:1 | exceptional return of anonymous function | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | | sources.js:3:2:5:1 | functio ... x+19;\\n} | sources.js:1:1:1:0 | entry node of | | sources.js:3:2:5:1 | return of anonymous function | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | @@ -110,6 +115,7 @@ basicBlock | sources.js:7:1:7:3 | /x/ | sources.js:1:1:1:0 | entry node of | | sources.js:9:1:9:0 | this | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} | | sources.js:9:1:12:1 | 'arguments' object of function foo | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} | +| sources.js:9:1:12:1 | [function self-reference] functio ... ey; }\\n} | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} | | sources.js:9:1:12:1 | exceptional return of function foo | sources.js:12:2:12:1 | exit node of functio ... ey; }\\n} | | sources.js:9:1:12:1 | functio ... ey; }\\n} | sources.js:1:1:1:0 | entry node of | | sources.js:9:1:12:1 | return of function foo | sources.js:12:2:12:1 | exit node of functio ... ey; }\\n} | @@ -147,6 +153,7 @@ basicBlock | tst2.ts:7:1:7:0 | A | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | | tst2.ts:7:1:7:0 | this | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | | tst2.ts:7:1:9:1 | 'arguments' object of function setX | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | +| tst2.ts:7:1:9:1 | [function self-reference] functio ... = 23;\\n} | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | | tst2.ts:7:1:9:1 | exceptional return of function setX | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | | tst2.ts:7:1:9:1 | functio ... = 23;\\n} | tst2.ts:1:1:1:0 | entry node of | | tst2.ts:7:1:9:1 | return of function setX | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | @@ -170,6 +177,7 @@ basicBlock | tst2.ts:13:39:13:38 | 'arguments' object of default constructor of class StringList | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | (...arg ... rgs); } | tst2.ts:1:1:1:0 | entry node of | | tst2.ts:13:39:13:38 | ...args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | +| tst2.ts:13:39:13:38 | [function self-reference] (...arg ... rgs); } | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | @@ -236,6 +244,7 @@ basicBlock | tst.js:16:1:20:9 | exceptional return of (functi ... ("arg") | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:16:2:16:1 | this | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} | | tst.js:16:2:20:1 | 'arguments' object of function f | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} | +| tst.js:16:2:20:1 | [function self-reference] functio ... n "";\\n} | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} | | tst.js:16:2:20:1 | exceptional return of function f | tst.js:20:2:20:1 | exit node of functio ... n "";\\n} | | tst.js:16:2:20:1 | functio ... n "";\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:16:2:20:1 | return of function f | tst.js:20:2:20:1 | exit node of functio ... n "";\\n} | @@ -271,12 +280,14 @@ basicBlock | tst.js:28:2:28:1 | x | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:28:2:29:3 | 'arguments' object of anonymous function | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:28:2:29:3 | () =>\\n x | tst.js:16:1:20:10 | (functi ... "arg"); | +| tst.js:28:2:29:3 | [function self-reference] () =>\\n x | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:28:2:29:3 | exceptional return of anonymous function | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:28:2:29:3 | return of anonymous function | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:29:3:29:3 | x | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:32:1:32:0 | this | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | | tst.js:32:1:32:0 | x | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | | tst.js:32:1:34:1 | 'arguments' object of function g | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | +| tst.js:32:1:34:1 | [function self-reference] functio ... ables\\n} | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | | tst.js:32:1:34:1 | exceptional return of function g | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | | tst.js:32:1:34:1 | functio ... ables\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:32:1:34:1 | return of function g | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | @@ -302,6 +313,7 @@ basicBlock | tst.js:39:4:39:3 | this | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:39:4:41:3 | 'arguments' object of method m | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:39:4:41:3 | () {\\n this;\\n } | tst.js:16:1:20:10 | (functi ... "arg"); | +| tst.js:39:4:41:3 | [function self-reference] () {\\n this;\\n } | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:39:4:41:3 | exceptional return of method m | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:39:4:41:3 | return of method m | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:40:5:40:8 | this | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | @@ -327,6 +339,7 @@ basicBlock | tst.js:50:14:50:13 | this | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:50:14:53:3 | 'arguments' object of constructor of class A | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:50:14:53:3 | () {\\n ... et`\\n } | tst.js:16:1:20:10 | (functi ... "arg"); | +| tst.js:50:14:53:3 | [function self-reference] () {\\n ... et`\\n } | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:50:14:53:3 | exceptional return of constructor of class A | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:50:14:53:3 | return of constructor of class A | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:51:5:51:9 | super | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | @@ -353,6 +366,7 @@ basicBlock | tst.js:62:4:62:4 | g | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:64:1:64:0 | this | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | | tst.js:64:1:67:1 | 'arguments' object of function h | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | +| tst.js:64:1:67:1 | [function self-reference] functio ... lysed\\n} | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | | tst.js:64:1:67:1 | exceptional return of function h | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | | tst.js:64:1:67:1 | functio ... lysed\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:64:1:67:1 | return of function h | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | @@ -377,6 +391,7 @@ basicBlock | tst.js:69:11:69:12 | 23 | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:71:1:71:0 | this | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | | tst.js:71:1:73:1 | 'arguments' object of function k | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | +| tst.js:71:1:73:1 | [function self-reference] async f ... lysed\\n} | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | | tst.js:71:1:73:1 | async f ... lysed\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:71:1:73:1 | exceptional return of function k | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | | tst.js:71:1:73:1 | return of function k | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | @@ -420,6 +435,7 @@ basicBlock | tst.js:87:1:96:2 | exceptional return of (functi ... r: 0\\n}) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:87:2:87:1 | this | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | | tst.js:87:2:92:1 | 'arguments' object of anonymous function | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | +| tst.js:87:2:92:1 | [function self-reference] functio ... + z;\\n} | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | | tst.js:87:2:92:1 | exceptional return of anonymous function | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | | tst.js:87:2:92:1 | functio ... + z;\\n} | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:87:2:92:1 | return of anonymous function | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | @@ -474,6 +490,7 @@ basicBlock | tst.js:98:1:103:17 | exceptional return of (functi ... 3, 0 ]) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:98:2:98:1 | this | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | | tst.js:98:2:103:1 | 'arguments' object of anonymous function | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | +| tst.js:98:2:103:1 | [function self-reference] functio ... + z;\\n} | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | | tst.js:98:2:103:1 | exceptional return of anonymous function | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | | tst.js:98:2:103:1 | functio ... + z;\\n} | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:98:2:103:1 | return of anonymous function | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | @@ -516,6 +533,7 @@ basicBlock | tst.js:107:1:113:2 | (functi ... v2c;\\n}) | tst.js:107:1:113:3 | (functi ... 2c;\\n}); | | tst.js:107:2:107:1 | this | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | | tst.js:107:2:113:1 | 'arguments' object of anonymous function | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | +| tst.js:107:2:113:1 | [function self-reference] functio ... v2c;\\n} | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | | tst.js:107:2:113:1 | exceptional return of anonymous function | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | | tst.js:107:2:113:1 | functio ... v2c;\\n} | tst.js:107:1:113:3 | (functi ... 2c;\\n}); | | tst.js:107:2:113:1 | return of anonymous function | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | @@ -998,6 +1016,7 @@ flowStep | tst2.ts:13:26:13:29 | List | tst2.ts:13:26:13:37 | List | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args | +| tst2.ts:13:39:13:38 | this | tst2.ts:13:39:13:38 | implicit 'this' argument of super(...args) | | tst2.ts:15:11:15:13 | A.x | tst2.ts:15:11:15:30 | A.x satisfies number | | tst.js:1:1:1:1 | x | tst.js:3:5:3:5 | x | | tst.js:1:10:1:11 | fs | tst.js:1:10:1:11 | fs | @@ -1079,6 +1098,7 @@ flowStep | tst.js:46:10:46:11 | "" | tst.js:46:1:46:11 | global = "" | | tst.js:49:1:54:1 | A | tst.js:55:1:55:1 | A | | tst.js:49:1:54:1 | class A ... `\\n }\\n} | tst.js:49:1:54:1 | A | +| tst.js:50:14:50:13 | this | tst.js:51:5:51:13 | implicit 'this' argument of super(42) | | tst.js:64:1:67:1 | functio ... lysed\\n} | tst.js:64:11:64:11 | h | | tst.js:64:11:64:11 | h | tst.js:68:12:68:12 | h | | tst.js:68:5:68:14 | iter | tst.js:69:1:69:4 | iter | @@ -1443,7 +1463,6 @@ incomplete | tst.js:117:10:117:24 | exceptional return of Object.seal(x1) | call | | tst.js:117:22:117:23 | x1 | global | noBasicBlock -| file://:0:0:0:0 | global access path | | tst.js:1:10:1:11 | fs | | tst.js:1:10:1:11 | fs | | tst.js:1:20:1:23 | 'fs' | diff --git a/javascript/ql/test/library-tests/DataFlow/tests.ql b/javascript/ql/test/library-tests/DataFlow/tests.ql index 14a3635b5340..8fd5fd694a10 100644 --- a/javascript/ql/test/library-tests/DataFlow/tests.ql +++ b/javascript/ql/test/library-tests/DataFlow/tests.ql @@ -23,7 +23,10 @@ query predicate incomplete(DataFlow::Node dfn, DataFlow::Incompleteness cause) { dfn.isIncomplete(cause) } -query predicate noBasicBlock(DataFlow::Node node) { not exists(node.getBasicBlock()) } +query predicate noBasicBlock(DataFlow::Node node) { + (node instanceof DataFlow::ValueNode or node instanceof DataFlow::SsaDefinitionNode) and + not exists(node.getBasicBlock()) +} query predicate parameters(DataFlow::ParameterNode param) { any() } From 92812eee78b35d5fe085b039819d9d9083caabed Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 14:54:41 +0200 Subject: [PATCH 113/223] JS: Add test for flow summaries --- .../FlowSummary/CaptureConsistency.expected | 17 ++ .../FlowSummary/CaptureConsistency.ql | 1 + .../FlowSummary/DataFlowConsistency.expected | 230 +++++++++++++++ .../FlowSummary/DataFlowConsistency.ql | 2 + .../library-tests/FlowSummary/Summaries.qll | 37 +++ .../library-tests/FlowSummary/test.expected | 0 .../ql/test/library-tests/FlowSummary/test.ql | 36 +++ .../ql/test/library-tests/FlowSummary/tst.js | 270 ++++++++++++++++++ 8 files changed, 593 insertions(+) create mode 100644 javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.expected create mode 100644 javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.ql create mode 100644 javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected create mode 100644 javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.ql create mode 100644 javascript/ql/test/library-tests/FlowSummary/Summaries.qll create mode 100644 javascript/ql/test/library-tests/FlowSummary/test.expected create mode 100644 javascript/ql/test/library-tests/FlowSummary/test.ql create mode 100644 javascript/ql/test/library-tests/FlowSummary/tst.js diff --git a/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.expected b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.expected new file mode 100644 index 000000000000..35f4edcf1fb9 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.expected @@ -0,0 +1,17 @@ +uniqueToString +uniqueEnclosingCallable +uniqueDominator +localDominator +localSuccessor +uniqueDefiningScope +variableIsCaptured +uniqueLocation +uniqueCfgNode +uniqueWriteTarget +uniqueWriteCfgNode +uniqueReadVariable +closureMustHaveBody +closureAliasMustBeInSameScope +variableAccessAstNesting +uniqueCallableLocation +consistencyOverview diff --git a/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.ql b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.ql new file mode 100644 index 000000000000..1134eee1f2b0 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.ql @@ -0,0 +1 @@ +import semmle.javascript.dataflow.internal.VariableCapture::VariableCaptureOutput::ConsistencyChecks diff --git a/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected new file mode 100644 index 000000000000..79c66aa0381c --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected @@ -0,0 +1,230 @@ +uniqueEnclosingCallable +uniqueCallEnclosingCallable +uniqueType +uniqueNodeLocation +missingLocation +uniqueNodeToString +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | +parameterCallable +localFlowIsLocal +readStepIsLocal +storeStepIsLocal +compatibleTypesReflexive +unreachableNodeCCtx +localCallNodes +postIsNotPre +postHasUniquePre +uniquePostUpdate +postIsInSameCallable +reverseRead +| tst.js:109:11:113:3 | 'arguments' object of anonymous function | Origin of readStep is missing a PostUpdateNode. | +| tst.js:267:28:267:31 | map3 | Origin of readStep is missing a PostUpdateNode. | +argHasPostUpdate +| tst.js:219:18:219:27 | [source()] | ArgumentNode is missing PostUpdateNode. | +postWithInFlow +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array method with flow into callback | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#filter | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#find / Array#findLast | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#flatMap | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#forEach / Map#forEach / Set#forEach | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#map | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#reduce / Array#reduceRight | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[2] in 'array.prototype.find' / 'array-find' | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[2] in Array.from(arg, callback, [thisArg]) | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#flatMap | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#forEach / Map#forEach / Set#forEach | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#map | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#reduce / Array#reduceRight | PostUpdateNode should not be the target of local flow. | +| tst.js:97:24:97:74 | new Pro ... rce())) | PostUpdateNode should not be the target of local flow. | +| tst.js:100:3:100:53 | new Pro ... rce())) | PostUpdateNode should not be the target of local flow. | +| tst.js:101:3:101:53 | new Pro ... rce())) | PostUpdateNode should not be the target of local flow. | +| tst.js:102:3:102:52 | new Pro ... rce())) | PostUpdateNode should not be the target of local flow. | +| tst.js:103:3:103:52 | new Pro ... rce())) | PostUpdateNode should not be the target of local flow. | +| tst.js:250:15:250:23 | new Map() | PostUpdateNode should not be the target of local flow. | +| tst.js:258:16:258:24 | new Map() | PostUpdateNode should not be the target of local flow. | +| tst.js:264:16:264:24 | new Map() | PostUpdateNode should not be the target of local flow. | +viableImplInCallContextTooLarge +uniqueParameterNodeAtPosition +uniqueParameterNodePosition +uniqueContentApprox +identityLocalStep +missingArgumentCall +multipleArgumentCall +| tst.js:30:8:30:37 | flowInt ... urce()) | tst.js:30:8:30:41 | flowInt ... ()).pop (as accessor call) | Multiple calls for argument node. | +| tst.js:30:8:30:37 | flowInt ... urce()) | tst.js:30:8:30:43 | flowInt ... ).pop() | Multiple calls for argument node. | +| tst.js:32:39:32:42 | Math | tst.js:32:39:32:49 | Math.random (as accessor call) | Multiple calls for argument node. | +| tst.js:32:39:32:42 | Math | tst.js:32:39:32:51 | Math.random() | Multiple calls for argument node. | +| tst.js:54:25:54:31 | Promise | tst.js:54:25:54:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:54:25:54:31 | Promise | tst.js:54:25:54:49 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:55:25:55:31 | Promise | tst.js:55:25:55:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:55:25:55:31 | Promise | tst.js:55:25:55:47 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:55:25:55:47 | Promise ... "safe") | tst.js:55:25:55:52 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:55:25:55:47 | Promise ... "safe") | tst.js:55:25:55:67 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:56:25:56:31 | Promise | tst.js:56:25:56:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:56:25:56:31 | Promise | tst.js:56:25:56:47 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:56:25:56:47 | Promise ... "safe") | tst.js:56:25:56:52 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:56:25:56:47 | Promise ... "safe") | tst.js:56:25:56:65 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:57:25:57:31 | Promise | tst.js:57:25:57:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:57:25:57:31 | Promise | tst.js:57:25:57:49 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:57:25:57:49 | Promise ... urce()) | tst.js:57:25:57:54 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:57:25:57:49 | Promise ... urce()) | tst.js:57:25:57:67 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:59:25:59:31 | Promise | tst.js:59:25:59:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:59:25:59:31 | Promise | tst.js:59:25:59:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:60:25:60:31 | Promise | tst.js:60:25:60:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:60:25:60:31 | Promise | tst.js:60:25:60:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:60:25:60:48 | Promise ... urce()) | tst.js:60:25:60:53 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:60:25:60:48 | Promise ... urce()) | tst.js:60:25:60:74 | Promise ... y => y) | Multiple calls for argument node. | +| tst.js:61:25:61:31 | Promise | tst.js:61:25:61:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:61:25:61:31 | Promise | tst.js:61:25:61:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:61:25:61:48 | Promise ... urce()) | tst.js:61:25:61:53 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:61:25:61:48 | Promise ... urce()) | tst.js:61:25:61:74 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:62:25:62:31 | Promise | tst.js:62:25:62:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:62:25:62:31 | Promise | tst.js:62:25:62:46 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:62:25:62:46 | Promise ... "safe") | tst.js:62:25:62:51 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:62:25:62:46 | Promise ... "safe") | tst.js:62:25:62:67 | Promise ... y => y) | Multiple calls for argument node. | +| tst.js:64:25:64:31 | Promise | tst.js:64:25:64:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:64:25:64:31 | Promise | tst.js:64:25:64:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:65:25:65:31 | Promise | tst.js:65:25:65:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:65:25:65:31 | Promise | tst.js:65:25:65:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:65:25:65:48 | Promise ... urce()) | tst.js:65:25:65:54 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:65:25:65:48 | Promise ... urce()) | tst.js:65:25:65:66 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:66:25:66:31 | Promise | tst.js:66:25:66:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:66:25:66:31 | Promise | tst.js:66:25:66:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:66:25:66:48 | Promise ... urce()) | tst.js:66:25:66:54 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:66:25:66:48 | Promise ... urce()) | tst.js:66:25:66:69 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:67:25:67:31 | Promise | tst.js:67:25:67:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:67:25:67:31 | Promise | tst.js:67:25:67:46 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:67:25:67:46 | Promise ... "safe") | tst.js:67:25:67:52 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:67:25:67:46 | Promise ... "safe") | tst.js:67:25:67:64 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:69:25:69:31 | Promise | tst.js:69:25:69:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:69:25:69:31 | Promise | tst.js:69:25:69:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:69:25:69:48 | Promise ... urce()) | tst.js:69:25:69:53 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:69:25:69:48 | Promise ... urce()) | tst.js:69:25:69:66 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:69:25:69:66 | Promise ... "safe") | tst.js:69:25:69:72 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:69:25:69:66 | Promise ... "safe") | tst.js:69:25:69:84 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:71:25:71:31 | Promise | tst.js:71:25:71:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:71:25:71:31 | Promise | tst.js:71:25:71:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:71:25:71:48 | Promise ... urce()) | tst.js:71:25:71:56 | Promise ... finally (as accessor call) | Multiple calls for argument node. | +| tst.js:71:25:71:48 | Promise ... urce()) | tst.js:71:25:71:70 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:71:25:71:70 | Promise ... "safe") | tst.js:71:25:71:76 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:71:25:71:70 | Promise ... "safe") | tst.js:71:25:71:88 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:72:25:72:31 | Promise | tst.js:72:25:72:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:72:25:72:31 | Promise | tst.js:72:25:72:49 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:72:25:72:49 | Promise ... urce()) | tst.js:72:25:72:57 | Promise ... finally (as accessor call) | Multiple calls for argument node. | +| tst.js:72:25:72:49 | Promise ... urce()) | tst.js:72:25:72:71 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:72:25:72:71 | Promise ... "safe") | tst.js:72:25:72:76 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:72:25:72:71 | Promise ... "safe") | tst.js:72:25:72:88 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:73:25:73:31 | Promise | tst.js:73:25:73:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:73:25:73:31 | Promise | tst.js:73:25:73:46 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:73:25:73:46 | Promise ... "safe") | tst.js:73:25:73:54 | Promise ... finally (as accessor call) | Multiple calls for argument node. | +| tst.js:73:25:73:46 | Promise ... "safe") | tst.js:73:25:73:80 | Promise ... ce() }) | Multiple calls for argument node. | +| tst.js:73:25:73:80 | Promise ... ce() }) | tst.js:73:25:73:86 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:73:25:73:80 | Promise ... ce() }) | tst.js:73:25:73:98 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:75:3:75:9 | Promise | tst.js:75:3:75:17 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:75:3:75:9 | Promise | tst.js:75:3:75:25 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:75:3:75:25 | Promise ... "safe") | tst.js:75:3:76:9 | Promise ... .then (as accessor call) | Multiple calls for argument node. | +| tst.js:75:3:75:25 | Promise ... "safe") | tst.js:75:3:76:35 | Promise ... e(); }) | Multiple calls for argument node. | +| tst.js:75:3:76:35 | Promise ... e(); }) | tst.js:75:3:77:10 | Promise ... .catch (as accessor call) | Multiple calls for argument node. | +| tst.js:75:3:76:35 | Promise ... e(); }) | tst.js:75:3:79:6 | Promise ... \\n }) | Multiple calls for argument node. | +| tst.js:81:3:81:9 | Promise | tst.js:81:3:81:17 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:81:9 | Promise | tst.js:81:3:81:25 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:81:3:81:25 | Promise ... "safe") | tst.js:81:3:82:9 | Promise ... .then (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:81:25 | Promise ... "safe") | tst.js:81:3:82:35 | Promise ... e(); }) | Multiple calls for argument node. | +| tst.js:81:3:82:35 | Promise ... e(); }) | tst.js:81:3:83:9 | Promise ... .then (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:82:35 | Promise ... e(); }) | tst.js:81:3:83:22 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:81:3:83:22 | Promise ... "safe") | tst.js:81:3:84:10 | Promise ... .catch (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:83:22 | Promise ... "safe") | tst.js:81:3:86:6 | Promise ... \\n }) | Multiple calls for argument node. | +| tst.js:89:3:89:27 | flowInt ... urce()) | tst.js:89:3:89:32 | flowInt ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:89:3:89:27 | flowInt ... urce()) | tst.js:89:3:89:54 | flowInt ... value)) | Multiple calls for argument node. | +| tst.js:100:3:100:53 | new Pro ... rce())) | tst.js:100:3:100:58 | new Pro ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:100:3:100:53 | new Pro ... rce())) | tst.js:100:3:100:72 | new Pro ... ink(x)) | Multiple calls for argument node. | +| tst.js:101:3:101:53 | new Pro ... rce())) | tst.js:101:3:101:59 | new Pro ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:101:3:101:53 | new Pro ... rce())) | tst.js:101:3:101:77 | new Pro ... k(err)) | Multiple calls for argument node. | +| tst.js:102:3:102:52 | new Pro ... rce())) | tst.js:102:3:102:57 | new Pro ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:102:3:102:52 | new Pro ... rce())) | tst.js:102:3:102:71 | new Pro ... ink(x)) | Multiple calls for argument node. | +| tst.js:103:3:103:52 | new Pro ... rce())) | tst.js:103:3:103:58 | new Pro ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:103:3:103:52 | new Pro ... rce())) | tst.js:103:3:103:76 | new Pro ... k(err)) | Multiple calls for argument node. | +| tst.js:105:3:105:9 | Promise | tst.js:105:3:105:13 | Promise.all (as accessor call) | Multiple calls for argument node. | +| tst.js:105:3:105:9 | Promise | tst.js:105:3:109:4 | Promise ... e"\\n ]) | Multiple calls for argument node. | +| tst.js:105:3:109:4 | Promise ... e"\\n ]) | tst.js:105:3:109:9 | Promise ... ]).then (as accessor call) | Multiple calls for argument node. | +| tst.js:105:3:109:4 | Promise ... e"\\n ]) | tst.js:105:3:113:4 | Promise ... OK\\n }) | Multiple calls for argument node. | +| tst.js:170:19:170:25 | Promise | tst.js:170:19:170:33 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:170:19:170:25 | Promise | tst.js:170:19:170:38 | Promise.resolve(obj) | Multiple calls for argument node. | +| tst.js:209:3:209:7 | array | tst.js:209:3:209:12 | array.push (as accessor call) | Multiple calls for argument node. | +| tst.js:209:3:209:7 | array | tst.js:209:3:209:38 | array.p ... urce()) | Multiple calls for argument node. | +| tst.js:210:8:210:12 | array | tst.js:210:8:210:16 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:210:8:210:12 | array | tst.js:210:8:210:18 | array.pop() | Multiple calls for argument node. | +| tst.js:213:3:213:8 | array2 | tst.js:213:3:213:13 | array2.push (as accessor call) | Multiple calls for argument node. | +| tst.js:213:3:213:8 | array2 | tst.js:213:3:213:23 | array2. ... urce()) | Multiple calls for argument node. | +| tst.js:214:3:214:8 | array2 | tst.js:214:3:214:13 | array2.push (as accessor call) | Multiple calls for argument node. | +| tst.js:214:3:214:8 | array2 | tst.js:214:3:214:21 | array2.push("safe") | Multiple calls for argument node. | +| tst.js:215:3:215:8 | array2 | tst.js:215:3:215:13 | array2.push (as accessor call) | Multiple calls for argument node. | +| tst.js:215:3:215:8 | array2 | tst.js:215:3:215:21 | array2.push("safe") | Multiple calls for argument node. | +| tst.js:216:3:216:8 | array2 | tst.js:216:3:216:16 | array2.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:216:3:216:8 | array2 | tst.js:216:3:216:30 | array2. ... ink(x)) | Multiple calls for argument node. | +| tst.js:219:3:219:8 | array3 | tst.js:219:3:219:13 | array3.push (as accessor call) | Multiple calls for argument node. | +| tst.js:219:3:219:8 | array3 | tst.js:219:3:219:28 | array3. ... rce()]) | Multiple calls for argument node. | +| tst.js:220:3:220:8 | array3 | tst.js:220:3:220:16 | array3.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:220:3:220:8 | array3 | tst.js:220:3:220:30 | array3. ... ink(x)) | Multiple calls for argument node. | +| tst.js:223:12:223:32 | Array.p ... e.slice | tst.js:223:12:223:37 | Array.p ... ce.call (as accessor call) | Multiple calls for argument node. | +| tst.js:223:12:223:32 | Array.p ... e.slice | tst.js:223:12:223:45 | Array.p ... array4) | Multiple calls for argument node. | +| tst.js:223:12:223:32 | Array.p ... e.slice | tst.js:223:12:223:45 | reflective call | Multiple calls for argument node. | +| tst.js:223:39:223:44 | array4 | tst.js:223:12:223:45 | Array.p ... array4) | Multiple calls for argument node. | +| tst.js:223:39:223:44 | array4 | tst.js:223:12:223:45 | reflective call | Multiple calls for argument node. | +| tst.js:224:8:224:13 | array4 | tst.js:224:8:224:17 | array4.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:224:8:224:13 | array4 | tst.js:224:8:224:19 | array4.pop() | Multiple calls for argument node. | +| tst.js:226:3:226:12 | [source()] | tst.js:226:3:226:20 | [source()].forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:226:3:226:12 | [source()] | tst.js:226:3:226:68 | [source ... p()) }) | Multiple calls for argument node. | +| tst.js:226:54:226:58 | array | tst.js:226:54:226:62 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:226:54:226:58 | array | tst.js:226:54:226:64 | array.pop() | Multiple calls for argument node. | +| tst.js:228:3:228:8 | array5 | tst.js:228:3:228:16 | array5.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:228:3:228:8 | array5 | tst.js:228:3:228:64 | array5. ... p()) }) | Multiple calls for argument node. | +| tst.js:228:50:228:54 | array | tst.js:228:50:228:58 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:228:50:228:54 | array | tst.js:228:50:228:60 | array.pop() | Multiple calls for argument node. | +| tst.js:229:3:229:10 | ["safe"] | tst.js:229:3:229:18 | ["safe"].forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:229:3:229:10 | ["safe"] | tst.js:229:3:229:66 | ["safe" ... p()) }) | Multiple calls for argument node. | +| tst.js:229:52:229:56 | array | tst.js:229:52:229:60 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:229:52:229:56 | array | tst.js:229:52:229:62 | array.pop() | Multiple calls for argument node. | +| tst.js:251:3:251:5 | map | tst.js:251:3:251:9 | map.set (as accessor call) | Multiple calls for argument node. | +| tst.js:251:3:251:5 | map | tst.js:251:3:251:26 | map.set ... urce()) | Multiple calls for argument node. | +| tst.js:252:3:252:5 | map | tst.js:252:3:252:9 | map.set (as accessor call) | Multiple calls for argument node. | +| tst.js:252:3:252:5 | map | tst.js:252:3:252:24 | map.set ... 'safe') | Multiple calls for argument node. | +| tst.js:254:8:254:10 | map | tst.js:254:8:254:14 | map.get (as accessor call) | Multiple calls for argument node. | +| tst.js:254:8:254:10 | map | tst.js:254:8:254:21 | map.get('foo') | Multiple calls for argument node. | +| tst.js:255:8:255:10 | map | tst.js:255:8:255:14 | map.get (as accessor call) | Multiple calls for argument node. | +| tst.js:255:8:255:10 | map | tst.js:255:8:255:21 | map.get('bar') | Multiple calls for argument node. | +| tst.js:256:8:256:10 | map | tst.js:256:8:256:14 | map.get (as accessor call) | Multiple calls for argument node. | +| tst.js:256:8:256:10 | map | tst.js:256:8:256:27 | map.get(getUnkown()) | Multiple calls for argument node. | +| tst.js:259:3:259:6 | map2 | tst.js:259:3:259:10 | map2.set (as accessor call) | Multiple calls for argument node. | +| tst.js:259:3:259:6 | map2 | tst.js:259:3:259:33 | map2.se ... urce()) | Multiple calls for argument node. | +| tst.js:260:8:260:11 | map2 | tst.js:260:8:260:15 | map2.get (as accessor call) | Multiple calls for argument node. | +| tst.js:260:8:260:11 | map2 | tst.js:260:8:260:22 | map2.get('foo') | Multiple calls for argument node. | +| tst.js:261:8:261:11 | map2 | tst.js:261:8:261:15 | map2.get (as accessor call) | Multiple calls for argument node. | +| tst.js:261:8:261:11 | map2 | tst.js:261:8:261:22 | map2.get('bar') | Multiple calls for argument node. | +| tst.js:262:8:262:11 | map2 | tst.js:262:8:262:15 | map2.get (as accessor call) | Multiple calls for argument node. | +| tst.js:262:8:262:11 | map2 | tst.js:262:8:262:28 | map2.ge ... kown()) | Multiple calls for argument node. | +| tst.js:265:3:265:6 | map3 | tst.js:265:3:265:10 | map3.set (as accessor call) | Multiple calls for argument node. | +| tst.js:265:3:265:6 | map3 | tst.js:265:3:265:27 | map3.se ... urce()) | Multiple calls for argument node. | +| tst.js:266:3:266:6 | map3 | tst.js:266:3:266:14 | map3.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:266:3:266:6 | map3 | tst.js:266:3:266:36 | map3.fo ... value)) | Multiple calls for argument node. | diff --git a/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.ql b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.ql new file mode 100644 index 000000000000..02dd5540b6fb --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.ql @@ -0,0 +1,2 @@ +import javascript +import semmle.javascript.dataflow.internal.DataFlowImplConsistency::Consistency diff --git a/javascript/ql/test/library-tests/FlowSummary/Summaries.qll b/javascript/ql/test/library-tests/FlowSummary/Summaries.qll new file mode 100644 index 000000000000..e6037cb814b9 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/Summaries.qll @@ -0,0 +1,37 @@ +import javascript +import semmle.javascript.dataflow.FlowSummary + +class MkSummary extends SummarizedCallable { + private CallExpr mkSummary; + + MkSummary() { + mkSummary.getCalleeName() = "mkSummary" and + this = + "mkSummary at " + mkSummary.getFile().getRelativePath() + ":" + + mkSummary.getLocation().getStartLine() + } + + override DataFlow::InvokeNode getACall() { + result = mkSummary.flow().(DataFlow::CallNode).getAnInvocation() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + // mkSummary(input, output) + input = mkSummary.getArgument(0).getStringValue() and + output = mkSummary.getArgument(1).getStringValue() + or + // mkSummary([ + // [input1, output1], + // [input2, output2], + // ... + // ]) + exists(ArrayExpr pair | + pair = mkSummary.getArgument(0).(ArrayExpr).getAnElement() and + input = pair.getElement(0).getStringValue() and + output = pair.getElement(1).getStringValue() + ) + ) + } +} diff --git a/javascript/ql/test/library-tests/FlowSummary/test.expected b/javascript/ql/test/library-tests/FlowSummary/test.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/javascript/ql/test/library-tests/FlowSummary/test.ql b/javascript/ql/test/library-tests/FlowSummary/test.ql new file mode 100644 index 000000000000..3b300bbe19b1 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/test.ql @@ -0,0 +1,36 @@ +import javascript +import testUtilities.ConsistencyChecking +import Summaries + +DataFlow::CallNode getACall(string name) { + result.getCalleeName() = name + or + result.getCalleeNode().getALocalSource() = DataFlow::globalVarRef(name) +} + +module ConfigArg implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } + + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } + + predicate isBarrier(DataFlow::Node node) { + node.(DataFlow::InvokeNode).getCalleeName().matches("sanitizer_%") or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } +} + +module Configuration = DataFlow::Global; + +class BasicBarrierGuard extends DataFlow::CallNode { + BasicBarrierGuard() { this = getACall("isSafe") } + + predicate blocksExpr(boolean outcome, Expr e) { + outcome = true and e = this.getArgument(0).asExpr() + } +} + +class ConsistencyConfig extends ConsistencyConfiguration { + ConsistencyConfig() { this = "ConsistencyConfig" } + + override DataFlow::Node getAnAlert() { Configuration::flow(_, result) } +} diff --git a/javascript/ql/test/library-tests/FlowSummary/tst.js b/javascript/ql/test/library-tests/FlowSummary/tst.js new file mode 100644 index 000000000000..aea6cf4f6fa1 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/tst.js @@ -0,0 +1,270 @@ +function m1() { + const flowThrough = mkSummary("Argument[0]", "ReturnValue"); + sink(flowThrough(source())); // NOT OK + sink(flowThrough(source() + "x")); // OK - we are not tracking taint in this test + sink(flowThrough("x")); // OK +} + +function m2() { + const flowIntoProp = mkSummary("Argument[0]", "ReturnValue.Member[prop]"); + sink(flowIntoProp(source()).prop); // NOT OK + sink(flowIntoProp(source()).prop2); // OK + sink(flowIntoProp(source())); // OK +} + +function m3() { + const flowOutOfProp = mkSummary("Argument[0].Member[prop]", "ReturnValue"); + sink(flowOutOfProp({ prop: source() })); // NOT OK + sink(flowOutOfProp({ prop2: source() })); // OK + sink(flowOutOfProp(source())); // OK + + const obj = {}; + obj.prop = source(); + sink(flowOutOfProp(obj)); // NOT OK + sink(obj); // OK + sink(obj.prop); // NOT OK +} + +function m4() { + const flowIntoArrayElement = mkSummary("Argument[0]", "ReturnValue.ArrayElement"); + sink(flowIntoArrayElement(source()).pop()); // NOT OK + sink(flowIntoArrayElement(source())[0]); // NOT OK [INCONSISTENCY] + sink(flowIntoArrayElement(source())[Math.random()]); // NOT OK + sink(flowIntoArrayElement(source()).prop); // OK +} + +function m5() { + const flowOutOfInnerCallback = mkSummary("Argument[0].Parameter[0].Argument[0]", "ReturnValue"); + sink(flowOutOfInnerCallback(cb => { cb(source()); })); // NOT OK [INCONSISTENCY] +} + +async function m6() { + const flowOutOfPromise = mkSummary("Argument[0].Awaited", "ReturnValue"); + const flowIntoPromise = mkSummary("Argument[0]", "ReturnValue.Awaited"); + + sink(flowOutOfPromise(flowIntoPromise(source()))); // NOT OK (although the synchronous flow is technically not possible) + + let data = { prop: source() }; + sink(flowOutOfPromise(flowIntoPromise(data)).prop); // NOT OK + sink(flowOutOfPromise(flowIntoPromise(flowIntoPromise(data))).prop); // NOT OK + sink(flowOutOfPromise(flowOutOfPromise(flowIntoPromise(data))).prop); // NOT OK + sink(flowOutOfPromise(data).prop); // NOT OK - because Awaited allows pass-through of a non-promise value + sink(flowIntoPromise(data).prop); // OK - promise object does not have the 'prop' property + + sink(flowOutOfPromise(Promise.resolve(source()))); // NOT OK + sink(flowOutOfPromise(Promise.resolve("safe").then(x => source()))); // NOT OK + sink(flowOutOfPromise(Promise.resolve("safe").then(x => "safe"))); // OK + sink(flowOutOfPromise(Promise.resolve(source()).then(x => "safe"))); // OK + + sink(flowOutOfPromise(Promise.reject(source()))); // OK + sink(flowOutOfPromise(Promise.reject(source()).then(x => "safe", y => y))); // NOT OK + sink(flowOutOfPromise(Promise.reject(source()).then(x => x, y => "safe"))); // OK + sink(flowOutOfPromise(Promise.reject("safe").then(x => x, y => y))); // OK + + sink(flowOutOfPromise(Promise.reject(source()))); // OK + sink(flowOutOfPromise(Promise.reject(source()).catch(err => err))); // NOT OK + sink(flowOutOfPromise(Promise.reject(source()).catch(err => "safe"))); // OK + sink(flowOutOfPromise(Promise.reject("safe").catch(err => err))); // OK + + sink(flowOutOfPromise(Promise.reject(source()).then(x => "safe").catch(err => err))); // NOT OK + + sink(flowOutOfPromise(Promise.reject(source()).finally(() => "safe").catch(err => err))); // NOT OK + sink(flowOutOfPromise(Promise.resolve(source()).finally(() => "safe").then(err => err))); // NOT OK + sink(flowOutOfPromise(Promise.reject("safe").finally(() => { throw source() }).catch(err => err))); // NOT OK + + Promise.resolve("safe") + .then(x => { throw source(); }) + .catch(err => { + sink(err); // NOT OK + }); + + Promise.resolve("safe") + .then(x => { throw source(); }) + .then(x => "safe") + .catch(err => { + sink(err); // NOT OK + }); + + sink(await flowIntoPromise(source())); // NOT OK + flowIntoPromise(source()).then(value => sink(value)); // NOT OK + sink(await flowIntoPromise(flowIntoPromise(source()))); // NOT OK + + async function makePromise() { + return source(); + } + sink(flowOutOfPromise(makePromise())); // NOT OK + + let taintedPromise = new Promise((resolve, reject) => resolve(source())); + sink(flowOutOfPromise(taintedPromise)); // NOT OK + + new Promise((resolve, reject) => resolve(source())).then(x => sink(x)); // NOT OK + new Promise((resolve, reject) => resolve(source())).catch(err => sink(err)); // OK + new Promise((resolve, reject) => reject(source())).then(x => sink(x)); // OK + new Promise((resolve, reject) => reject(source())).catch(err => sink(err)); // NOT OK + + Promise.all([ + flowIntoPromise(source()), + source(), + "safe" + ]).then(([x1, x2, x3]) => { + sink(x1); // NOT OK + sink(x2); // NOT OK + sink(x3); // OK + }); +} + +function m8() { + const flowOutOfCallback = mkSummary("Argument[0].ReturnValue", "ReturnValue"); + + sink(flowOutOfCallback(() => source())); // NOT OK + sink(flowOutOfCallback((source))); // OK + + function sourceCallback() { + return source(); + } + sink(flowOutOfCallback(sourceCallback)); // NOT OK +} + +function m9() { + const flowIntoCallback = mkSummary("Argument[0]", "Argument[1].Parameter[0]"); + + sink(flowIntoCallback(source(), x => sink(x))); // NOT OK + sink(flowIntoCallback("safe", x => sink(x))); // OK + sink(flowIntoCallback(source(), x => ignore(x))); // OK + sink(flowIntoCallback("safe", x => ignore(x))); // OK +} + +function m10() { + const flowThroughCallback = mkSummary([ + ["Argument[0]", "Argument[1].Parameter[0]"], + ["Argument[1].ReturnValue", "ReturnValue"] + ]); + + sink(flowThroughCallback(source(), x => x)); // NOT OK + sink(flowThroughCallback(source(), x => "safe")); // OK + sink(flowThroughCallback("safe", x => x)); // OK + sink(flowThroughCallback("safe", x => "safe")); // OK +} + +function m11() { + const flowFromSideEffectOnParameter = mkSummary("Argument[0].Parameter[0].Member[prop]", "ReturnValue"); + + let data = flowFromSideEffectOnParameter(param => { + param.prop = source(); + }); + sink(data); // NOT OK + + function manullyWritten(param) { + param.prop = source(); + } + let obj = {}; + manullyWritten(obj); + sink(obj.prop); // NOT OK +} + +async function m13() { + async function testStoreBack(x) { + (await x).prop = source(); + } + const obj = {}; + const promise = Promise.resolve(obj); + testStoreBack(promise); + sink(obj.prop); // NOT OK [INCONSISTENCY] + sink(promise.prop); // OK [INCONSISTENCY] + sink((await promise).prop); // NOT OK + + const obj2 = {}; + testStoreBack(obj2); + sink(obj2.prop);; // NOT OK +} + +function m14() { + const flowOutOfAnyArgument = mkSummary("Argument[0..]", "ReturnValue"); + sink(flowOutOfAnyArgument(source())); // NOT OK + sink(flowOutOfAnyArgument(source(), "safe", "safe")); // NOT OK + sink(flowOutOfAnyArgument("safe", source(), "safe")); // NOT OK + sink(flowOutOfAnyArgument("safe", "safe", source())); // NOT OK + sink(flowOutOfAnyArgument("safe", "safe", "safe")); // OK + + const flowOutOfAnyArgumentExceptFirst = mkSummary("Argument[1..]", "ReturnValue"); + sink(flowOutOfAnyArgumentExceptFirst(source())); // OK + sink(flowOutOfAnyArgumentExceptFirst(source(), "safe", "safe")); // OK + sink(flowOutOfAnyArgumentExceptFirst("safe", source(), "safe")); // NOT OK + sink(flowOutOfAnyArgumentExceptFirst("safe", "safe", source())); // NOT OK + sink(flowOutOfAnyArgumentExceptFirst("safe", "safe", "safe")); // OK + + const flowIntoAnyParameter = mkSummary("Argument[0]", "Argument[1].Parameter[0..]"); + flowIntoAnyParameter(source(), (x1, x2, x3) => sink(x1)); // NOT OK + flowIntoAnyParameter(source(), (x1, x2, x3) => sink(x2)); // NOT OK + flowIntoAnyParameter(source(), (x1, x2, x3) => sink(x3)); // NOT OK + + const flowIntoAnyParameterExceptFirst = mkSummary("Argument[0]", "Argument[1].Parameter[1..]"); + flowIntoAnyParameterExceptFirst(source(), (x1, x2, x3) => sink(x1)); // OK + flowIntoAnyParameterExceptFirst(source(), (x1, x2, x3) => sink(x2)); // NOT OK + flowIntoAnyParameterExceptFirst(source(), (x1, x2, x3) => sink(x3)); // NOT OK +} + +function m15() { + const array = []; + array.push("safe", "safe", source()); + sink(array.pop()); // NOT OK + + const array2 = []; + array2.push(source()); + array2.push("safe"); + array2.push("safe"); + array2.forEach(x => sink(x)); // NOT OK + + const array3 = []; + array3.push(...[source()]); + array3.forEach(x => sink(x)); // NOT OK + + const array4 = [source()]; + array4 = Array.prototype.slice.call(array4); + sink(array4.pop()); // NOT OK + + [source()].forEach((value, index, array) => { sink(array.pop()) }); // NOT OK + const array5 = [source()]; + array5.forEach((value, index, array) => { sink(array.pop()) }); // NOT OK + ["safe"].forEach((value, index, array) => { sink(array.pop()) }); // OK +} + +function m16() { + const array0 = [source(), 'safe', 'safe']; + sink(array0[0]); // NOT OK + sink(array0[1]); // OK + sink(array0[2]); // OK + + const array1 = ['safe', source(), 'safe']; + sink(array1[0]); // OK + sink(array1[1]); // NOT OK + sink(array1[2]); // OK + + const array2 = ['safe', 'safe', source()]; + sink(array2[0]); // OK + sink(array2[1]); // OK + sink(array2[2]); // NOT OK +} + +function m17() { + const map = new Map(); + map.set('foo', source()); + map.set('bar', 'safe'); + + sink(map.get('foo')); // NOT OK + sink(map.get('bar')); // OK + sink(map.get(getUnkown())); // NOT OK + + const map2 = new Map(); + map2.set(getUnkown(), source()); + sink(map2.get('foo')); // NOT OK + sink(map2.get('bar')); // NOT OK + sink(map2.get(getUnkown())); // NOT OK + + const map3 = new Map(); + map3.set('foo', source()); + map3.forEach(value => sink(value)); // NOT OK + for (let [key, value] of map3) { + sink(value); // NOT OK + } +} From 09b0ba0c1f60ecf5e6affd602de6263fd156f514 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 15:05:59 +0200 Subject: [PATCH 114/223] JS: Port Angular2 test --- .../frameworks/Angular2/test.expected | 1 + .../library-tests/frameworks/Angular2/test.ql | 22 ++++++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/Angular2/test.expected b/javascript/ql/test/library-tests/frameworks/Angular2/test.expected index f09f0aed3b45..acf97ab947e5 100644 --- a/javascript/ql/test/library-tests/frameworks/Angular2/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Angular2/test.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference pipeRef | source.component.html:3:22:3:32 | unknownPipe | | source.component.html:4:22:4:32 | unknownPipe | diff --git a/javascript/ql/test/library-tests/frameworks/Angular2/test.ql b/javascript/ql/test/library-tests/frameworks/Angular2/test.ql index 5ff996111211..ee5dc370eee8 100644 --- a/javascript/ql/test/library-tests/frameworks/Angular2/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Angular2/test.ql @@ -14,21 +14,31 @@ query Angular2::PipeClass pipeClass() { any() } query DataFlow::Node pipeClassRef(Angular2::PipeClass cls) { result = cls.getAPipeRef() } -class TaintConfig extends TaintTracking::Configuration { - TaintConfig() { this = "TaintConfig" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink } + predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink } } +module TestFlow = TaintTracking::Global; + query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) { - any(TaintConfig c).hasFlow(source, sink) + TestFlow::flow(source, sink) } query predicate testAttrSourceLocation(HTML::Attribute attrib, Angular2::TemplateTopLevel top) { attrib.getName() = "[testAttr]" and top = attrib.getCodeInAttribute() } + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff From 466ffdf8f500577fc3ce36d71e32188462e4462a Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 15:07:25 +0200 Subject: [PATCH 115/223] JS: Port AsyncTaintTracking test --- .../AsyncPackage/AsyncTaintTracking.expected | 2 ++ .../AsyncPackage/AsyncTaintTracking.ql | 22 ++++++++++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected index 2c2b8fec2ccf..50e18f938a56 100644 --- a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected +++ b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +#select | each.js:11:9:11:16 | source() | each.js:13:12:13:15 | item | | map.js:10:13:10:20 | source() | map.js:12:14:12:17 | item | | map.js:20:19:20:26 | source() | map.js:23:27:23:32 | result | diff --git a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql index 7d591e1b48bd..f3afe84d75a0 100644 --- a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql +++ b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql @@ -2,14 +2,24 @@ import javascript DataFlow::CallNode getACall(string name) { result.getCalleeName() = name } -class BasicConfig extends TaintTracking::Configuration { - BasicConfig() { this = "BasicConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } - override predicate isSource(DataFlow::Node node) { node = getACall("source") } + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } +} + +module TestFlow = TaintTracking::Global; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } - override predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } -from BasicConfig cfg, DataFlow::Node src, DataFlow::Node sink -where cfg.hasFlow(src, sink) +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node src, DataFlow::Node sink +where TestFlow::flow(src, sink) select src, sink From 09892279e64141e0b909c0d892cbe3f426631397 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 15:07:42 +0200 Subject: [PATCH 116/223] JS: Port Collections test --- .../frameworks/Collections/test.expected | 33 ++++++++++--------- .../frameworks/Collections/test.ql | 22 +++++++++---- 2 files changed, 32 insertions(+), 23 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/Collections/test.expected b/javascript/ql/test/library-tests/frameworks/Collections/test.expected index 6a026e06382b..de2290b874a3 100644 --- a/javascript/ql/test/library-tests/frameworks/Collections/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Collections/test.expected @@ -1,19 +1,4 @@ -dataFlow -| tst.js:2:16:2:23 | source() | tst.js:7:7:7:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:11:10:11:10 | e | -| tst.js:2:16:2:23 | source() | tst.js:17:10:17:10 | v | -| tst.js:2:16:2:23 | source() | tst.js:21:10:21:14 | value | -| tst.js:2:16:2:23 | source() | tst.js:26:10:26:14 | value | -| tst.js:2:16:2:23 | source() | tst.js:30:7:30:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:34:7:34:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:38:7:38:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:42:7:42:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:46:7:46:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:50:10:50:10 | e | -| tst.js:2:16:2:23 | source() | tst.js:53:8:53:21 | map.get("key") | -| tst.js:2:16:2:23 | source() | tst.js:59:8:59:22 | map2.get("foo") | -| tst.js:2:16:2:23 | source() | tst.js:64:8:64:26 | map3.get(unknown()) | -| tst.js:2:16:2:23 | source() | tst.js:69:8:69:26 | map3.get(unknown()) | +legacyDataFlowDifference typeTracking | tst.js:2:16:2:23 | source() | tst.js:2:16:2:23 | source() | | tst.js:2:16:2:23 | source() | tst.js:6:14:6:14 | e | @@ -30,3 +15,19 @@ typeTracking | tst.js:2:16:2:23 | source() | tst.js:59:8:59:22 | map2.get("foo") | | tst.js:2:16:2:23 | source() | tst.js:64:8:64:26 | map3.get(unknown()) | | tst.js:2:16:2:23 | source() | tst.js:69:8:69:26 | map3.get(unknown()) | +dataFlow +| tst.js:2:16:2:23 | source() | tst.js:7:7:7:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:11:10:11:10 | e | +| tst.js:2:16:2:23 | source() | tst.js:17:10:17:10 | v | +| tst.js:2:16:2:23 | source() | tst.js:21:10:21:14 | value | +| tst.js:2:16:2:23 | source() | tst.js:26:10:26:14 | value | +| tst.js:2:16:2:23 | source() | tst.js:30:7:30:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:34:7:34:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:38:7:38:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:42:7:42:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:46:7:46:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:50:10:50:10 | e | +| tst.js:2:16:2:23 | source() | tst.js:53:8:53:21 | map.get("key") | +| tst.js:2:16:2:23 | source() | tst.js:59:8:59:22 | map2.get("foo") | +| tst.js:2:16:2:23 | source() | tst.js:64:8:64:26 | map3.get(unknown()) | +| tst.js:2:16:2:23 | source() | tst.js:69:8:69:26 | map3.get(unknown()) | diff --git a/javascript/ql/test/library-tests/frameworks/Collections/test.ql b/javascript/ql/test/library-tests/frameworks/Collections/test.ql index 9e3561fa844f..f55cce9e0353 100644 --- a/javascript/ql/test/library-tests/frameworks/Collections/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Collections/test.ql @@ -1,21 +1,29 @@ import javascript -class Config extends DataFlow::Configuration { - Config() { this = "Config" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | call.getAnArgument() = sink) } } -query predicate dataFlow(DataFlow::Node pred, DataFlow::Node succ) { - any(Config c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +query predicate dataFlow = TestFlow::flow/2; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "Config" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + DataFlow::SourceNode trackSource(DataFlow::TypeTracker t, DataFlow::SourceNode start) { t.start() and result.(DataFlow::CallNode).getCalleeName() = "source" and From 6600fe9d51856a20bf39be5ddae8c1734e28111e Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 5 Oct 2023 21:01:44 +0200 Subject: [PATCH 117/223] JS: Port ComposedFunctions test --- .../ComposedFunctions/compose.expected | 2 ++ .../frameworks/ComposedFunctions/compose.ql | 24 +++++++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected index 932f4ea6d43a..2550bfedb055 100644 --- a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected +++ b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +#select | tst.js:10:10:10:15 | source | | tst.js:15:10:15:13 | f1() | | tst.js:20:10:20:24 | lcompose1(f2)() | diff --git a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql index d303fba17c95..dba04b72ef18 100644 --- a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql +++ b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql @@ -1,13 +1,11 @@ import javascript -class ExampleConfiguration extends TaintTracking::Configuration { - ExampleConfiguration() { this = "ExampleConfiguration" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(CallExpr).getCalleeName() = "SOURCE" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SINK" and DataFlow::valueNode(callExpr.getArgument(0)) = sink @@ -15,6 +13,18 @@ class ExampleConfiguration extends TaintTracking::Configuration { } } -from ExampleConfiguration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) +module TestFlow = TaintTracking::Global; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node source, DataFlow::Node sink +where TestFlow::flow(source, sink) select sink From a2d4a03c0e567594516e1ec471c7dfcd74c93f70 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 09:47:16 +0200 Subject: [PATCH 118/223] JS: Update framework/data test --- .../frameworks/data/test.expected | 1 + .../library-tests/frameworks/data/test.ql | 28 +++++++++++++++---- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/data/test.expected b/javascript/ql/test/library-tests/frameworks/data/test.expected index 28d7229789df..44e4353a9a13 100644 --- a/javascript/ql/test/library-tests/frameworks/data/test.expected +++ b/javascript/ql/test/library-tests/frameworks/data/test.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference consistencyIssue taintFlow | paramDecorator.ts:6:54:6:54 | x | paramDecorator.ts:7:10:7:10 | x | diff --git a/javascript/ql/test/library-tests/frameworks/data/test.ql b/javascript/ql/test/library-tests/frameworks/data/test.ql index 5ee8d0e3f9c4..7d18ba01c550 100644 --- a/javascript/ql/test/library-tests/frameworks/data/test.ql +++ b/javascript/ql/test/library-tests/frameworks/data/test.ql @@ -84,24 +84,40 @@ class Sources extends ModelInput::SourceModelCsv { } } -class BasicTaintTracking extends TaintTracking::Configuration { - BasicTaintTracking() { this = "BasicTaintTracking" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" or source = ModelOutput::getASourceNode("test-source").asSource() } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() or sink = ModelOutput::getASinkNode("test-sink").asSink() } } +module TestFlow = TaintTracking::Global; + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) { - any(BasicTaintTracking tr).hasFlow(source, sink) + TestFlow::flow(source, sink) } query predicate isSink(DataFlow::Node node, string kind) { From 644f9683b1308a554b3d2be8baadcc3e2a283016 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 09:48:45 +0200 Subject: [PATCH 119/223] JS: Update frameworks/immutable test --- .../frameworks/Immutable/tests.expected | 2 ++ .../frameworks/Immutable/tests.ql | 22 +++++++++++++------ 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected b/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected index 6edc4ee1a963..e071504bfcfd 100644 --- a/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +dataFlow | immutable.js:1:16:1:26 | source("a") | immutable.js:2:6:2:13 | obj["a"] | | immutable.js:1:16:1:26 | source("a") | immutable.js:11:6:11:18 | map1.get("a") | | immutable.js:1:16:1:26 | source("a") | immutable.js:12:6:12:18 | map2.get("a") | diff --git a/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql b/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql index 58d12ea774f3..d530e770093d 100644 --- a/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql @@ -1,18 +1,26 @@ import javascript private import semmle.javascript.dataflow.internal.StepSummary -class Config extends DataFlow::Configuration { - Config() { this = "Config" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | call.getAnArgument() = sink) } } -query predicate dataFlow(DataFlow::Node pred, DataFlow::Node succ) { - any(Config c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "Config" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } + +query predicate dataFlow = TestFlow::flow/2; + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff From 2eec47b52c9d766f5ffc774340c034cfc2e3df2f Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 09:49:01 +0200 Subject: [PATCH 120/223] JS: Update frameworks/Next test --- .../frameworks/Next/tests.expected | 1 + .../library-tests/frameworks/Next/tests.ql | 22 +++++++++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/Next/tests.expected b/javascript/ql/test/library-tests/frameworks/Next/tests.expected index ced2e1f3fe1c..9e9f6878b53e 100644 --- a/javascript/ql/test/library-tests/frameworks/Next/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/Next/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference remoteFlow | pages/[my-fallback-id].jsx:9:40:9:45 | params | | pages/secondpage.jsx:5:17:5:27 | ctx.req.url | diff --git a/javascript/ql/test/library-tests/frameworks/Next/tests.ql b/javascript/ql/test/library-tests/frameworks/Next/tests.ql index 134efa0faf1e..98f4185b9ecc 100644 --- a/javascript/ql/test/library-tests/frameworks/Next/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Next/tests.ql @@ -2,18 +2,26 @@ import javascript query RemoteFlowSource remoteFlow() { any() } -class Config extends DataFlow::Configuration { - Config() { this = "Config" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | call.getAnArgument() = sink) } } -query predicate dataFlow(DataFlow::Node pred, DataFlow::Node succ) { - any(Config c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "Config" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate dataFlow = TestFlow::flow/2; From d2053445a73b59305b8e4128e423a077e82f3904 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 09:50:15 +0200 Subject: [PATCH 121/223] JS: Update frameworks/PropertyProjection test --- .../PropertyInjectionTaint.expected | 2 ++ .../PropertyInjectionTaint.ql | 24 +++++++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected index 9244a0a94910..f7bcb9f8abcc 100644 --- a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected +++ b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +#select | tst.js:25:10:25:15 | source | | tst.js:32:10:32:27 | _.pick(tainted, s) | | tst.js:33:10:33:26 | _.get(tainted, s) | diff --git a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql index d303fba17c95..dba04b72ef18 100644 --- a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql +++ b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql @@ -1,13 +1,11 @@ import javascript -class ExampleConfiguration extends TaintTracking::Configuration { - ExampleConfiguration() { this = "ExampleConfiguration" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(CallExpr).getCalleeName() = "SOURCE" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SINK" and DataFlow::valueNode(callExpr.getArgument(0)) = sink @@ -15,6 +13,18 @@ class ExampleConfiguration extends TaintTracking::Configuration { } } -from ExampleConfiguration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) +module TestFlow = TaintTracking::Global; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node source, DataFlow::Node sink +where TestFlow::flow(source, sink) select sink From b9344134d3615bd83cd1b494dc3434fcb0f98266 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 09:51:23 +0200 Subject: [PATCH 122/223] JS: Update Redux test --- .../frameworks/Redux/test.expected | 1 + .../library-tests/frameworks/Redux/test.ql | 24 ++++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/Redux/test.expected b/javascript/ql/test/library-tests/frameworks/Redux/test.expected index 6a3675fea00e..92c12137ad7c 100644 --- a/javascript/ql/test/library-tests/frameworks/Redux/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Redux/test.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference reducerArg | exportedReducer.js:12:12:12:35 | (state, ... > state | | react-redux.jsx:12:33:17:9 | (state, ... } | diff --git a/javascript/ql/test/library-tests/frameworks/Redux/test.ql b/javascript/ql/test/library-tests/frameworks/Redux/test.ql index 882aaeb616cf..0cf6c7913ad2 100644 --- a/javascript/ql/test/library-tests/frameworks/Redux/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Redux/test.ql @@ -44,20 +44,28 @@ query predicate reducerToStateStep = Redux::reducerToStateStep/2; query Redux::StoreCreation storeCreation() { any() } -class BasicTaint extends TaintTracking::Configuration { - BasicTaint() { this = "BasicTaint" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSource(DataFlow::Node node) { - node.(DataFlow::CallNode).getCalleeName() = "source" - } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } +module TestFlow = TaintTracking::Global; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) { - any(BasicTaint cfg).hasFlow(source, sink) + TestFlow::flow(source, sink) } query DataFlow::SourceNode reactComponentRef(ReactComponent component) { From 398353098388f3b72e85e8b68abc9dda86e8b7fe Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 09:59:09 +0200 Subject: [PATCH 123/223] JS: Update Templating/Xss test --- .../frameworks/Templating/Xss.expected | 578 ------------------ .../frameworks/Templating/Xss.qlref | 1 - .../frameworks/Templating/XssDiff.expected | 40 ++ .../frameworks/Templating/XssDiff.ql | 8 + 4 files changed, 48 insertions(+), 579 deletions(-) delete mode 100644 javascript/ql/test/library-tests/frameworks/Templating/Xss.expected delete mode 100644 javascript/ql/test/library-tests/frameworks/Templating/Xss.qlref create mode 100644 javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected create mode 100644 javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql diff --git a/javascript/ql/test/library-tests/frameworks/Templating/Xss.expected b/javascript/ql/test/library-tests/frameworks/Templating/Xss.expected deleted file mode 100644 index bc84b329dc79..000000000000 --- a/javascript/ql/test/library-tests/frameworks/Templating/Xss.expected +++ /dev/null @@ -1,578 +0,0 @@ -nodes -| app.js:8:18:8:34 | req.query.rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | -| app.js:11:26:11:46 | req.que ... tmlProp | -| app.js:11:26:11:46 | req.que ... tmlProp | -| app.js:11:26:11:46 | req.que ... tmlProp | -| app.js:14:33:14:64 | req.que ... eralRaw | -| app.js:14:33:14:64 | req.que ... eralRaw | -| app.js:14:33:14:64 | req.que ... eralRaw | -| app.js:16:33:16:64 | req.que ... CodeRaw | -| app.js:16:33:16:64 | req.que ... CodeRaw | -| app.js:16:33:16:64 | req.que ... CodeRaw | -| app.js:20:38:20:74 | req.que ... ringRaw | -| app.js:20:38:20:74 | req.que ... ringRaw | -| app.js:20:38:20:74 | req.que ... ringRaw | -| app.js:27:18:27:34 | req.query.rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | -| app.js:30:26:30:46 | req.que ... tmlProp | -| app.js:30:26:30:46 | req.que ... tmlProp | -| app.js:30:26:30:46 | req.que ... tmlProp | -| app.js:33:33:33:64 | req.que ... eralRaw | -| app.js:33:33:33:64 | req.que ... eralRaw | -| app.js:33:33:33:64 | req.que ... eralRaw | -| app.js:35:33:35:64 | req.que ... CodeRaw | -| app.js:35:33:35:64 | req.que ... CodeRaw | -| app.js:35:33:35:64 | req.que ... CodeRaw | -| app.js:39:38:39:74 | req.que ... ringRaw | -| app.js:39:38:39:74 | req.que ... ringRaw | -| app.js:39:38:39:74 | req.que ... ringRaw | -| app.js:46:18:46:34 | req.query.rawHtml | -| app.js:46:18:46:34 | req.query.rawHtml | -| app.js:46:18:46:34 | req.query.rawHtml | -| app.js:49:26:49:46 | req.que ... tmlProp | -| app.js:49:26:49:46 | req.que ... tmlProp | -| app.js:49:26:49:46 | req.que ... tmlProp | -| app.js:52:33:52:64 | req.que ... eralRaw | -| app.js:52:33:52:64 | req.que ... eralRaw | -| app.js:52:33:52:64 | req.que ... eralRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | -| app.js:55:37:55:72 | req.que ... JsonRaw | -| app.js:55:37:55:72 | req.que ... JsonRaw | -| app.js:55:37:55:72 | req.que ... JsonRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | -| app.js:66:18:66:34 | req.query.rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | -| projectA/src/index.js:6:38:6:53 | req.query.taintA | -| projectA/src/index.js:6:38:6:53 | req.query.taintA | -| projectA/src/index.js:6:38:6:53 | req.query.taintA | -| projectA/src/index.js:12:16:12:30 | req.query.sinkA | -| projectA/src/index.js:12:16:12:30 | req.query.sinkA | -| projectA/src/index.js:12:16:12:30 | req.query.sinkA | -| projectA/src/index.js:17:16:17:30 | req.query.sinkA | -| projectA/src/index.js:17:16:17:30 | req.query.sinkA | -| projectA/src/index.js:17:16:17:30 | req.query.sinkA | -| projectA/src/index.js:22:16:22:30 | req.query.sinkA | -| projectA/src/index.js:22:16:22:30 | req.query.sinkA | -| projectA/src/index.js:22:16:22:30 | req.query.sinkA | -| projectA/src/index.js:37:16:37:30 | req.query.sinkA | -| projectA/src/index.js:37:16:37:30 | req.query.sinkA | -| projectA/src/index.js:37:16:37:30 | req.query.sinkA | -| projectA/src/index.js:42:16:42:30 | req.query.sinkA | -| projectA/src/index.js:42:16:42:30 | req.query.sinkA | -| projectA/src/index.js:42:16:42:30 | req.query.sinkA | -| projectA/src/index.js:47:16:47:30 | req.query.sinkA | -| projectA/src/index.js:47:16:47:30 | req.query.sinkA | -| projectA/src/index.js:47:16:47:30 | req.query.sinkA | -| projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/main.ejs:2:5:2:9 | sinkA | -| projectA/views/main.ejs:2:5:2:9 | sinkA | -| projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | -| projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | -| projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | -| projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | -| projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | -| projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | -| projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | -| projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | -| projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | -| projectB/src/index.js:6:38:6:53 | req.query.taintB | -| projectB/src/index.js:6:38:6:53 | req.query.taintB | -| projectB/src/index.js:6:38:6:53 | req.query.taintB | -| projectB/src/index.js:13:16:13:30 | req.query.sinkB | -| projectB/src/index.js:13:16:13:30 | req.query.sinkB | -| projectB/src/index.js:13:16:13:30 | req.query.sinkB | -| projectB/src/index.js:18:16:18:30 | req.query.sinkB | -| projectB/src/index.js:18:16:18:30 | req.query.sinkB | -| projectB/src/index.js:18:16:18:30 | req.query.sinkB | -| projectB/src/index.js:23:16:23:30 | req.query.sinkB | -| projectB/src/index.js:23:16:23:30 | req.query.sinkB | -| projectB/src/index.js:23:16:23:30 | req.query.sinkB | -| projectB/src/index.js:38:16:38:30 | req.query.sinkB | -| projectB/src/index.js:38:16:38:30 | req.query.sinkB | -| projectB/src/index.js:38:16:38:30 | req.query.sinkB | -| projectB/src/index.js:43:16:43:30 | req.query.sinkB | -| projectB/src/index.js:43:16:43:30 | req.query.sinkB | -| projectB/src/index.js:43:16:43:30 | req.query.sinkB | -| projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/main.ejs:3:5:3:9 | sinkB | -| projectB/views/main.ejs:3:5:3:9 | sinkB | -| projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | -| projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | -| projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | -| projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | -| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | -| views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | -| views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | -| views/ejs_include1.ejs:1:5:1:7 | foo | -| views/ejs_include1.ejs:1:5:1:7 | foo | -| views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | -| views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | -| views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | -| views/ejs_include2.ejs:1:5:1:11 | rawHtml | -| views/ejs_include2.ejs:1:5:1:11 | rawHtml | -| views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/ejs_sinks.ejs:4:13:4:19 | rawHtml | -| views/ejs_sinks.ejs:4:13:4:19 | rawHtml | -| views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | -| views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | -| views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | -| views/ejs_sinks.ejs:7:13:7:30 | object.rawHtmlProp | -| views/ejs_sinks.ejs:7:13:7:30 | object.rawHtmlProp | -| views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | -| views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | -| views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | -| views/ejs_sinks.ejs:11:47:11:68 | dataInS ... eralRaw | -| views/ejs_sinks.ejs:11:47:11:68 | dataInS ... eralRaw | -| views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | -| views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | -| views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | -| views/ejs_sinks.ejs:14:46:14:67 | dataInG ... CodeRaw | -| views/ejs_sinks.ejs:14:46:14:67 | dataInG ... CodeRaw | -| views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | -| views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | -| views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | -| views/ejs_sinks.ejs:22:43:22:69 | dataInE ... ringRaw | -| views/ejs_sinks.ejs:22:43:22:69 | dataInE ... ringRaw | -| views/ejs_sinks.ejs:24:44:24:50 | rawHtml | -| views/ejs_sinks.ejs:24:44:24:50 | rawHtml | -| views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | -| views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | -| views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | -| views/hbs_sinks.hbs:9:13:9:19 | rawHtml | -| views/hbs_sinks.hbs:9:13:9:19 | rawHtml | -| views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | -| views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | -| views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | -| views/hbs_sinks.hbs:10:13:10:19 | rawHtml | -| views/hbs_sinks.hbs:10:13:10:19 | rawHtml | -| views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | -| views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | -| views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | -| views/hbs_sinks.hbs:11:13:11:19 | rawHtml | -| views/hbs_sinks.hbs:11:13:11:19 | rawHtml | -| views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | -| views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | -| views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | -| views/hbs_sinks.hbs:12:13:12:19 | rawHtml | -| views/hbs_sinks.hbs:12:13:12:19 | rawHtml | -| views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | -| views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | -| views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | -| views/hbs_sinks.hbs:13:14:13:20 | rawHtml | -| views/hbs_sinks.hbs:13:14:13:20 | rawHtml | -| views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | -| views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | -| views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | -| views/hbs_sinks.hbs:15:13:15:19 | rawHtml | -| views/hbs_sinks.hbs:15:13:15:19 | rawHtml | -| views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | -| views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | -| views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | -| views/hbs_sinks.hbs:19:13:19:30 | object.rawHtmlProp | -| views/hbs_sinks.hbs:19:13:19:30 | object.rawHtmlProp | -| views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | -| views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | -| views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | -| views/hbs_sinks.hbs:23:47:23:68 | dataInS ... eralRaw | -| views/hbs_sinks.hbs:23:47:23:68 | dataInS ... eralRaw | -| views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | -| views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | -| views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | -| views/hbs_sinks.hbs:26:46:26:67 | dataInG ... CodeRaw | -| views/hbs_sinks.hbs:26:46:26:67 | dataInG ... CodeRaw | -| views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | -| views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | -| views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | -| views/hbs_sinks.hbs:34:43:34:69 | dataInE ... ringRaw | -| views/hbs_sinks.hbs:34:43:34:69 | dataInE ... ringRaw | -| views/njk_sinks.njk:4:12:4:18 | rawHtml | -| views/njk_sinks.njk:4:12:4:18 | rawHtml | -| views/njk_sinks.njk:4:12:4:18 | rawHtml | -| views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | -| views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | -| views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | -| views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | -| views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | -| views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | -| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | -| views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | -| views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | -| views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | -| views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | -| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -edges -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include2.ejs:1:5:1:11 | rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include2.ejs:1:5:1:11 | rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include2.ejs:1:5:1:11 | rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include2.ejs:1:5:1:11 | rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:4:13:4:19 | rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:4:13:4:19 | rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:4:13:4:19 | rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:4:13:4:19 | rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:24:44:24:50 | rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:24:44:24:50 | rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:24:44:24:50 | rawHtml | -| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:24:44:24:50 | rawHtml | -| app.js:11:26:11:46 | req.que ... tmlProp | views/ejs_sinks.ejs:7:13:7:30 | object.rawHtmlProp | -| app.js:11:26:11:46 | req.que ... tmlProp | views/ejs_sinks.ejs:7:13:7:30 | object.rawHtmlProp | -| app.js:11:26:11:46 | req.que ... tmlProp | views/ejs_sinks.ejs:7:13:7:30 | object.rawHtmlProp | -| app.js:11:26:11:46 | req.que ... tmlProp | views/ejs_sinks.ejs:7:13:7:30 | object.rawHtmlProp | -| app.js:14:33:14:64 | req.que ... eralRaw | views/ejs_sinks.ejs:11:47:11:68 | dataInS ... eralRaw | -| app.js:14:33:14:64 | req.que ... eralRaw | views/ejs_sinks.ejs:11:47:11:68 | dataInS ... eralRaw | -| app.js:14:33:14:64 | req.que ... eralRaw | views/ejs_sinks.ejs:11:47:11:68 | dataInS ... eralRaw | -| app.js:14:33:14:64 | req.que ... eralRaw | views/ejs_sinks.ejs:11:47:11:68 | dataInS ... eralRaw | -| app.js:16:33:16:64 | req.que ... CodeRaw | views/ejs_sinks.ejs:14:46:14:67 | dataInG ... CodeRaw | -| app.js:16:33:16:64 | req.que ... CodeRaw | views/ejs_sinks.ejs:14:46:14:67 | dataInG ... CodeRaw | -| app.js:16:33:16:64 | req.que ... CodeRaw | views/ejs_sinks.ejs:14:46:14:67 | dataInG ... CodeRaw | -| app.js:16:33:16:64 | req.que ... CodeRaw | views/ejs_sinks.ejs:14:46:14:67 | dataInG ... CodeRaw | -| app.js:20:38:20:74 | req.que ... ringRaw | views/ejs_sinks.ejs:22:43:22:69 | dataInE ... ringRaw | -| app.js:20:38:20:74 | req.que ... ringRaw | views/ejs_sinks.ejs:22:43:22:69 | dataInE ... ringRaw | -| app.js:20:38:20:74 | req.que ... ringRaw | views/ejs_sinks.ejs:22:43:22:69 | dataInE ... ringRaw | -| app.js:20:38:20:74 | req.que ... ringRaw | views/ejs_sinks.ejs:22:43:22:69 | dataInE ... ringRaw | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:9:13:9:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:9:13:9:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:9:13:9:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:9:13:9:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:10:13:10:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:10:13:10:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:10:13:10:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:10:13:10:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:11:13:11:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:11:13:11:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:11:13:11:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:11:13:11:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:12:13:12:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:12:13:12:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:12:13:12:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:12:13:12:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:13:14:13:20 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:13:14:13:20 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:13:14:13:20 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:13:14:13:20 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:15:13:15:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:15:13:15:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:15:13:15:19 | rawHtml | -| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:15:13:15:19 | rawHtml | -| app.js:30:26:30:46 | req.que ... tmlProp | views/hbs_sinks.hbs:19:13:19:30 | object.rawHtmlProp | -| app.js:30:26:30:46 | req.que ... tmlProp | views/hbs_sinks.hbs:19:13:19:30 | object.rawHtmlProp | -| app.js:30:26:30:46 | req.que ... tmlProp | views/hbs_sinks.hbs:19:13:19:30 | object.rawHtmlProp | -| app.js:30:26:30:46 | req.que ... tmlProp | views/hbs_sinks.hbs:19:13:19:30 | object.rawHtmlProp | -| app.js:33:33:33:64 | req.que ... eralRaw | views/hbs_sinks.hbs:23:47:23:68 | dataInS ... eralRaw | -| app.js:33:33:33:64 | req.que ... eralRaw | views/hbs_sinks.hbs:23:47:23:68 | dataInS ... eralRaw | -| app.js:33:33:33:64 | req.que ... eralRaw | views/hbs_sinks.hbs:23:47:23:68 | dataInS ... eralRaw | -| app.js:33:33:33:64 | req.que ... eralRaw | views/hbs_sinks.hbs:23:47:23:68 | dataInS ... eralRaw | -| app.js:35:33:35:64 | req.que ... CodeRaw | views/hbs_sinks.hbs:26:46:26:67 | dataInG ... CodeRaw | -| app.js:35:33:35:64 | req.que ... CodeRaw | views/hbs_sinks.hbs:26:46:26:67 | dataInG ... CodeRaw | -| app.js:35:33:35:64 | req.que ... CodeRaw | views/hbs_sinks.hbs:26:46:26:67 | dataInG ... CodeRaw | -| app.js:35:33:35:64 | req.que ... CodeRaw | views/hbs_sinks.hbs:26:46:26:67 | dataInG ... CodeRaw | -| app.js:39:38:39:74 | req.que ... ringRaw | views/hbs_sinks.hbs:34:43:34:69 | dataInE ... ringRaw | -| app.js:39:38:39:74 | req.que ... ringRaw | views/hbs_sinks.hbs:34:43:34:69 | dataInE ... ringRaw | -| app.js:39:38:39:74 | req.que ... ringRaw | views/hbs_sinks.hbs:34:43:34:69 | dataInE ... ringRaw | -| app.js:39:38:39:74 | req.que ... ringRaw | views/hbs_sinks.hbs:34:43:34:69 | dataInE ... ringRaw | -| app.js:46:18:46:34 | req.query.rawHtml | views/njk_sinks.njk:4:12:4:18 | rawHtml | -| app.js:46:18:46:34 | req.query.rawHtml | views/njk_sinks.njk:4:12:4:18 | rawHtml | -| app.js:46:18:46:34 | req.query.rawHtml | views/njk_sinks.njk:4:12:4:18 | rawHtml | -| app.js:46:18:46:34 | req.query.rawHtml | views/njk_sinks.njk:4:12:4:18 | rawHtml | -| app.js:46:18:46:34 | req.query.rawHtml | views/njk_sinks.njk:4:12:4:18 | rawHtml | -| app.js:46:18:46:34 | req.query.rawHtml | views/njk_sinks.njk:4:12:4:18 | rawHtml | -| app.js:46:18:46:34 | req.query.rawHtml | views/njk_sinks.njk:4:12:4:18 | rawHtml | -| app.js:49:26:49:46 | req.que ... tmlProp | views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | -| app.js:49:26:49:46 | req.que ... tmlProp | views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | -| app.js:49:26:49:46 | req.que ... tmlProp | views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | -| app.js:49:26:49:46 | req.que ... tmlProp | views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | -| app.js:49:26:49:46 | req.que ... tmlProp | views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | -| app.js:49:26:49:46 | req.que ... tmlProp | views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | -| app.js:49:26:49:46 | req.que ... tmlProp | views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | -| app.js:52:33:52:64 | req.que ... eralRaw | views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | -| app.js:52:33:52:64 | req.que ... eralRaw | views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | -| app.js:52:33:52:64 | req.que ... eralRaw | views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | -| app.js:52:33:52:64 | req.que ... eralRaw | views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | -| app.js:52:33:52:64 | req.que ... eralRaw | views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | -| app.js:52:33:52:64 | req.que ... eralRaw | views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | -| app.js:52:33:52:64 | req.que ... eralRaw | views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:55:37:55:72 | req.que ... JsonRaw | views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | -| app.js:55:37:55:72 | req.que ... JsonRaw | views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | -| app.js:55:37:55:72 | req.que ... JsonRaw | views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | -| app.js:55:37:55:72 | req.que ... JsonRaw | views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:22:16:22:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:22:16:22:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:22:16:22:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:22:16:22:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:42:16:42:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:42:16:42:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:42:16:42:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:42:16:42:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | -| projectA/src/index.js:47:16:47:30 | req.query.sinkA | projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | -| projectA/src/index.js:47:16:47:30 | req.query.sinkA | projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | -| projectA/src/index.js:47:16:47:30 | req.query.sinkA | projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | -| projectA/src/index.js:47:16:47:30 | req.query.sinkA | projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | -| projectA/views/main.ejs:2:5:2:9 | sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/main.ejs:2:5:2:9 | sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/main.ejs:2:5:2:9 | sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/main.ejs:2:5:2:9 | sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectA/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | -| projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | -| projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | -| projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | -| projectA/views/upward_traversal.ejs:1:5:1:9 | sinkA | projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | -| projectB/src/index.js:6:38:6:53 | req.query.taintB | projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectB/src/index.js:6:38:6:53 | req.query.taintB | projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectB/src/index.js:6:38:6:53 | req.query.taintB | projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectB/src/index.js:6:38:6:53 | req.query.taintB | projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | -| projectB/src/index.js:13:16:13:30 | req.query.sinkB | projectB/views/main.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:13:16:13:30 | req.query.sinkB | projectB/views/main.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:13:16:13:30 | req.query.sinkB | projectB/views/main.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:13:16:13:30 | req.query.sinkB | projectB/views/main.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:18:16:18:30 | req.query.sinkB | projectB/views/main.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:18:16:18:30 | req.query.sinkB | projectB/views/main.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:18:16:18:30 | req.query.sinkB | projectB/views/main.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:18:16:18:30 | req.query.sinkB | projectB/views/main.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:23:16:23:30 | req.query.sinkB | projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:23:16:23:30 | req.query.sinkB | projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:23:16:23:30 | req.query.sinkB | projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:23:16:23:30 | req.query.sinkB | projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:38:16:38:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:38:16:38:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:38:16:38:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:38:16:38:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:43:16:43:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:43:16:43:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:43:16:43:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | -| projectB/src/index.js:43:16:43:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | -| projectB/views/main.ejs:3:5:3:9 | sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/main.ejs:3:5:3:9 | sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/main.ejs:3:5:3:9 | sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/main.ejs:3:5:3:9 | sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectB/views/main.ejs:5:5:5:23 | taintedInMiddleware | projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | -| projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/index.ejs:3:5:3:9 | sinkB | projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | -| projectB/views/subfolder/other.ejs:3:5:3:9 | sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/ejs_include1.ejs:1:5:1:7 | foo | views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | -| views/ejs_include1.ejs:1:5:1:7 | foo | views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | -| views/ejs_include1.ejs:1:5:1:7 | foo | views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | -| views/ejs_include1.ejs:1:5:1:7 | foo | views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | -| views/ejs_include2.ejs:1:5:1:11 | rawHtml | views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | -| views/ejs_include2.ejs:1:5:1:11 | rawHtml | views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | -| views/ejs_include2.ejs:1:5:1:11 | rawHtml | views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | -| views/ejs_include2.ejs:1:5:1:11 | rawHtml | views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | -| views/ejs_sinks.ejs:4:13:4:19 | rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/ejs_sinks.ejs:4:13:4:19 | rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/ejs_sinks.ejs:4:13:4:19 | rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/ejs_sinks.ejs:4:13:4:19 | rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/ejs_sinks.ejs:7:13:7:30 | object.rawHtmlProp | views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | -| views/ejs_sinks.ejs:7:13:7:30 | object.rawHtmlProp | views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | -| views/ejs_sinks.ejs:7:13:7:30 | object.rawHtmlProp | views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | -| views/ejs_sinks.ejs:7:13:7:30 | object.rawHtmlProp | views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | -| views/ejs_sinks.ejs:11:47:11:68 | dataInS ... eralRaw | views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | -| views/ejs_sinks.ejs:11:47:11:68 | dataInS ... eralRaw | views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | -| views/ejs_sinks.ejs:11:47:11:68 | dataInS ... eralRaw | views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | -| views/ejs_sinks.ejs:11:47:11:68 | dataInS ... eralRaw | views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | -| views/ejs_sinks.ejs:14:46:14:67 | dataInG ... CodeRaw | views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | -| views/ejs_sinks.ejs:14:46:14:67 | dataInG ... CodeRaw | views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | -| views/ejs_sinks.ejs:14:46:14:67 | dataInG ... CodeRaw | views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | -| views/ejs_sinks.ejs:14:46:14:67 | dataInG ... CodeRaw | views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | -| views/ejs_sinks.ejs:22:43:22:69 | dataInE ... ringRaw | views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | -| views/ejs_sinks.ejs:22:43:22:69 | dataInE ... ringRaw | views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | -| views/ejs_sinks.ejs:22:43:22:69 | dataInE ... ringRaw | views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | -| views/ejs_sinks.ejs:22:43:22:69 | dataInE ... ringRaw | views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | -| views/ejs_sinks.ejs:24:44:24:50 | rawHtml | views/ejs_include1.ejs:1:5:1:7 | foo | -| views/ejs_sinks.ejs:24:44:24:50 | rawHtml | views/ejs_include1.ejs:1:5:1:7 | foo | -| views/hbs_sinks.hbs:9:13:9:19 | rawHtml | views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | -| views/hbs_sinks.hbs:9:13:9:19 | rawHtml | views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | -| views/hbs_sinks.hbs:9:13:9:19 | rawHtml | views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | -| views/hbs_sinks.hbs:9:13:9:19 | rawHtml | views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | -| views/hbs_sinks.hbs:10:13:10:19 | rawHtml | views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | -| views/hbs_sinks.hbs:10:13:10:19 | rawHtml | views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | -| views/hbs_sinks.hbs:10:13:10:19 | rawHtml | views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | -| views/hbs_sinks.hbs:10:13:10:19 | rawHtml | views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | -| views/hbs_sinks.hbs:11:13:11:19 | rawHtml | views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | -| views/hbs_sinks.hbs:11:13:11:19 | rawHtml | views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | -| views/hbs_sinks.hbs:11:13:11:19 | rawHtml | views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | -| views/hbs_sinks.hbs:11:13:11:19 | rawHtml | views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | -| views/hbs_sinks.hbs:12:13:12:19 | rawHtml | views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | -| views/hbs_sinks.hbs:12:13:12:19 | rawHtml | views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | -| views/hbs_sinks.hbs:12:13:12:19 | rawHtml | views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | -| views/hbs_sinks.hbs:12:13:12:19 | rawHtml | views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | -| views/hbs_sinks.hbs:13:14:13:20 | rawHtml | views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | -| views/hbs_sinks.hbs:13:14:13:20 | rawHtml | views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | -| views/hbs_sinks.hbs:13:14:13:20 | rawHtml | views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | -| views/hbs_sinks.hbs:13:14:13:20 | rawHtml | views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | -| views/hbs_sinks.hbs:15:13:15:19 | rawHtml | views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | -| views/hbs_sinks.hbs:15:13:15:19 | rawHtml | views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | -| views/hbs_sinks.hbs:15:13:15:19 | rawHtml | views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | -| views/hbs_sinks.hbs:15:13:15:19 | rawHtml | views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | -| views/hbs_sinks.hbs:19:13:19:30 | object.rawHtmlProp | views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | -| views/hbs_sinks.hbs:19:13:19:30 | object.rawHtmlProp | views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | -| views/hbs_sinks.hbs:19:13:19:30 | object.rawHtmlProp | views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | -| views/hbs_sinks.hbs:19:13:19:30 | object.rawHtmlProp | views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | -| views/hbs_sinks.hbs:23:47:23:68 | dataInS ... eralRaw | views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | -| views/hbs_sinks.hbs:23:47:23:68 | dataInS ... eralRaw | views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | -| views/hbs_sinks.hbs:23:47:23:68 | dataInS ... eralRaw | views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | -| views/hbs_sinks.hbs:23:47:23:68 | dataInS ... eralRaw | views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | -| views/hbs_sinks.hbs:26:46:26:67 | dataInG ... CodeRaw | views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | -| views/hbs_sinks.hbs:26:46:26:67 | dataInG ... CodeRaw | views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | -| views/hbs_sinks.hbs:26:46:26:67 | dataInG ... CodeRaw | views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | -| views/hbs_sinks.hbs:26:46:26:67 | dataInG ... CodeRaw | views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | -| views/hbs_sinks.hbs:34:43:34:69 | dataInE ... ringRaw | views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | -| views/hbs_sinks.hbs:34:43:34:69 | dataInE ... ringRaw | views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | -| views/hbs_sinks.hbs:34:43:34:69 | dataInE ... ringRaw | views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | -| views/hbs_sinks.hbs:34:43:34:69 | dataInE ... ringRaw | views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | -| views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | -| views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | -| views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | -| views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | -#select -| projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:12:16:12:30 | req.query.sinkA | user-provided value | -| projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:17:16:17:30 | req.query.sinkA | user-provided value | -| projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:6:38:6:53 | req.query.taintA | user-provided value | -| projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:22:16:22:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:22:16:22:30 | req.query.sinkA | user-provided value | -| projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:37:16:37:30 | req.query.sinkA | user-provided value | -| projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:42:16:42:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:42:16:42:30 | req.query.sinkA | user-provided value | -| projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | projectA/src/index.js:47:16:47:30 | req.query.sinkA | projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:47:16:47:30 | req.query.sinkA | user-provided value | -| projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | projectB/src/index.js:13:16:13:30 | req.query.sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:13:16:13:30 | req.query.sinkB | user-provided value | -| projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | projectB/src/index.js:18:16:18:30 | req.query.sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:18:16:18:30 | req.query.sinkB | user-provided value | -| projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | projectB/src/index.js:6:38:6:53 | req.query.taintB | projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:6:38:6:53 | req.query.taintB | user-provided value | -| projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | projectB/src/index.js:23:16:23:30 | req.query.sinkB | projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:23:16:23:30 | req.query.sinkB | user-provided value | -| projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | projectB/src/index.js:38:16:38:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:38:16:38:30 | req.query.sinkB | user-provided value | -| projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | projectB/src/index.js:43:16:43:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | Cross-site scripting vulnerability due to $@. | projectB/src/index.js:43:16:43:30 | req.query.sinkB | user-provided value | -| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | Cross-site scripting vulnerability due to $@. | app.js:66:18:66:34 | req.query.rawHtml | user-provided value | -| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | Cross-site scripting vulnerability due to $@. | app.js:66:18:66:34 | req.query.rawHtml | user-provided value | -| views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | Cross-site scripting vulnerability due to $@. | app.js:8:18:8:34 | req.query.rawHtml | user-provided value | -| views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | Cross-site scripting vulnerability due to $@. | app.js:8:18:8:34 | req.query.rawHtml | user-provided value | -| views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | Cross-site scripting vulnerability due to $@. | app.js:8:18:8:34 | req.query.rawHtml | user-provided value | -| views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | app.js:11:26:11:46 | req.que ... tmlProp | views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | Cross-site scripting vulnerability due to $@. | app.js:11:26:11:46 | req.que ... tmlProp | user-provided value | -| views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | app.js:14:33:14:64 | req.que ... eralRaw | views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | Cross-site scripting vulnerability due to $@. | app.js:14:33:14:64 | req.que ... eralRaw | user-provided value | -| views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | app.js:16:33:16:64 | req.que ... CodeRaw | views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | Cross-site scripting vulnerability due to $@. | app.js:16:33:16:64 | req.que ... CodeRaw | user-provided value | -| views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | app.js:20:38:20:74 | req.que ... ringRaw | views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | Cross-site scripting vulnerability due to $@. | app.js:20:38:20:74 | req.que ... ringRaw | user-provided value | -| views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | Cross-site scripting vulnerability due to $@. | app.js:27:18:27:34 | req.query.rawHtml | user-provided value | -| views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | Cross-site scripting vulnerability due to $@. | app.js:27:18:27:34 | req.query.rawHtml | user-provided value | -| views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | Cross-site scripting vulnerability due to $@. | app.js:27:18:27:34 | req.query.rawHtml | user-provided value | -| views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | Cross-site scripting vulnerability due to $@. | app.js:27:18:27:34 | req.query.rawHtml | user-provided value | -| views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | Cross-site scripting vulnerability due to $@. | app.js:27:18:27:34 | req.query.rawHtml | user-provided value | -| views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | Cross-site scripting vulnerability due to $@. | app.js:27:18:27:34 | req.query.rawHtml | user-provided value | -| views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | app.js:30:26:30:46 | req.que ... tmlProp | views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | Cross-site scripting vulnerability due to $@. | app.js:30:26:30:46 | req.que ... tmlProp | user-provided value | -| views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | app.js:33:33:33:64 | req.que ... eralRaw | views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | Cross-site scripting vulnerability due to $@. | app.js:33:33:33:64 | req.que ... eralRaw | user-provided value | -| views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | app.js:35:33:35:64 | req.que ... CodeRaw | views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | Cross-site scripting vulnerability due to $@. | app.js:35:33:35:64 | req.que ... CodeRaw | user-provided value | -| views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | app.js:39:38:39:74 | req.que ... ringRaw | views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | Cross-site scripting vulnerability due to $@. | app.js:39:38:39:74 | req.que ... ringRaw | user-provided value | -| views/njk_sinks.njk:4:12:4:18 | rawHtml | app.js:46:18:46:34 | req.query.rawHtml | views/njk_sinks.njk:4:12:4:18 | rawHtml | Cross-site scripting vulnerability due to $@. | app.js:46:18:46:34 | req.query.rawHtml | user-provided value | -| views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | app.js:49:26:49:46 | req.que ... tmlProp | views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | Cross-site scripting vulnerability due to $@. | app.js:49:26:49:46 | req.que ... tmlProp | user-provided value | -| views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | app.js:52:33:52:64 | req.que ... eralRaw | views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | Cross-site scripting vulnerability due to $@. | app.js:52:33:52:64 | req.que ... eralRaw | user-provided value | -| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | Cross-site scripting vulnerability due to $@. | app.js:54:33:54:64 | req.que ... CodeRaw | user-provided value | -| views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | app.js:55:37:55:72 | req.que ... JsonRaw | views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | Cross-site scripting vulnerability due to $@. | app.js:55:37:55:72 | req.que ... JsonRaw | user-provided value | -| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | Cross-site scripting vulnerability due to $@. | app.js:59:38:59:74 | req.que ... ringRaw | user-provided value | diff --git a/javascript/ql/test/library-tests/frameworks/Templating/Xss.qlref b/javascript/ql/test/library-tests/frameworks/Templating/Xss.qlref deleted file mode 100644 index 353427de4718..000000000000 --- a/javascript/ql/test/library-tests/frameworks/Templating/Xss.qlref +++ /dev/null @@ -1 +0,0 @@ -Security/CWE-079/Xss.ql diff --git a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected new file mode 100644 index 000000000000..168b17e2a1b3 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected @@ -0,0 +1,40 @@ +legacyDataFlowDifference +flow +| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | +| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | +| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | +| app.js:11:26:11:46 | req.que ... tmlProp | views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | +| app.js:14:33:14:64 | req.que ... eralRaw | views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | +| app.js:16:33:16:64 | req.que ... CodeRaw | views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | +| app.js:20:38:20:74 | req.que ... ringRaw | views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | +| app.js:30:26:30:46 | req.que ... tmlProp | views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | +| app.js:33:33:33:64 | req.que ... eralRaw | views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | +| app.js:35:33:35:64 | req.que ... CodeRaw | views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | +| app.js:39:38:39:74 | req.que ... ringRaw | views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | +| app.js:46:18:46:34 | req.query.rawHtml | views/njk_sinks.njk:4:12:4:18 | rawHtml | +| app.js:49:26:49:46 | req.que ... tmlProp | views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | +| app.js:52:33:52:64 | req.que ... eralRaw | views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | +| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | +| app.js:55:37:55:72 | req.que ... JsonRaw | views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | +| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | +| projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | +| projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:22:16:22:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:42:16:42:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:47:16:47:30 | req.query.sinkA | projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | +| projectB/src/index.js:6:38:6:53 | req.query.taintB | projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | +| projectB/src/index.js:13:16:13:30 | req.query.sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:18:16:18:30 | req.query.sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:23:16:23:30 | req.query.sinkB | projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:38:16:38:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:43:16:43:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | diff --git a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql new file mode 100644 index 000000000000..def7b2834408 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql @@ -0,0 +1,8 @@ +import javascript +import semmle.javascript.security.dataflow.DomBasedXssQuery +import testUtilities.LegacyDataFlowDiff + +deprecated query predicate legacyDataFlowDifference = + DataFlowDiff::legacyDataFlowDifference/3; + +query predicate flow = DomBasedXssFlow::flow/2; From 995df41532b5df433252460aa7c501362a13b764 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 10:00:56 +0200 Subject: [PATCH 124/223] JS: Update Vuex test --- .../frameworks/Vuex/test.expected | 2 ++ .../library-tests/frameworks/Vuex/test.ql | 28 ++++++++++++++----- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/Vuex/test.expected b/javascript/ql/test/library-tests/frameworks/Vuex/test.expected index e69de29bb2d1..d65d51bc4177 100644 --- a/javascript/ql/test/library-tests/frameworks/Vuex/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Vuex/test.expected @@ -0,0 +1,2 @@ +legacyDataFlowDifference +consistencyIssue diff --git a/javascript/ql/test/library-tests/frameworks/Vuex/test.ql b/javascript/ql/test/library-tests/frameworks/Vuex/test.ql index 55464dcf72cf..ac58a94374e1 100644 --- a/javascript/ql/test/library-tests/frameworks/Vuex/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Vuex/test.ql @@ -1,14 +1,28 @@ import javascript import testUtilities.ConsistencyChecking -class BasicTaint extends TaintTracking::Configuration { - BasicTaint() { this = "BasicTaint" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSource(DataFlow::Node node) { - node.(DataFlow::CallNode).getCalleeName() = "source" - } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } + +module TestFlow = TaintTracking::Global; + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff From 9372f7993df3db6c4dc28d97e444f8f2f737393d Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 10:02:04 +0200 Subject: [PATCH 125/223] JS: Update Generators test Data flow difference is benign --- .../Generators/DataFlow.expected | 5 ++++ .../test/library-tests/Generators/DataFlow.ql | 26 +++++++++++++++---- .../library-tests/Generators/generators.js | 20 ++++++++++++++ 3 files changed, 46 insertions(+), 5 deletions(-) diff --git a/javascript/ql/test/library-tests/Generators/DataFlow.expected b/javascript/ql/test/library-tests/Generators/DataFlow.expected index e69de29bb2d1..0b23f47de268 100644 --- a/javascript/ql/test/library-tests/Generators/DataFlow.expected +++ b/javascript/ql/test/library-tests/Generators/DataFlow.expected @@ -0,0 +1,5 @@ +legacyDataFlowDifference +| generators.js:2:16:2:23 | "source" | generators.js:37:10:37:10 | e | only flow with OLD data flow library | +| generators.js:2:16:2:23 | "source" | generators.js:46:10:46:10 | e | only flow with NEW data flow library | +| generators.js:2:16:2:23 | "source" | generators.js:51:10:51:10 | e | only flow with NEW data flow library | +consistencyIssue diff --git a/javascript/ql/test/library-tests/Generators/DataFlow.ql b/javascript/ql/test/library-tests/Generators/DataFlow.ql index 023c60ff8533..f613ed62f3b3 100644 --- a/javascript/ql/test/library-tests/Generators/DataFlow.ql +++ b/javascript/ql/test/library-tests/Generators/DataFlow.ql @@ -1,12 +1,28 @@ import javascript import testUtilities.ConsistencyChecking -class GeneratorFlowConfig extends DataFlow::Configuration { - GeneratorFlowConfig() { this = "GeneratorFlowConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - override predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } + +module TestFlow = DataFlow::Global; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "GeneratorFlowConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} diff --git a/javascript/ql/test/library-tests/Generators/generators.js b/javascript/ql/test/library-tests/Generators/generators.js index 89d5be345dcb..dc602f152648 100644 --- a/javascript/ql/test/library-tests/Generators/generators.js +++ b/javascript/ql/test/library-tests/Generators/generators.js @@ -31,6 +31,26 @@ sink(e); // NOT OK } + try { + gen4(); + } catch (e) { + sink(e); // OK - exception is only thrown upon iteration + } + + const iterator = gen4(); + try { + for (let v of iterator) { + sink(v); // OK + } + } catch (e) { + sink(e); // NOT OK + } + try { + Array.from(iterator); + } catch (e) { + sink(e); // NOT OK + } + function *delegating() { yield* delegate(); } From 50aace3fa39d9bd0ceabe04a9b1412e6816c6841 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 10:30:12 +0200 Subject: [PATCH 126/223] JS: Add global post-update steps --- .../dataflow/internal/DataFlowPrivate.qll | 2 ++ .../dataflow/internal/FlowSteps.qll | 23 +++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 0c269a7f1525..9de868317488 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -671,6 +671,8 @@ private predicate valuePreservingStep(Node node1, Node node2) { or FlowSteps::globalFlowStep(node1, node2) or + FlowSteps::globalPostUpdateStep(node1, node2) + or node2 = FlowSteps::getThrowTarget(node1) or FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll index 2ee04b8dbf56..6294072466d4 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll @@ -383,6 +383,14 @@ private module CachedSteps { result = DataFlow::valueNode(gv.getAnAccess()) } + /** + * Gets a post-update of `gv` in `f`. + */ + pragma[noinline] + private DataFlow::ExprPostUpdateNode getAPostUpdateIn(GlobalVariable gv, File f) { + result.getPreUpdateNode() = getAUseIn(gv, f) + } + /** * Holds if there is a flow step from `pred` to `succ` through a global * variable. Both `pred` and `succ` must be in the same file. @@ -395,6 +403,20 @@ private module CachedSteps { ) } + /** + * Holds if `pred` is a post-update node for a use of a global variable, and `succ` + * is a use of the global variable in the same file. + */ + cached + predicate globalPostUpdateStep(DataFlow::Node pred, DataFlow::Node succ) { + exists(GlobalVariable gv, File f | + pred = getAPostUpdateIn(gv, f) and + succ = getAUseIn(gv, f) and + // Remove some unnecessary steps + not succ = any(DataFlow::PropWrite write).getBase() + ) + } + /** * Holds if there is a write to property `prop` of global variable `gv` * in file `f`, where the right-hand side of the write is `rhs`. @@ -438,6 +460,7 @@ private module CachedSteps { predicate basicStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { succ.(DataFlow::SourceNode).hasPropertyWrite(prop, pred) or + // Note that this case is handled by globalPostUpdateStep in dataflow2 exists(GlobalVariable gv, File f | globalPropertyWrite(gv, f, prop, pred) and globalPropertyRead(gv, f, prop, succ) From 0d10aba67d16894fe17c144978e033b516b2ece0 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 21:11:30 +0200 Subject: [PATCH 127/223] Revert "JS: Add global post-update steps" This resulted in huge performance issues from too much global flow --- .../dataflow/internal/DataFlowPrivate.qll | 2 -- .../dataflow/internal/FlowSteps.qll | 23 ------------------- 2 files changed, 25 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 9de868317488..0c269a7f1525 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -671,8 +671,6 @@ private predicate valuePreservingStep(Node node1, Node node2) { or FlowSteps::globalFlowStep(node1, node2) or - FlowSteps::globalPostUpdateStep(node1, node2) - or node2 = FlowSteps::getThrowTarget(node1) or FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll index 6294072466d4..2ee04b8dbf56 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll @@ -383,14 +383,6 @@ private module CachedSteps { result = DataFlow::valueNode(gv.getAnAccess()) } - /** - * Gets a post-update of `gv` in `f`. - */ - pragma[noinline] - private DataFlow::ExprPostUpdateNode getAPostUpdateIn(GlobalVariable gv, File f) { - result.getPreUpdateNode() = getAUseIn(gv, f) - } - /** * Holds if there is a flow step from `pred` to `succ` through a global * variable. Both `pred` and `succ` must be in the same file. @@ -403,20 +395,6 @@ private module CachedSteps { ) } - /** - * Holds if `pred` is a post-update node for a use of a global variable, and `succ` - * is a use of the global variable in the same file. - */ - cached - predicate globalPostUpdateStep(DataFlow::Node pred, DataFlow::Node succ) { - exists(GlobalVariable gv, File f | - pred = getAPostUpdateIn(gv, f) and - succ = getAUseIn(gv, f) and - // Remove some unnecessary steps - not succ = any(DataFlow::PropWrite write).getBase() - ) - } - /** * Holds if there is a write to property `prop` of global variable `gv` * in file `f`, where the right-hand side of the write is `rhs`. @@ -460,7 +438,6 @@ private module CachedSteps { predicate basicStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { succ.(DataFlow::SourceNode).hasPropertyWrite(prop, pred) or - // Note that this case is handled by globalPostUpdateStep in dataflow2 exists(GlobalVariable gv, File f | globalPropertyWrite(gv, f, prop, pred) and globalPropertyRead(gv, f, prop, succ) From 458f0a077cf06accfd2dc349c2f3e9e8ecaff1df Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 10:31:12 +0200 Subject: [PATCH 128/223] JS: Port InterProceduralFlow test All the new results are benign --- .../InterProceduralFlow/DataFlowConfig.qll | 12 ++--- .../InterProceduralFlow/async.js | 12 ++--- .../InterProceduralFlow/properties2.js | 2 +- .../InterProceduralFlow/tests.expected | 11 ++++ .../InterProceduralFlow/tests.ql | 53 +++++++++---------- 5 files changed, 49 insertions(+), 41 deletions(-) diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll b/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll index 12edfc8b713d..f47fd78c159d 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll +++ b/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll @@ -1,23 +1,21 @@ import javascript -class TestDataFlowConfiguration extends DataFlow::Configuration { - TestDataFlowConfiguration() { this = "TestDataFlowConfiguration" } - - override predicate isSource(DataFlow::Node src) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%source%") and src.asExpr() = vd.getInit() ) } - override predicate isSink(DataFlow::Node snk) { + predicate isSink(DataFlow::Node snk) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%sink%") and snk.asExpr() = vd.getInit() ) } - override predicate isBarrier(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { exists(Function f | f.getName().matches("%noReturnTracking%") and node = f.getAReturnedExpr().flow() @@ -26,3 +24,5 @@ class TestDataFlowConfiguration extends DataFlow::Configuration { node.asExpr().(PropAccess).getPropertyName() = "notTracked" } } + +module TestFlow = DataFlow::Global; diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/async.js b/javascript/ql/test/library-tests/InterProceduralFlow/async.js index f91cda9cea85..21b9cb4852e7 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/async.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/async.js @@ -11,7 +11,7 @@ return source; } let sink3 = sync(); // NOT OK - let sink4 = await sync(); // OK + let sink4 = await sync(); // NOT OK async function throwsAsync() { throw source; @@ -64,7 +64,7 @@ return x.x; } - var sink8 = unpack(pack(source)); // OK + var sink8 = unpack(pack(source)); // OK let sink9 = unpack(await (pack(source))); // NOT OK - but not found } })(); @@ -75,19 +75,19 @@ async function props() { p: x }; } - + let source = "source"; let sink = (await (foo(source))).p; // NOT OK - this requires the immidiatly awaited storeStep. let sink2 = foo("not a source").p; - + async function getP(base) { return base.p; } - + async function getQ(base) { return base.q; } - + let o3 = { p: source }; let sink6 = await (getP(o3)); // NOT OK - this requires the immidiatly awaited loadStep let sink7 = await (getQ(o3)); diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js b/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js index 9f1b0c9ba070..83f0b701d10f 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js @@ -14,7 +14,7 @@ function setP(base, rhs) { var o = {}; setP(o, source); -var sink3 = o.p; // flow from `source` not yet detected +var sink3 = o.p; var sink4 = o.q; var o2 = {}; diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected index 2088e2c1ca26..7278acf71610 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected +++ b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected @@ -4,6 +4,7 @@ dataFlow | a.js:2:15:2:28 | "also tainted" | b.js:5:13:5:29 | notTaintedTrustMe | | async.js:2:16:2:23 | "source" | async.js:8:15:8:27 | await async() | | async.js:2:16:2:23 | "source" | async.js:13:15:13:20 | sync() | +| async.js:2:16:2:23 | "source" | async.js:14:15:14:26 | await sync() | | async.js:2:16:2:23 | "source" | async.js:27:17:27:17 | e | | async.js:2:16:2:23 | "source" | async.js:36:17:36:17 | e | | async.js:2:16:2:23 | "source" | async.js:41:17:41:17 | e | @@ -24,6 +25,7 @@ dataFlow | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | | global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | +| global.js:1:15:1:24 | "tainted1" | global.js:18:13:18:24 | win.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -55,7 +57,9 @@ dataFlow | promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | +| properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | +| properties2.js:7:14:7:21 | "source" | properties2.js:38:13:38:20 | getP(o4) | | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | @@ -106,6 +110,7 @@ taintTracking | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | | global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | +| global.js:1:15:1:24 | "tainted1" | global.js:18:13:18:24 | win.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -140,7 +145,9 @@ taintTracking | promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | +| properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | +| properties2.js:7:14:7:21 | "source" | properties2.js:38:13:38:20 | getP(o4) | | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | @@ -191,6 +198,7 @@ germanFlow | a.js:2:15:2:28 | "also tainted" | b.js:5:13:5:29 | notTaintedTrustMe | | async.js:2:16:2:23 | "source" | async.js:8:15:8:27 | await async() | | async.js:2:16:2:23 | "source" | async.js:13:15:13:20 | sync() | +| async.js:2:16:2:23 | "source" | async.js:14:15:14:26 | await sync() | | async.js:2:16:2:23 | "source" | async.js:27:17:27:17 | e | | async.js:2:16:2:23 | "source" | async.js:36:17:36:17 | e | | async.js:2:16:2:23 | "source" | async.js:41:17:41:17 | e | @@ -212,6 +220,7 @@ germanFlow | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | | global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | +| global.js:1:15:1:24 | "tainted1" | global.js:18:13:18:24 | win.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -243,7 +252,9 @@ germanFlow | promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | +| properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | +| properties2.js:7:14:7:21 | "source" | properties2.js:38:13:38:20 | getP(o4) | | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql b/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql index a490c4c9146f..e20ec8ff6d4e 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql +++ b/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql @@ -1,8 +1,7 @@ +import javascript import DataFlowConfig -query predicate dataFlow(DataFlow::Node src, DataFlow::Node snk) { - exists(TestDataFlowConfiguration tttc | tttc.hasFlow(src, snk)) -} +query predicate dataFlow(DataFlow::Node src, DataFlow::Node snk) { TestFlow::flow(src, snk) } class Parity extends DataFlow::FlowLabel { Parity() { this = "even" or this = "odd" } @@ -10,21 +9,21 @@ class Parity extends DataFlow::FlowLabel { Parity flip() { result != this } } -class FLowLabelConfig extends DataFlow::Configuration { - FLowLabelConfig() { this = "FLowLabelConfig" } +module FlowLabelConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node nd, DataFlow::FlowLabel lbl) { + predicate isSource(DataFlow::Node nd, DataFlow::FlowLabel lbl) { nd.(DataFlow::CallNode).getCalleeName() = "source" and lbl = "even" } - override predicate isSink(DataFlow::Node nd, DataFlow::FlowLabel lbl) { + predicate isSink(DataFlow::Node nd, DataFlow::FlowLabel lbl) { nd = any(DataFlow::CallNode c | c.getCalleeName() = "sink").getAnArgument() and lbl = "even" } - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predLabel, + predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::FlowLabel predLabel, DataFlow::Node succ, DataFlow::FlowLabel succLabel ) { exists(DataFlow::CallNode c | c = succ | @@ -35,28 +34,28 @@ class FLowLabelConfig extends DataFlow::Configuration { } } -query predicate flowLabels(DataFlow::PathNode source, DataFlow::PathNode sink) { - exists(FLowLabelConfig cfg | cfg.hasFlowPath(source, sink)) -} +module FlowLabelFlow = DataFlow::GlobalWithState; -class TestTaintTrackingConfiguration extends TaintTracking::Configuration { - TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" } +query predicate flowLabels(FlowLabelFlow::PathNode source, FlowLabelFlow::PathNode sink) { + FlowLabelFlow::flowPath(source, sink) +} - override predicate isSource(DataFlow::Node src) { +module TaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%source%") and src.asExpr() = vd.getInit() ) } - override predicate isSink(DataFlow::Node snk) { + predicate isSink(DataFlow::Node snk) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%sink%") and snk.asExpr() = vd.getInit() ) } - override predicate isSanitizer(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { exists(Function f | f.getName().matches("%noReturnTracking%") and node = f.getAReturnedExpr().flow() @@ -66,14 +65,12 @@ class TestTaintTrackingConfiguration extends TaintTracking::Configuration { } } -query predicate taintTracking(DataFlow::Node src, DataFlow::Node snk) { - exists(TestTaintTrackingConfiguration tttc | tttc.hasFlow(src, snk)) -} +module TaintFlow = TaintTracking::Global; -class GermanFlowConfig extends DataFlow::Configuration { - GermanFlowConfig() { this = "GermanFlowConfig" } +query predicate taintTracking(DataFlow::Node src, DataFlow::Node snk) { TaintFlow::flow(src, snk) } - override predicate isSource(DataFlow::Node src) { +module GermanConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%source%") and src.asExpr() = vd.getInit() @@ -82,7 +79,7 @@ class GermanFlowConfig extends DataFlow::Configuration { src.asExpr() = any(Variable v | v.getName() = "quelle").getAnAssignedExpr() } - override predicate isSink(DataFlow::Node snk) { + predicate isSink(DataFlow::Node snk) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%sink%") and snk.asExpr() = vd.getInit() @@ -91,7 +88,7 @@ class GermanFlowConfig extends DataFlow::Configuration { snk.asExpr() = any(Variable v | v.getName() = "abfluss").getAnAssignedExpr() } - override predicate isBarrier(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { exists(Function f | f.getName().matches("%noReturnTracking%") and node = f.getAReturnedExpr().flow() @@ -101,6 +98,6 @@ class GermanFlowConfig extends DataFlow::Configuration { } } -query predicate germanFlow(DataFlow::Node src, DataFlow::Node snk) { - exists(GermanFlowConfig tttc | tttc.hasFlow(src, snk)) -} +module GermanFlow = DataFlow::Global; + +query predicate germanFlow(DataFlow::Node src, DataFlow::Node snk) { GermanFlow::flow(src, snk) } From dd8a24c6c0e1be3516c2e8f4e4de5cb9b5e5ac17 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 10:33:27 +0200 Subject: [PATCH 129/223] JS: Port LabelledBarrierGuards test --- .../LabelledBarrierGuards.expected | 2 + .../LabelledBarrierGuards.ql | 46 ++++++++++++++++--- 2 files changed, 41 insertions(+), 7 deletions(-) diff --git a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected index c4ce68baa8b9..4597c58babe3 100644 --- a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected +++ b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +#select | tst.js:2:11:2:18 | source() | tst.js:8:12:8:12 | x | | tst.js:2:11:2:18 | source() | tst.js:12:12:12:12 | x | | tst.js:2:11:2:18 | source() | tst.js:14:12:14:12 | x | diff --git a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql index 002fafb8c2bc..781db8026f32 100644 --- a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql +++ b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql @@ -4,15 +4,15 @@ class CustomFlowLabel extends DataFlow::FlowLabel { CustomFlowLabel() { this = "A" or this = "B" } } -class Config extends TaintTracking::Configuration { - Config() { this = "Config" } +module TestConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node node, DataFlow::FlowLabel lbl) { + predicate isSource(DataFlow::Node node, DataFlow::FlowLabel lbl) { node.(DataFlow::CallNode).getCalleeName() = "source" and lbl instanceof CustomFlowLabel } - override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { + predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" and node = call.getAnArgument() and @@ -20,10 +20,32 @@ class Config extends TaintTracking::Configuration { ) } - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { + additional predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { node instanceof IsTypeAGuard or node instanceof IsSanitizedGuard } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + node = DataFlow::MakeLegacyBarrierGuardLabeled::getABarrierNode(lbl) + } +} + +module TestFlow = TaintTracking::GlobalWithState; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node node, DataFlow::FlowLabel lbl) { + TestConfig::isSource(node, lbl) + } + + override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { + TestConfig::isSink(node, lbl) + } + + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { + TestConfig::isBarrierGuard(node) + } } /** @@ -34,6 +56,10 @@ class IsTypeAGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::C IsTypeAGuard() { this.getCalleeName() = "isTypeA" } override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + this.blocksExpr(outcome, e, lbl) + } + + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { e = this.getArgument(0).asExpr() and ( outcome = true and lbl = "B" @@ -47,6 +73,10 @@ class IsSanitizedGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlo IsSanitizedGuard() { this.getCalleeName() = "sanitizeA" or this.getCalleeName() = "sanitizeB" } override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + this.blocksExpr(outcome, e, lbl) + } + + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { e = this.getArgument(0).asExpr() and outcome = true and ( @@ -57,6 +87,8 @@ class IsSanitizedGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlo } } -from Config cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node source, DataFlow::Node sink +where TestFlow::flow(source, sink) select source, sink From 81bd292a161602b6709ada5ba0b43a82e582de2d Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 10:39:19 +0200 Subject: [PATCH 130/223] JS: Port Promises test Result changes are benign --- .../ql/test/library-tests/Promises/flow.js | 2 +- .../ql/test/library-tests/Promises/flow.qll | 49 +++++++++++++------ .../ql/test/library-tests/Promises/flow2.js | 8 +-- .../library-tests/Promises/tests.expected | 6 ++- 4 files changed, 45 insertions(+), 20 deletions(-) diff --git a/javascript/ql/test/library-tests/Promises/flow.js b/javascript/ql/test/library-tests/Promises/flow.js index 81af660561a8..189e870fceed 100644 --- a/javascript/ql/test/library-tests/Promises/flow.js +++ b/javascript/ql/test/library-tests/Promises/flow.js @@ -65,7 +65,7 @@ await new Promise((resolve, reject) => reject(source)); } try { - throws(); + await throws(); } catch(e) { sink(e); // NOT OK! } diff --git a/javascript/ql/test/library-tests/Promises/flow.qll b/javascript/ql/test/library-tests/Promises/flow.qll index 94c2af706749..90069773b45d 100644 --- a/javascript/ql/test/library-tests/Promises/flow.qll +++ b/javascript/ql/test/library-tests/Promises/flow.qll @@ -1,39 +1,60 @@ import javascript private import semmle.javascript.dataflow.internal.StepSummary +import testUtilities.LegacyDataFlowDiff -class Configuration extends DataFlow::Configuration { - Configuration() { this = "PromiseDataFlowFlowTestingConfig" } - - override predicate isSource(DataFlow::Node source) { +module ValueFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.getEnclosingExpr().getStringValue() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { any(DataFlow::InvokeNode call | call.getCalleeName() = "sink").getAnArgument() = sink } } -class TaintConfig extends TaintTracking::Configuration { - TaintConfig() { this = "PromiseTaintFlowTestingConfig" } +module ValueFlow = DataFlow::Global; - override predicate isSource(DataFlow::Node source) { +module TaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.getEnclosingExpr().getStringValue() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { any(DataFlow::InvokeNode call | call.getCalleeName() = "sink").getAnArgument() = sink } } -query predicate flow(DataFlow::Node source, DataFlow::Node sink) { - any(Configuration c).hasFlow(source, sink) -} +module TaintFlow = TaintTracking::Global; + +query predicate flow(DataFlow::Node source, DataFlow::Node sink) { ValueFlow::flow(source, sink) } query predicate exclusiveTaintFlow(DataFlow::Node source, DataFlow::Node sink) { - not any(Configuration c).hasFlow(source, sink) and - any(TaintConfig c).hasFlow(source, sink) + not ValueFlow::flow(source, sink) and + TaintFlow::flow(source, sink) } query predicate typetrack(DataFlow::SourceNode succ, DataFlow::SourceNode pred, StepSummary summary) { succ = PromiseTypeTracking::promiseStep(pred, summary) } + +class LegacyValueConfig extends DataFlow::Configuration { + LegacyValueConfig() { this = "LegacyValueConfig" } + + override predicate isSource(DataFlow::Node source) { ValueFlowConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { ValueFlowConfig::isSink(sink) } +} + +query predicate valueFlowDifference = + DataFlowDiff::legacyDataFlowDifference/3; + +class LegacyTaintConfig extends TaintTracking::Configuration { + LegacyTaintConfig() { this = "LegacyTaintConfig" } + + override predicate isSource(DataFlow::Node source) { TaintConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TaintConfig::isSink(sink) } +} + +query predicate taintFlowDifference = + DataFlowDiff::legacyDataFlowDifference/3; diff --git a/javascript/ql/test/library-tests/Promises/flow2.js b/javascript/ql/test/library-tests/Promises/flow2.js index ccafb83fd3f5..87994bd8245b 100644 --- a/javascript/ql/test/library-tests/Promises/flow2.js +++ b/javascript/ql/test/library-tests/Promises/flow2.js @@ -17,11 +17,11 @@ var [clean3, tainted3] = await Promise.all(["clean", Promise.resolve(source)]); sink(clean3); // OK - sink(tainted3); // NOT OK - but only flagged by taint-tracking + sink(tainted3); // NOT OK var tainted4 = await Promise.race(["clean", Promise.resolve(source)]); - sink(tainted4); // NOT OK - but only flagged by taint-tracking + sink(tainted4); // NOT OK var tainted5 = await Promise.any(["clean", Promise.resolve(source)]); - sink(tainted5); // NOT OK - but only flagged by taint-tracking -}); \ No newline at end of file + sink(tainted5); // NOT OK +}); diff --git a/javascript/ql/test/library-tests/Promises/tests.expected b/javascript/ql/test/library-tests/Promises/tests.expected index c600ce91be49..b20e828c472a 100644 --- a/javascript/ql/test/library-tests/Promises/tests.expected +++ b/javascript/ql/test/library-tests/Promises/tests.expected @@ -237,6 +237,7 @@ flow | flow2.js:2:15:2:22 | "source" | flow2.js:6:8:6:13 | arr[0] | | flow2.js:2:15:2:22 | "source" | flow2.js:12:7:12:13 | tainted | | flow2.js:2:15:2:22 | "source" | flow2.js:16:7:16:14 | tainted2 | +| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted3 | | flow2.js:2:15:2:22 | "source" | flow2.js:23:7:23:14 | tainted4 | | flow2.js:2:15:2:22 | "source" | flow2.js:26:7:26:14 | tainted5 | | flow.js:2:15:2:22 | "source" | flow.js:5:7:5:14 | await p1 | @@ -273,7 +274,6 @@ flow | flow.js:136:15:136:22 | "source" | flow.js:142:7:142:19 | await async() | | flow.js:136:15:136:22 | "source" | flow.js:155:9:155:9 | e | exclusiveTaintFlow -| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted3 | | flow.js:136:15:136:22 | "source" | flow.js:141:7:141:13 | async() | | flow.js:160:15:160:22 | "source" | flow.js:164:39:164:39 | x | | flow.js:160:15:160:22 | "source" | flow.js:167:7:167:9 | foo | @@ -367,6 +367,7 @@ typetrack | flow.js:62:2:62:24 | p12.cat ... ink(x)) | flow.js:62:17:62:23 | sink(x) | copy $PromiseResolveField$ | | flow.js:62:2:62:24 | p12.cat ... ink(x)) | flow.js:62:17:62:23 | sink(x) | store $PromiseResolveField$ | | flow.js:65:3:65:56 | await n ... ource)) | flow.js:65:9:65:56 | new Pro ... ource)) | load $PromiseResolveField$ | +| flow.js:68:3:68:16 | await throws() | flow.js:68:9:68:16 | throws() | load $PromiseResolveField$ | | flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:2:76:32 | chained ... => {}) | copy $PromiseResolveField$ | | flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:45:76:51 | sink(e) | copy $PromiseResolveField$ | | flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:45:76:51 | sink(e) | store $PromiseResolveField$ | @@ -462,3 +463,6 @@ typetrack | promises.js:143:17:143:50 | Synchro ... source) | promises.js:143:44:143:49 | source | store $PromiseResolveField$ | | promises.js:153:17:153:39 | Promise ... source) | promises.js:153:33:153:38 | source | copy $PromiseResolveField$ | | promises.js:153:17:153:39 | Promise ... source) | promises.js:153:33:153:38 | source | store $PromiseResolveField$ | +valueFlowDifference +| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted3 | only flow with NEW data flow library | +taintFlowDifference From 98d1bb382619b65972f312ba8bafd98d1c1ca78d Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 10:39:59 +0200 Subject: [PATCH 131/223] JS: Reorder result sets in a test (trivial change) --- .../library-tests/Promises/tests.expected | 122 +++++++++--------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/javascript/ql/test/library-tests/Promises/tests.expected b/javascript/ql/test/library-tests/Promises/tests.expected index b20e828c472a..1b0d54662816 100644 --- a/javascript/ql/test/library-tests/Promises/tests.expected +++ b/javascript/ql/test/library-tests/Promises/tests.expected @@ -1,3 +1,40 @@ +test_PromiseDefinition +| flow.js:7:11:7:59 | new Pro ... ource)) | +| flow.js:10:11:10:58 | new Pro ... ource)) | +| flow.js:13:11:13:58 | new Pro ... ource)) | +| flow.js:24:2:24:49 | new Pro ... ource)) | +| flow.js:26:2:26:49 | new Pro ... ource)) | +| flow.js:32:2:32:49 | new Pro ... ource)) | +| flow.js:40:2:40:49 | new Pro ... ource)) | +| flow.js:42:2:42:49 | new Pro ... ource)) | +| flow.js:48:2:48:36 | new Pro ... urce }) | +| flow.js:55:11:55:58 | new Pro ... ource)) | +| flow.js:60:12:60:59 | new Pro ... ource)) | +| flow.js:65:9:65:56 | new Pro ... ource)) | +| flow.js:74:10:74:57 | new Pro ... ource)) | +| flow.js:86:23:86:70 | new Pro ... ource)) | +| flow.js:91:21:91:68 | new Pro ... ource)) | +| flow.js:100:34:100:81 | new Pro ... ource)) | +| flow.js:103:2:103:48 | new Pro ... "BLA")) | +| flow.js:105:2:105:48 | new Pro ... "BLA")) | +| flow.js:107:17:107:64 | new Pro ... ource)) | +| flow.js:109:2:109:48 | new Pro ... "BLA")) | +| flow.js:111:2:111:48 | new Pro ... "BLA")) | +| flow.js:113:2:113:48 | new Pro ... "BLA")) | +| flow.js:117:2:117:48 | new Pro ... "BLA")) | +| flow.js:119:2:119:48 | new Pro ... "BLA")) | +| flow.js:129:2:129:52 | new Pro ... olved)) | +| interflow.js:11:12:15:6 | new Pro ... \\n }) | +| promises.js:3:17:5:4 | new Pro ... );\\n }) | +| promises.js:10:18:17:4 | new Pro ... );\\n }) | +| promises.js:33:19:35:6 | new Pro ... \\n }) | +| promises.js:43:19:45:6 | Q.Promi ... \\n }) | +| promises.js:88:17:90:4 | Q.Promi ... );\\n }) | +| promises.js:112:17:112:62 | new RSV ... ct) {}) | +| promises.js:124:19:124:30 | when(source) | +| promises.js:130:14:130:69 | new Pro ... s'); }) | +| promises.js:135:3:137:4 | new Pro ... );\\n }) | +| promises.js:148:10:148:49 | new Pro ... ect){}) | test_ResolvedPromiseDefinition | flow2.js:4:2:4:31 | Promise ... lean"]) | flow2.js:4:15:4:20 | source | | flow2.js:4:2:4:31 | Promise ... lean"]) | flow2.js:4:23:4:29 | "clean" | @@ -45,21 +82,6 @@ test_ResolvedPromiseDefinition | promises.js:125:20:125:39 | when.resolve(source) | promises.js:125:33:125:38 | source | | promises.js:143:17:143:50 | Synchro ... source) | promises.js:143:44:143:49 | source | | promises.js:153:17:153:39 | Promise ... source) | promises.js:153:33:153:38 | source | -test_PromiseDefinition_getARejectHandler -| flow.js:26:2:26:49 | new Pro ... ource)) | flow.js:26:69:26:80 | y => sink(y) | -| flow.js:32:2:32:49 | new Pro ... ource)) | flow.js:32:57:32:68 | x => sink(x) | -| flow.js:42:2:42:49 | new Pro ... ource)) | flow.js:42:67:42:75 | () => { } | -| flow.js:48:2:48:36 | new Pro ... urce }) | flow.js:48:44:48:55 | x => sink(x) | -| flow.js:103:2:103:48 | new Pro ... "BLA")) | flow.js:103:56:103:75 | x => {return source} | -| flow.js:105:2:105:48 | new Pro ... "BLA")) | flow.js:105:58:105:76 | x => {throw source} | -| flow.js:109:2:109:48 | new Pro ... "BLA")) | flow.js:109:58:109:70 | x => rejected | -| flow.js:111:2:111:48 | new Pro ... "BLA")) | flow.js:111:56:111:68 | x => rejected | -| flow.js:113:2:113:48 | new Pro ... "BLA")) | flow.js:113:56:113:68 | x => rejected | -| flow.js:117:2:117:48 | new Pro ... "BLA")) | flow.js:117:56:117:68 | x => resolved | -| flow.js:119:2:119:48 | new Pro ... "BLA")) | flow.js:119:56:119:68 | x => resolved | -| promises.js:10:18:17:4 | new Pro ... );\\n }) | promises.js:20:6:22:3 | (v) => ... v;\\n } | -| promises.js:10:18:17:4 | new Pro ... );\\n }) | promises.js:23:18:25:3 | (v) => ... v;\\n } | -| promises.js:10:18:17:4 | new Pro ... );\\n }) | promises.js:26:20:28:3 | (v) => ... v;\\n } | test_PromiseDefinition_getExecutor | flow.js:7:11:7:59 | new Pro ... ource)) | flow.js:7:23:7:58 | (resolv ... source) | | flow.js:10:11:10:58 | new Pro ... ource)) | flow.js:10:23:10:57 | (resolv ... source) | @@ -96,47 +118,34 @@ test_PromiseDefinition_getExecutor | promises.js:130:14:130:69 | new Pro ... s'); }) | promises.js:130:26:130:68 | functio ... ns'); } | | promises.js:135:3:137:4 | new Pro ... );\\n }) | promises.js:135:15:137:3 | functio ... a);\\n } | | promises.js:148:10:148:49 | new Pro ... ect){}) | promises.js:148:22:148:48 | functio ... ject){} | +test_PromiseDefinition_getACatchHandler +| flow.js:32:2:32:49 | new Pro ... ource)) | flow.js:32:57:32:68 | x => sink(x) | +| flow.js:48:2:48:36 | new Pro ... urce }) | flow.js:48:44:48:55 | x => sink(x) | +| flow.js:103:2:103:48 | new Pro ... "BLA")) | flow.js:103:56:103:75 | x => {return source} | +| flow.js:111:2:111:48 | new Pro ... "BLA")) | flow.js:111:56:111:68 | x => rejected | +| flow.js:113:2:113:48 | new Pro ... "BLA")) | flow.js:113:56:113:68 | x => rejected | +| flow.js:117:2:117:48 | new Pro ... "BLA")) | flow.js:117:56:117:68 | x => resolved | +| flow.js:119:2:119:48 | new Pro ... "BLA")) | flow.js:119:56:119:68 | x => resolved | +| promises.js:10:18:17:4 | new Pro ... );\\n }) | promises.js:23:18:25:3 | (v) => ... v;\\n } | +test_PromiseDefinition_getARejectHandler +| flow.js:26:2:26:49 | new Pro ... ource)) | flow.js:26:69:26:80 | y => sink(y) | +| flow.js:32:2:32:49 | new Pro ... ource)) | flow.js:32:57:32:68 | x => sink(x) | +| flow.js:42:2:42:49 | new Pro ... ource)) | flow.js:42:67:42:75 | () => { } | +| flow.js:48:2:48:36 | new Pro ... urce }) | flow.js:48:44:48:55 | x => sink(x) | +| flow.js:103:2:103:48 | new Pro ... "BLA")) | flow.js:103:56:103:75 | x => {return source} | +| flow.js:105:2:105:48 | new Pro ... "BLA")) | flow.js:105:58:105:76 | x => {throw source} | +| flow.js:109:2:109:48 | new Pro ... "BLA")) | flow.js:109:58:109:70 | x => rejected | +| flow.js:111:2:111:48 | new Pro ... "BLA")) | flow.js:111:56:111:68 | x => rejected | +| flow.js:113:2:113:48 | new Pro ... "BLA")) | flow.js:113:56:113:68 | x => rejected | +| flow.js:117:2:117:48 | new Pro ... "BLA")) | flow.js:117:56:117:68 | x => resolved | +| flow.js:119:2:119:48 | new Pro ... "BLA")) | flow.js:119:56:119:68 | x => resolved | +| promises.js:10:18:17:4 | new Pro ... );\\n }) | promises.js:20:6:22:3 | (v) => ... v;\\n } | +| promises.js:10:18:17:4 | new Pro ... );\\n }) | promises.js:23:18:25:3 | (v) => ... v;\\n } | +| promises.js:10:18:17:4 | new Pro ... );\\n }) | promises.js:26:20:28:3 | (v) => ... v;\\n } | test_PromiseDefinition_getAFinallyHandler | flow.js:105:2:105:48 | new Pro ... "BLA")) | flow.js:105:58:105:76 | x => {throw source} | | flow.js:109:2:109:48 | new Pro ... "BLA")) | flow.js:109:58:109:70 | x => rejected | | promises.js:10:18:17:4 | new Pro ... );\\n }) | promises.js:26:20:28:3 | (v) => ... v;\\n } | -test_PromiseDefinition -| flow.js:7:11:7:59 | new Pro ... ource)) | -| flow.js:10:11:10:58 | new Pro ... ource)) | -| flow.js:13:11:13:58 | new Pro ... ource)) | -| flow.js:24:2:24:49 | new Pro ... ource)) | -| flow.js:26:2:26:49 | new Pro ... ource)) | -| flow.js:32:2:32:49 | new Pro ... ource)) | -| flow.js:40:2:40:49 | new Pro ... ource)) | -| flow.js:42:2:42:49 | new Pro ... ource)) | -| flow.js:48:2:48:36 | new Pro ... urce }) | -| flow.js:55:11:55:58 | new Pro ... ource)) | -| flow.js:60:12:60:59 | new Pro ... ource)) | -| flow.js:65:9:65:56 | new Pro ... ource)) | -| flow.js:74:10:74:57 | new Pro ... ource)) | -| flow.js:86:23:86:70 | new Pro ... ource)) | -| flow.js:91:21:91:68 | new Pro ... ource)) | -| flow.js:100:34:100:81 | new Pro ... ource)) | -| flow.js:103:2:103:48 | new Pro ... "BLA")) | -| flow.js:105:2:105:48 | new Pro ... "BLA")) | -| flow.js:107:17:107:64 | new Pro ... ource)) | -| flow.js:109:2:109:48 | new Pro ... "BLA")) | -| flow.js:111:2:111:48 | new Pro ... "BLA")) | -| flow.js:113:2:113:48 | new Pro ... "BLA")) | -| flow.js:117:2:117:48 | new Pro ... "BLA")) | -| flow.js:119:2:119:48 | new Pro ... "BLA")) | -| flow.js:129:2:129:52 | new Pro ... olved)) | -| interflow.js:11:12:15:6 | new Pro ... \\n }) | -| promises.js:3:17:5:4 | new Pro ... );\\n }) | -| promises.js:10:18:17:4 | new Pro ... );\\n }) | -| promises.js:33:19:35:6 | new Pro ... \\n }) | -| promises.js:43:19:45:6 | Q.Promi ... \\n }) | -| promises.js:88:17:90:4 | Q.Promi ... );\\n }) | -| promises.js:112:17:112:62 | new RSV ... ct) {}) | -| promises.js:124:19:124:30 | when(source) | -| promises.js:130:14:130:69 | new Pro ... s'); }) | -| promises.js:135:3:137:4 | new Pro ... );\\n }) | -| promises.js:148:10:148:49 | new Pro ... ect){}) | test_PromiseDefinition_getAResolveHandler | flow.js:24:2:24:49 | new Pro ... ource)) | flow.js:24:56:24:67 | x => sink(x) | | flow.js:26:2:26:49 | new Pro ... ource)) | flow.js:26:56:26:66 | x => foo(x) | @@ -224,15 +233,6 @@ test_PromiseDefinition_getResolveParameter | promises.js:130:14:130:69 | new Pro ... s'); }) | promises.js:130:36:130:42 | resolve | | promises.js:135:3:137:4 | new Pro ... );\\n }) | promises.js:135:25:135:31 | resolve | | promises.js:148:10:148:49 | new Pro ... ect){}) | promises.js:148:31:148:37 | resolve | -test_PromiseDefinition_getACatchHandler -| flow.js:32:2:32:49 | new Pro ... ource)) | flow.js:32:57:32:68 | x => sink(x) | -| flow.js:48:2:48:36 | new Pro ... urce }) | flow.js:48:44:48:55 | x => sink(x) | -| flow.js:103:2:103:48 | new Pro ... "BLA")) | flow.js:103:56:103:75 | x => {return source} | -| flow.js:111:2:111:48 | new Pro ... "BLA")) | flow.js:111:56:111:68 | x => rejected | -| flow.js:113:2:113:48 | new Pro ... "BLA")) | flow.js:113:56:113:68 | x => rejected | -| flow.js:117:2:117:48 | new Pro ... "BLA")) | flow.js:117:56:117:68 | x => resolved | -| flow.js:119:2:119:48 | new Pro ... "BLA")) | flow.js:119:56:119:68 | x => resolved | -| promises.js:10:18:17:4 | new Pro ... );\\n }) | promises.js:23:18:25:3 | (v) => ... v;\\n } | flow | flow2.js:2:15:2:22 | "source" | flow2.js:6:8:6:13 | arr[0] | | flow2.js:2:15:2:22 | "source" | flow2.js:12:7:12:13 | tainted | From 2364bd84e06b242fa549a8c59adf3829fa4cb605 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 10:40:11 +0200 Subject: [PATCH 132/223] JS: Fix whitespace in a test (trivial change) --- .../ql/test/library-tests/Promises/flow.js | 48 +++++++++---------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/javascript/ql/test/library-tests/Promises/flow.js b/javascript/ql/test/library-tests/Promises/flow.js index 189e870fceed..52c8f512a1f2 100644 --- a/javascript/ql/test/library-tests/Promises/flow.js +++ b/javascript/ql/test/library-tests/Promises/flow.js @@ -51,7 +51,7 @@ return Promise.resolve(src); } createPromise(source).then(v => sink(v)); // NOT OK! - + var p8 = new Promise((resolve, reject) => reject(source)); var p9 = p8.then(() => {}); var p10 = p9.finally(() => {}); @@ -69,27 +69,27 @@ } catch(e) { sink(e); // NOT OK! } - + function chainedPromise() { return new Promise((resolve, reject) => reject(source)).then(() => {}); } chainedPromise().then(() => {}).catch(e => sink(e)); // NOT OK! - + function leaksResolvedPromise(p) { p.then(x => sink(x)); // NOT OK! } leaksResolvedPromise(Promise.resolve(source)); - + function leaksRejectedPromise(p) { p.catch(e => sink(e)); // NOT OK! } leaksRejectedPromise(new Promise((resolve, reject) => reject(source))); - + function leaksRejectedAgain(p) { ("foo", p).then(() => {}).catch(e => sink(e)); // NOT OK! } leaksRejectedAgain(new Promise((resolve, reject) => reject(source)).then(() => {})); - + async function returnsRejected(p) { try { await p; @@ -99,48 +99,48 @@ } var foo = await returnsRejected(new Promise((resolve, reject) => reject(source))); sink(foo); // NOT OK! - + new Promise((resolve, reject) => reject("BLA")).catch(x => {return source}).then(x => sink(x)); // NOT OK - + new Promise((resolve, reject) => reject("BLA")).finally(x => {throw source}).catch(x => sink(x)); // NOT OK - + var rejected = new Promise((resolve, reject) => reject(source)); - + new Promise((resolve, reject) => reject("BLA")).finally(x => rejected).catch(x => sink(x)); // NOT OK - + new Promise((resolve, reject) => reject("BLA")).catch(x => rejected).then(x => sink(x)) // OK - + new Promise((resolve, reject) => reject("BLA")).catch(x => rejected).catch(x => sink(x)) // NOT OK - + var resolved = Promise.resolve(source); - + new Promise((resolve, reject) => reject("BLA")).catch(x => resolved).catch(x => sink(x)) // OK - + new Promise((resolve, reject) => reject("BLA")).catch(x => resolved).then(x => sink(x)) // NOT OK - + Promise.resolve(123).then(x => resolved).catch(x => sink(x)) // OK - + Promise.resolve(123).then(x => resolved).then(x => sink(x)) // NOT OK - + Promise.resolve(123).then(x => rejected).catch(x => sink(x)) // NOT OK - + Promise.resolve(123).then(x => rejected).then(x => sink(x)) // OK - + new Promise((resolve, reject) => resolve(resolved)).then(x => sink(x)); // NOT OK - + Promise.resolve(resolved).then(x => sink(x)); // NOT OK })(); (async function () { var source = "source"; - + async function async() { return source; } sink(async()); // OK - wrapped in a promise. (NOT OK for taint-tracking configs) sink(await async()); // NOT OK - + async function throwsAsync() { throw source; } @@ -165,4 +165,4 @@ const foo = bluebird.mapSeries(source, x => x); sink(foo); // NOT OK (for taint-tracking configs) -}) \ No newline at end of file +}) From 771519bbc5e7320fb7ea5520cfff9d3e02d1285e Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 10:41:29 +0200 Subject: [PATCH 133/223] JS: Port Routing test --- .../test/library-tests/Routing/test.expected | 2 ++ .../ql/test/library-tests/Routing/test.ql | 26 +++++++++++++++---- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/javascript/ql/test/library-tests/Routing/test.expected b/javascript/ql/test/library-tests/Routing/test.expected index e69de29bb2d1..d65d51bc4177 100644 --- a/javascript/ql/test/library-tests/Routing/test.expected +++ b/javascript/ql/test/library-tests/Routing/test.expected @@ -0,0 +1,2 @@ +legacyDataFlowDifference +consistencyIssue diff --git a/javascript/ql/test/library-tests/Routing/test.ql b/javascript/ql/test/library-tests/Routing/test.ql index b427f710894a..6a97d040bb9b 100644 --- a/javascript/ql/test/library-tests/Routing/test.ql +++ b/javascript/ql/test/library-tests/Routing/test.ql @@ -3,18 +3,34 @@ import testUtilities.ConsistencyChecking API::Node testInstance() { result = API::moduleImport("@example/test").getInstance() } -class Taint extends TaintTracking::Configuration { - Taint() { this = "Taint" } - - override predicate isSource(DataFlow::Node node) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.(DataFlow::CallNode).getCalleeName() = "source" or node = testInstance().getMember("getSource").getReturn().asSource() } - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() or node = testInstance().getMember("getSink").getAParameter().asSink() } } + +module TestFlow = TaintTracking::Global; + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff From e5946bf43bc33df242d55b0c3339c557c9fd2aeb Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 10:43:07 +0200 Subject: [PATCH 134/223] JS: Port HeuristicSource test --- .../heuristics/HeuristicSource.expected | 2 ++ .../Security/heuristics/HeuristicSource.ql | 26 +++++++++++++++---- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected index e69de29bb2d1..d65d51bc4177 100644 --- a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected +++ b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected @@ -0,0 +1,2 @@ +legacyDataFlowDifference +consistencyIssue diff --git a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql index 72d94707e6bf..44258ecb6ffe 100644 --- a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql +++ b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql @@ -2,12 +2,28 @@ import javascript private import semmle.javascript.heuristics.AdditionalSources import testUtilities.ConsistencyChecking -class Taint extends TaintTracking::Configuration { - Taint() { this = "Taint" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof HeuristicSource } - override predicate isSource(DataFlow::Node node) { node instanceof HeuristicSource } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } + +module TestFlow = TaintTracking::Global; + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff From 6c9f4a10acb7dfaedf76f34203513cd15923d88c Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 10:45:57 +0200 Subject: [PATCH 135/223] JS: Port TaintBarriers test --- .../TaintBarriers/ExampleConfiguration.qll | 37 ++++++++++++++----- .../TaintBarriers/tests.expected | 1 + .../test/library-tests/TaintBarriers/tests.ql | 4 +- 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll b/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll index 50ac0fbfd241..56217573da81 100644 --- a/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll +++ b/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll @@ -6,16 +6,14 @@ StringOps::ConcatenationRoot sinkConcatenation() { result.getConstantStringParts().matches("%") } -class ExampleConfiguration extends TaintTracking::Configuration { - ExampleConfiguration() { this = "ExampleConfiguration" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(CallExpr).getCalleeName() = "SOURCE" or source = sourceVariable() } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SINK" and DataFlow::valueNode(callExpr.getArgument(0)) = sink @@ -24,19 +22,40 @@ class ExampleConfiguration extends TaintTracking::Configuration { sink = sinkConcatenation() } - override predicate isSanitizerIn(DataFlow::Node node) { node = sourceVariable() } + predicate isBarrierIn(DataFlow::Node node) { node = sourceVariable() } - override predicate isSanitizerOut(DataFlow::Node node) { node = sinkConcatenation() } + predicate isBarrierOut(DataFlow::Node node) { node = sinkConcatenation() } - override predicate isSanitizer(DataFlow::Node node) { + additional predicate isBarrier1(DataFlow::Node node) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SANITIZE" and DataFlow::valueNode(callExpr.getArgument(0)) = node ) } + predicate isBarrier(DataFlow::Node node) { + isBarrier1(node) + or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() + } +} + +module TestFlow = TaintTracking::Global; + +class ExampleConfiguration extends TaintTracking::Configuration { + ExampleConfiguration() { this = "ExampleConfiguration" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } + + override predicate isSanitizerIn(DataFlow::Node node) { TestConfig::isBarrierIn(node) } + + override predicate isSanitizerOut(DataFlow::Node node) { TestConfig::isBarrierOut(node) } + + override predicate isSanitizer(DataFlow::Node node) { TestConfig::isBarrier1(node) } + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - // add additional generic sanitizers guard instanceof TaintTracking::AdHocWhitelistCheckSanitizer } } diff --git a/javascript/ql/test/library-tests/TaintBarriers/tests.expected b/javascript/ql/test/library-tests/TaintBarriers/tests.expected index 4417a918423c..32731bbcb7a7 100644 --- a/javascript/ql/test/library-tests/TaintBarriers/tests.expected +++ b/javascript/ql/test/library-tests/TaintBarriers/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference isBarrier isLabeledBarrier | ExampleConfiguration | tst.js:6:14:6:14 | v | taint | diff --git a/javascript/ql/test/library-tests/TaintBarriers/tests.ql b/javascript/ql/test/library-tests/TaintBarriers/tests.ql index d63d67cf6b1e..0feeae23a64d 100644 --- a/javascript/ql/test/library-tests/TaintBarriers/tests.ql +++ b/javascript/ql/test/library-tests/TaintBarriers/tests.ql @@ -16,5 +16,7 @@ query predicate sanitizingGuard(TaintTracking::SanitizerGuardNode g, Expr e, boo } query predicate taintedSink(DataFlow::Node source, DataFlow::Node sink) { - exists(ExampleConfiguration cfg | cfg.hasFlow(source, sink)) + TestFlow::flow(source, sink) } + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff From b8a0afbb9fc9867b0efdd44d8c14fb0962c05016 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 11:00:19 +0200 Subject: [PATCH 136/223] JS: Make overriding ConsistencyChecking.getATestFile() optional --- javascript/ql/test/testUtilities/ConsistencyChecking.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/test/testUtilities/ConsistencyChecking.qll b/javascript/ql/test/testUtilities/ConsistencyChecking.qll index 3c30f8accb2a..94979bcaab02 100644 --- a/javascript/ql/test/testUtilities/ConsistencyChecking.qll +++ b/javascript/ql/test/testUtilities/ConsistencyChecking.qll @@ -129,7 +129,7 @@ private predicate falseNegative(File file, int line, AssertionComment comment, C private File getATestFile(string conf) { not exists(any(ConsistencyConfiguration res).getAFile()) and result = any(LineComment comment).getFile() and - conf = "" + (conf = "" or conf instanceof ConsistencyConfiguration) or result = conf.(ConsistencyConfiguration).getAFile() } From 32eddd3c07eccaefd261ba0ae751a354349a54b3 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 13:52:12 +0200 Subject: [PATCH 137/223] JS: Update ReactJS test output --- .../test/library-tests/frameworks/ReactJS/tests.expected | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected b/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected index e05a8445cfad..0cbe3b58ac21 100644 --- a/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected @@ -89,6 +89,7 @@ test_ReactComponent_ref | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | es5.js:19:11:19:10 | this | | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | es5.js:20:24:20:27 | this | +| es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:1:37:1:36 | implicit 'this' argument of super(...args) | | es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:1:37:1:36 | this | | es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:2:9:2:8 | this | | es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:3:24:3:27 | this | @@ -99,24 +100,31 @@ test_ReactComponent_ref | es6.js:14:1:20:1 | class H ... }\\n} | es6.js:18:9:18:12 | this | | exportedComponent.jsx:1:8:3:1 | functio ... r}}/>\\n} | exportedComponent.jsx:1:8:1:7 | this | | importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | importedComponent.jsx:3:8:3:7 | this | +| namedImport.js:3:1:3:28 | class C ... nent {} | namedImport.js:3:27:3:26 | implicit 'this' argument of super(...args) | | namedImport.js:3:1:3:28 | class C ... nent {} | namedImport.js:3:27:3:26 | this | +| namedImport.js:5:1:5:20 | class D extends C {} | namedImport.js:5:19:5:18 | implicit 'this' argument of super(...args) | | namedImport.js:5:1:5:20 | class D extends C {} | namedImport.js:5:19:5:18 | this | | plainfn.js:1:1:3:1 | functio ... div>;\\n} | plainfn.js:1:1:1:0 | this | | plainfn.js:5:1:7:1 | functio ... iv");\\n} | plainfn.js:5:1:5:0 | this | | plainfn.js:9:1:12:1 | functio ... rn x;\\n} | plainfn.js:9:1:9:0 | this | | plainfn.js:20:1:24:1 | functio ... n 42;\\n} | plainfn.js:20:1:20:0 | this | +| preact.js:1:1:7:1 | class H ... }\\n} | preact.js:1:38:1:37 | implicit 'this' argument of super(...args) | | preact.js:1:1:7:1 | class H ... }\\n} | preact.js:1:38:1:37 | this | | preact.js:1:1:7:1 | class H ... }\\n} | preact.js:2:11:2:10 | this | +| preact.js:9:1:11:1 | class H ... nt {\\n\\n} | preact.js:9:38:9:37 | implicit 'this' argument of super(...args) | | preact.js:9:1:11:1 | class H ... nt {\\n\\n} | preact.js:9:38:9:37 | this | +| probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:1:31:1:30 | implicit 'this' argument of super(...args) | | probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:1:31:1:30 | this | | probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:2:11:2:10 | this | | probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:3:9:3:12 | this | +| props.js:2:5:3:5 | class C ... {\\n } | props.js:2:37:2:36 | implicit 'this' argument of super(...args) | | props.js:2:5:3:5 | class C ... {\\n } | props.js:2:37:2:36 | this | | props.js:2:5:3:5 | class C ... {\\n } | props.js:9:5:9:55 | new C({ ... ctor"}) | | props.js:13:31:17:5 | {\\n ... }\\n } | props.js:13:31:17:5 | {\\n ... }\\n } | | props.js:13:31:17:5 | {\\n ... }\\n } | props.js:14:24:14:23 | this | | props.js:26:5:28:5 | functio ... ;\\n } | props.js:26:5:26:4 | this | | props.js:26:5:28:5 | functio ... ;\\n } | props.js:34:5:34:55 | new C({ ... ctor"}) | +| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:1:33:1:32 | implicit 'this' argument of super(...args) | | rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:1:33:1:32 | this | | rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:2:36:2:35 | this | | rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:5:26:5:25 | this | From b304fb4337f433d7c1365139920e1087011f4131 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 13:52:30 +0200 Subject: [PATCH 138/223] JS: Reorder result sets in ReactJS test output --- .../frameworks/ReactJS/tests.expected | 250 +++++++++--------- 1 file changed, 125 insertions(+), 125 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected b/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected index 0cbe3b58ac21..e3b226f74f90 100644 --- a/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected @@ -1,43 +1,3 @@ -test_getADirectStateAccess -| es6.js:14:1:20:1 | class H ... }\\n} | es6.js:16:9:16:18 | this.state | -| es6.js:14:1:20:1 | class H ... }\\n} | es6.js:17:9:17:18 | this.state | -| es6.js:14:1:20:1 | class H ... }\\n} | es6.js:18:9:18:18 | this.state | -| preact.js:1:1:7:1 | class H ... }\\n} | preact.js:2:19:2:23 | state | -| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | statePropertyReads.js:3:9:3:18 | this.state | -| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | statePropertyReads.js:5:9:5:18 | this.state | -| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:4:9:4:17 | cmp.state | -| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:6:9:6:17 | cmp.state | -| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:10:9:10:17 | cmp.state | -| thisAccesses.js:47:1:52:1 | class C ... }\\n} | thisAccesses.js:49:9:49:18 | this.state | -| thisAccesses.js:47:1:52:1 | class C ... }\\n} | thisAccesses.js:50:9:50:18 | this.state | -test_ReactComponent_getInstanceMethod -| es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | getDefaultProps | es5.js:6:20:10:3 | functio ... };\\n } | -| es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | render | es5.js:3:11:5:3 | functio ... v>;\\n } | -| es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | render | es5.js:19:11:21:3 | functio ... 1>;\\n } | -| es6.js:1:1:8:1 | class H ... ;\\n }\\n} | render | es6.js:2:9:4:3 | () {\\n ... v>;\\n } | -| exportedComponent.jsx:1:8:3:1 | functio ... r}}/>\\n} | render | exportedComponent.jsx:1:8:3:1 | functio ... r}}/>\\n} | -| importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | render | importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | -| plainfn.js:1:1:3:1 | functio ... div>;\\n} | render | plainfn.js:1:1:3:1 | functio ... div>;\\n} | -| plainfn.js:5:1:7:1 | functio ... iv");\\n} | render | plainfn.js:5:1:7:1 | functio ... iv");\\n} | -| plainfn.js:9:1:12:1 | functio ... rn x;\\n} | render | plainfn.js:9:1:12:1 | functio ... rn x;\\n} | -| plainfn.js:20:1:24:1 | functio ... n 42;\\n} | render | plainfn.js:20:1:24:1 | functio ... n 42;\\n} | -| preact.js:1:1:7:1 | class H ... }\\n} | render | preact.js:2:11:6:5 | (props, ... ;\\n } | -| probably-a-component.js:1:1:6:1 | class H ... }\\n} | render | probably-a-component.js:2:11:5:5 | () {\\n ... ;\\n } | -| props.js:13:31:17:5 | {\\n ... }\\n } | getDefaultProps | props.js:14:24:16:9 | () {\\n ... } | -| props.js:26:5:28:5 | functio ... ;\\n } | render | props.js:26:5:28:5 | functio ... ;\\n } | -| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | getSnapshotBeforeUpdate | rare-lifecycle-methods.js:8:28:10:5 | (prevPr ... ;\\n } | -| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | shouldComponentUpdate | rare-lifecycle-methods.js:5:26:7:5 | (nextPr ... ;\\n } | -| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | componentDidUpdate | statePropertyReads.js:10:23:12:5 | (prevPr ... ;\\n } | -| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | getInitialState | statePropertyWrites.js:25:20:29:5 | () { // ... ;\\n } | -| statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | getInitialState | statePropertyWrites.js:40:20:44:3 | functio ... };\\n } | -| statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | render | statePropertyWrites.js:37:11:39:3 | functio ... v>;\\n } | -| thisAccesses.js:1:1:16:1 | class C ... }\\n} | someInstanceMethod | thisAccesses.js:13:23:15:5 | () {\\n ... ;\\n } | -| thisAccesses.js:18:19:29:1 | {\\n r ... }\\n} | render | thisAccesses.js:19:13:24:5 | functio ... ;\\n } | -| thisAccesses.js:18:19:29:1 | {\\n r ... }\\n} | someInstanceMethod | thisAccesses.js:26:25:28:5 | functio ... ;\\n } | -| thisAccesses.js:31:2:36:1 | functio ... iv/>;\\n} | render | thisAccesses.js:31:2:36:1 | functio ... iv/>;\\n} | -| thisAccesses.js:38:19:45:1 | {\\n r ... },\\n} | render | thisAccesses.js:39:13:44:5 | functio ... ;\\n } | -| thisAccesses.js:54:1:63:1 | class C ... }\\n} | render | thisAccesses.js:59:11:62:5 | () {\\n ... ;\\n } | -| thisAccesses_importedMappers.js:4:19:15:1 | {\\n r ... },\\n} | render | thisAccesses_importedMappers.js:5:13:14:5 | functio ... ;\\n } | test_react | es5.js:1:13:1:17 | React | | es6.js:1:21:1:25 | React | @@ -76,11 +36,62 @@ test_react | thisAccesses_importedMappers.js:1:8:1:12 | React | | thisAccesses_importedMappers.js:4:1:4:5 | React | | thisAccesses_importedMappers.js:6:9:6:13 | React | -test_ReactComponent_getAPreviousStateSource -| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:2:44:2:48 | state | -| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:8:40:8:48 | prevState | -| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | statePropertyReads.js:7:24:7:32 | prevState | -| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | statePropertyReads.js:10:35:10:43 | prevState | +test_JSXname +| es5.js:4:12:4:45 |
He ... }
| es5.js:4:13:4:15 | div | div | Identifier | +| es5.js:20:12:20:44 |

Hel ... e}

| es5.js:20:13:20:14 | h1 | h1 | Identifier | +| es6.js:3:12:3:45 |
He ... }
| es6.js:3:13:3:15 | div | div | Identifier | +| exportedComponent.jsx:2:12:2:46 |
| exportedComponent.jsx:2:13:2:15 | div | div | Identifier | +| importedComponent.jsx:4:12:4:39 | | importedComponent.jsx:4:13:4:23 | MyComponent | MyComponent | Identifier | +| plainfn.js:2:10:2:38 |
He ... }
| plainfn.js:2:11:2:13 | div | div | Identifier | +| preact.js:5:16:5:21 |
| preact.js:5:17:5:19 | div | div | Identifier | +| probably-a-component.js:4:16:4:21 |
| probably-a-component.js:4:17:4:19 | div | div | Identifier | +| props.js:7:6:7:37 | | props.js:7:7:7:7 | C | C | Identifier | +| props.js:19:6:19:37 | | props.js:19:7:19:7 | C | C | Identifier | +| props.js:27:16:27:21 |
| props.js:27:17:27:19 | div | div | Identifier | +| props.js:32:6:32:37 | | props.js:32:7:32:7 | C | C | Identifier | +| statePropertyWrites.js:38:12:38:45 |
He ... }
| statePropertyWrites.js:38:13:38:15 | div | div | Identifier | +| thisAccesses.js:23:16:23:21 |
| thisAccesses.js:23:17:23:19 | div | div | Identifier | +| thisAccesses.js:35:12:35:17 |
| thisAccesses.js:35:13:35:15 | div | div | Identifier | +| thisAccesses.js:43:16:43:21 |
| thisAccesses.js:43:17:43:19 | div | div | Identifier | +| thisAccesses.js:60:19:60:41 | | thisAccesses.js:60:20:60:28 | this.name | this.name | dot | +| thisAccesses.js:61:19:61:41 | | thisAccesses.js:61:20:61:28 | this.this | this.this | dot | +| thisAccesses_importedMappers.js:13:16:13:21 |
| thisAccesses_importedMappers.js:13:17:13:19 | div | div | Identifier | +| use-react-router.jsx:5:17:5:87 | | use-react-router.jsx:5:18:5:23 | Router | Router | Identifier | +| use-react-router.jsx:5:25:5:78 | ... /Route> | use-react-router.jsx:5:26:5:30 | Route | Route | Identifier | +| use-react-router.jsx:5:32:5:70 | | use-react-router.jsx:5:33:5:49 | ImportedComponent | ImportedComponent | Identifier | +| useHigherOrderComponent.jsx:5:12:5:39 | | useHigherOrderComponent.jsx:5:13:5:25 | SomeComponent | SomeComponent | Identifier | +| useHigherOrderComponent.jsx:11:12:11:46 | | useHigherOrderComponent.jsx:11:13:11:31 | LazyLoadedComponent | LazyLoadedComponent | Identifier | +| useHigherOrderComponent.jsx:17:12:17:48 | | useHigherOrderComponent.jsx:17:13:17:32 | LazyLoadedComponent2 | LazyLoadedComponent2 | Identifier | +test_ReactComponent +| es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | +| es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | +| es6.js:1:1:8:1 | class H ... ;\\n }\\n} | +| es6.js:14:1:20:1 | class H ... }\\n} | +| exportedComponent.jsx:1:8:3:1 | functio ... r}}/>\\n} | +| importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | +| namedImport.js:3:1:3:28 | class C ... nent {} | +| namedImport.js:5:1:5:20 | class D extends C {} | +| plainfn.js:1:1:3:1 | functio ... div>;\\n} | +| plainfn.js:5:1:7:1 | functio ... iv");\\n} | +| plainfn.js:9:1:12:1 | functio ... rn x;\\n} | +| plainfn.js:20:1:24:1 | functio ... n 42;\\n} | +| preact.js:1:1:7:1 | class H ... }\\n} | +| preact.js:9:1:11:1 | class H ... nt {\\n\\n} | +| probably-a-component.js:1:1:6:1 | class H ... }\\n} | +| props.js:2:5:3:5 | class C ... {\\n } | +| props.js:13:31:17:5 | {\\n ... }\\n } | +| props.js:26:5:28:5 | functio ... ;\\n } | +| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | +| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | +| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | +| statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | +| thisAccesses.js:1:1:16:1 | class C ... }\\n} | +| thisAccesses.js:18:19:29:1 | {\\n r ... }\\n} | +| thisAccesses.js:31:2:36:1 | functio ... iv/>;\\n} | +| thisAccesses.js:38:19:45:1 | {\\n r ... },\\n} | +| thisAccesses.js:47:1:52:1 | class C ... }\\n} | +| thisAccesses.js:54:1:63:1 | class C ... }\\n} | +| thisAccesses_importedMappers.js:4:19:15:1 | {\\n r ... },\\n} | test_ReactComponent_ref | es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | | es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | es5.js:3:11:3:10 | this | @@ -189,19 +200,57 @@ test_ReactComponent_ref | thisAccesses_importedMappers.js:4:19:15:1 | {\\n r ... },\\n} | thisAccesses_importedMappers.js:9:25:9:24 | this | | thisAccesses_importedMappers.js:4:19:15:1 | {\\n r ... },\\n} | thisAccesses_importedMappers.js:10:13:10:16 | this | | thisAccesses_importedMappers.js:4:19:15:1 | {\\n r ... },\\n} | thisAccesses_importedMappers.js:11:12:11:15 | this | -test_ReactComponent_getACandidateStateSource -| es6.js:14:1:20:1 | class H ... }\\n} | es6.js:18:22:18:31 | { baz: 42} | -| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:3:16:3:17 | {} | -| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:5:38:5:46 | nextState | -| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | statePropertyReads.js:7:45:7:56 | prevState.p3 | -| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:8:18:8:19 | {} | -| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:12:18:12:19 | {} | -| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:16:18:16:19 | {} | -| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:20:18:20:19 | {} | -| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:31:13:33:5 | {\\n ... 2\\n } | -| statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | statePropertyWrites.js:41:12:43:5 | {\\n p8: 42\\n } | -| thisAccesses.js:47:1:52:1 | class C ... }\\n} | thisAccesses.js:48:18:48:18 | y | -| thisAccesses.js:47:1:52:1 | class C ... }\\n} | thisAccesses.js:49:22:49:22 | x | +test_getADirectStateAccess +| es6.js:14:1:20:1 | class H ... }\\n} | es6.js:16:9:16:18 | this.state | +| es6.js:14:1:20:1 | class H ... }\\n} | es6.js:17:9:17:18 | this.state | +| es6.js:14:1:20:1 | class H ... }\\n} | es6.js:18:9:18:18 | this.state | +| preact.js:1:1:7:1 | class H ... }\\n} | preact.js:2:19:2:23 | state | +| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | statePropertyReads.js:3:9:3:18 | this.state | +| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | statePropertyReads.js:5:9:5:18 | this.state | +| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:4:9:4:17 | cmp.state | +| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:6:9:6:17 | cmp.state | +| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:10:9:10:17 | cmp.state | +| thisAccesses.js:47:1:52:1 | class C ... }\\n} | thisAccesses.js:49:9:49:18 | this.state | +| thisAccesses.js:47:1:52:1 | class C ... }\\n} | thisAccesses.js:50:9:50:18 | this.state | +test_ReactComponent_getAPropRead +| es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | name | es5.js:4:24:4:38 | this.props.name | +| es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | name | es5.js:20:24:20:38 | this.props.name | +| es6.js:1:1:8:1 | class H ... ;\\n }\\n} | name | es6.js:3:24:3:38 | this.props.name | +| exportedComponent.jsx:1:8:3:1 | functio ... r}}/>\\n} | color | exportedComponent.jsx:2:32:2:42 | props.color | +| importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | color | importedComponent.jsx:3:25:3:29 | color | +| importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | location | importedComponent.jsx:3:32:3:39 | location | +| plainfn.js:1:1:3:1 | functio ... div>;\\n} | name | plainfn.js:2:22:2:31 | props.name | +| preact.js:1:1:7:1 | class H ... }\\n} | name | preact.js:3:9:3:18 | props.name | +| probably-a-component.js:1:1:6:1 | class H ... }\\n} | name | probably-a-component.js:3:9:3:23 | this.props.name | +| statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | name | statePropertyWrites.js:38:24:38:38 | this.props.name | +test_ReactComponent_getInstanceMethod +| es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | getDefaultProps | es5.js:6:20:10:3 | functio ... };\\n } | +| es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | render | es5.js:3:11:5:3 | functio ... v>;\\n } | +| es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | render | es5.js:19:11:21:3 | functio ... 1>;\\n } | +| es6.js:1:1:8:1 | class H ... ;\\n }\\n} | render | es6.js:2:9:4:3 | () {\\n ... v>;\\n } | +| exportedComponent.jsx:1:8:3:1 | functio ... r}}/>\\n} | render | exportedComponent.jsx:1:8:3:1 | functio ... r}}/>\\n} | +| importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | render | importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | +| plainfn.js:1:1:3:1 | functio ... div>;\\n} | render | plainfn.js:1:1:3:1 | functio ... div>;\\n} | +| plainfn.js:5:1:7:1 | functio ... iv");\\n} | render | plainfn.js:5:1:7:1 | functio ... iv");\\n} | +| plainfn.js:9:1:12:1 | functio ... rn x;\\n} | render | plainfn.js:9:1:12:1 | functio ... rn x;\\n} | +| plainfn.js:20:1:24:1 | functio ... n 42;\\n} | render | plainfn.js:20:1:24:1 | functio ... n 42;\\n} | +| preact.js:1:1:7:1 | class H ... }\\n} | render | preact.js:2:11:6:5 | (props, ... ;\\n } | +| probably-a-component.js:1:1:6:1 | class H ... }\\n} | render | probably-a-component.js:2:11:5:5 | () {\\n ... ;\\n } | +| props.js:13:31:17:5 | {\\n ... }\\n } | getDefaultProps | props.js:14:24:16:9 | () {\\n ... } | +| props.js:26:5:28:5 | functio ... ;\\n } | render | props.js:26:5:28:5 | functio ... ;\\n } | +| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | getSnapshotBeforeUpdate | rare-lifecycle-methods.js:8:28:10:5 | (prevPr ... ;\\n } | +| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | shouldComponentUpdate | rare-lifecycle-methods.js:5:26:7:5 | (nextPr ... ;\\n } | +| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | componentDidUpdate | statePropertyReads.js:10:23:12:5 | (prevPr ... ;\\n } | +| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | getInitialState | statePropertyWrites.js:25:20:29:5 | () { // ... ;\\n } | +| statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | getInitialState | statePropertyWrites.js:40:20:44:3 | functio ... };\\n } | +| statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | render | statePropertyWrites.js:37:11:39:3 | functio ... v>;\\n } | +| thisAccesses.js:1:1:16:1 | class C ... }\\n} | someInstanceMethod | thisAccesses.js:13:23:15:5 | () {\\n ... ;\\n } | +| thisAccesses.js:18:19:29:1 | {\\n r ... }\\n} | render | thisAccesses.js:19:13:24:5 | functio ... ;\\n } | +| thisAccesses.js:18:19:29:1 | {\\n r ... }\\n} | someInstanceMethod | thisAccesses.js:26:25:28:5 | functio ... ;\\n } | +| thisAccesses.js:31:2:36:1 | functio ... iv/>;\\n} | render | thisAccesses.js:31:2:36:1 | functio ... iv/>;\\n} | +| thisAccesses.js:38:19:45:1 | {\\n r ... },\\n} | render | thisAccesses.js:39:13:44:5 | functio ... ;\\n } | +| thisAccesses.js:54:1:63:1 | class C ... }\\n} | render | thisAccesses.js:59:11:62:5 | () {\\n ... ;\\n } | +| thisAccesses_importedMappers.js:4:19:15:1 | {\\n r ... },\\n} | render | thisAccesses_importedMappers.js:5:13:14:5 | functio ... ;\\n } | test_ReactComponent_getADirectPropsSource | es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | es5.js:4:24:4:33 | this.props | | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | es5.js:20:24:20:33 | this.props | @@ -241,73 +290,24 @@ test_ReactComponent_getACandidatePropsValue | useHigherOrderComponent.jsx:5:33:5:37 | "red" | | useHigherOrderComponent.jsx:11:39:11:44 | "lazy" | | useHigherOrderComponent.jsx:17:40:17:46 | "lazy2" | -test_ReactComponent -| es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | -| es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | -| es6.js:1:1:8:1 | class H ... ;\\n }\\n} | -| es6.js:14:1:20:1 | class H ... }\\n} | -| exportedComponent.jsx:1:8:3:1 | functio ... r}}/>\\n} | -| importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | -| namedImport.js:3:1:3:28 | class C ... nent {} | -| namedImport.js:5:1:5:20 | class D extends C {} | -| plainfn.js:1:1:3:1 | functio ... div>;\\n} | -| plainfn.js:5:1:7:1 | functio ... iv");\\n} | -| plainfn.js:9:1:12:1 | functio ... rn x;\\n} | -| plainfn.js:20:1:24:1 | functio ... n 42;\\n} | -| preact.js:1:1:7:1 | class H ... }\\n} | -| preact.js:9:1:11:1 | class H ... nt {\\n\\n} | -| probably-a-component.js:1:1:6:1 | class H ... }\\n} | -| props.js:2:5:3:5 | class C ... {\\n } | -| props.js:13:31:17:5 | {\\n ... }\\n } | -| props.js:26:5:28:5 | functio ... ;\\n } | -| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | -| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | -| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | -| statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | -| thisAccesses.js:1:1:16:1 | class C ... }\\n} | -| thisAccesses.js:18:19:29:1 | {\\n r ... }\\n} | -| thisAccesses.js:31:2:36:1 | functio ... iv/>;\\n} | -| thisAccesses.js:38:19:45:1 | {\\n r ... },\\n} | -| thisAccesses.js:47:1:52:1 | class C ... }\\n} | -| thisAccesses.js:54:1:63:1 | class C ... }\\n} | -| thisAccesses_importedMappers.js:4:19:15:1 | {\\n r ... },\\n} | -test_ReactComponent_getAPropRead -| es5.js:1:31:11:1 | {\\n dis ... ;\\n }\\n} | name | es5.js:4:24:4:38 | this.props.name | -| es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | name | es5.js:20:24:20:38 | this.props.name | -| es6.js:1:1:8:1 | class H ... ;\\n }\\n} | name | es6.js:3:24:3:38 | this.props.name | -| exportedComponent.jsx:1:8:3:1 | functio ... r}}/>\\n} | color | exportedComponent.jsx:2:32:2:42 | props.color | -| importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | color | importedComponent.jsx:3:25:3:29 | color | -| importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | location | importedComponent.jsx:3:32:3:39 | location | -| plainfn.js:1:1:3:1 | functio ... div>;\\n} | name | plainfn.js:2:22:2:31 | props.name | -| preact.js:1:1:7:1 | class H ... }\\n} | name | preact.js:3:9:3:18 | props.name | -| probably-a-component.js:1:1:6:1 | class H ... }\\n} | name | probably-a-component.js:3:9:3:23 | this.props.name | -| statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | name | statePropertyWrites.js:38:24:38:38 | this.props.name | -test_JSXname -| es5.js:4:12:4:45 |
He ... }
| es5.js:4:13:4:15 | div | div | Identifier | -| es5.js:20:12:20:44 |

Hel ... e}

| es5.js:20:13:20:14 | h1 | h1 | Identifier | -| es6.js:3:12:3:45 |
He ... }
| es6.js:3:13:3:15 | div | div | Identifier | -| exportedComponent.jsx:2:12:2:46 |
| exportedComponent.jsx:2:13:2:15 | div | div | Identifier | -| importedComponent.jsx:4:12:4:39 | | importedComponent.jsx:4:13:4:23 | MyComponent | MyComponent | Identifier | -| plainfn.js:2:10:2:38 |
He ... }
| plainfn.js:2:11:2:13 | div | div | Identifier | -| preact.js:5:16:5:21 |
| preact.js:5:17:5:19 | div | div | Identifier | -| probably-a-component.js:4:16:4:21 |
| probably-a-component.js:4:17:4:19 | div | div | Identifier | -| props.js:7:6:7:37 | | props.js:7:7:7:7 | C | C | Identifier | -| props.js:19:6:19:37 | | props.js:19:7:19:7 | C | C | Identifier | -| props.js:27:16:27:21 |
| props.js:27:17:27:19 | div | div | Identifier | -| props.js:32:6:32:37 | | props.js:32:7:32:7 | C | C | Identifier | -| statePropertyWrites.js:38:12:38:45 |
He ... }
| statePropertyWrites.js:38:13:38:15 | div | div | Identifier | -| thisAccesses.js:23:16:23:21 |
| thisAccesses.js:23:17:23:19 | div | div | Identifier | -| thisAccesses.js:35:12:35:17 |
| thisAccesses.js:35:13:35:15 | div | div | Identifier | -| thisAccesses.js:43:16:43:21 |
| thisAccesses.js:43:17:43:19 | div | div | Identifier | -| thisAccesses.js:60:19:60:41 | | thisAccesses.js:60:20:60:28 | this.name | this.name | dot | -| thisAccesses.js:61:19:61:41 | | thisAccesses.js:61:20:61:28 | this.this | this.this | dot | -| thisAccesses_importedMappers.js:13:16:13:21 |
| thisAccesses_importedMappers.js:13:17:13:19 | div | div | Identifier | -| use-react-router.jsx:5:17:5:87 | | use-react-router.jsx:5:18:5:23 | Router | Router | Identifier | -| use-react-router.jsx:5:25:5:78 | ... /Route> | use-react-router.jsx:5:26:5:30 | Route | Route | Identifier | -| use-react-router.jsx:5:32:5:70 | | use-react-router.jsx:5:33:5:49 | ImportedComponent | ImportedComponent | Identifier | -| useHigherOrderComponent.jsx:5:12:5:39 | | useHigherOrderComponent.jsx:5:13:5:25 | SomeComponent | SomeComponent | Identifier | -| useHigherOrderComponent.jsx:11:12:11:46 | | useHigherOrderComponent.jsx:11:13:11:31 | LazyLoadedComponent | LazyLoadedComponent | Identifier | -| useHigherOrderComponent.jsx:17:12:17:48 | | useHigherOrderComponent.jsx:17:13:17:32 | LazyLoadedComponent2 | LazyLoadedComponent2 | Identifier | +test_ReactComponent_getAPreviousStateSource +| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:2:44:2:48 | state | +| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:8:40:8:48 | prevState | +| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | statePropertyReads.js:7:24:7:32 | prevState | +| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | statePropertyReads.js:10:35:10:43 | prevState | +test_ReactComponent_getACandidateStateSource +| es6.js:14:1:20:1 | class H ... }\\n} | es6.js:18:22:18:31 | { baz: 42} | +| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:3:16:3:17 | {} | +| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:5:38:5:46 | nextState | +| statePropertyReads.js:1:1:13:1 | class R ... }\\n} | statePropertyReads.js:7:45:7:56 | prevState.p3 | +| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:8:18:8:19 | {} | +| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:12:18:12:19 | {} | +| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:16:18:16:19 | {} | +| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:20:18:20:19 | {} | +| statePropertyWrites.js:1:1:34:1 | class W ... };\\n} | statePropertyWrites.js:31:13:33:5 | {\\n ... 2\\n } | +| statePropertyWrites.js:36:19:45:1 | {\\n ren ... ;\\n }\\n} | statePropertyWrites.js:41:12:43:5 | {\\n p8: 42\\n } | +| thisAccesses.js:47:1:52:1 | class C ... }\\n} | thisAccesses.js:48:18:48:18 | y | +| thisAccesses.js:47:1:52:1 | class C ... }\\n} | thisAccesses.js:49:22:49:22 | x | test_JsxName_this | es5.js:4:12:4:45 |
He ... }
| es5.js:4:24:4:27 | this | | es5.js:20:12:20:44 |

Hel ... e}

| es5.js:20:24:20:27 | this | From c2f66c0f9317effedd429115e66029dd6c5150ab Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 13:55:24 +0200 Subject: [PATCH 139/223] JS: Update Restify2 test --- .../library-tests/frameworks/Restify2/tests.ql | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql b/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql index e385b5584586..720f35ba21d5 100644 --- a/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql @@ -57,9 +57,7 @@ query predicate passingPositiveTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) @@ -107,9 +105,7 @@ query predicate failingPositiveTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -157,9 +153,7 @@ query predicate passingNegativeTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -207,9 +201,7 @@ query predicate failingNegativeTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) From 75c915b2a3cfca5b833b91942404c1b4a216fe5b Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 14:41:07 +0200 Subject: [PATCH 140/223] JS: Update Spife test --- .../test/library-tests/frameworks/Spife/tests.ql | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/Spife/tests.ql b/javascript/ql/test/library-tests/frameworks/Spife/tests.ql index ef785a2860be..2ea6fc4bd4c3 100644 --- a/javascript/ql/test/library-tests/frameworks/Spife/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Spife/tests.ql @@ -63,9 +63,7 @@ query predicate passingPositiveTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) @@ -119,9 +117,7 @@ query predicate failingPositiveTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -175,9 +171,7 @@ query predicate passingNegativeTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -231,9 +225,7 @@ query predicate failingNegativeTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) From b5ad36686ef5fba19d4772807ef9013c10ad61ea Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 15:00:08 +0200 Subject: [PATCH 141/223] JS: Block flow into window.location --- .../javascript/dataflow/internal/DataFlowPrivate.qll | 8 ++++++++ .../test/library-tests/InterProceduralFlow/global.js | 10 +++++----- .../test/library-tests/InterProceduralFlow/global2.js | 2 +- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 0c269a7f1525..223a0ff15503 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -846,6 +846,14 @@ predicate clearsContent(Node n, ContentSet c) { // We implement this rule by clearing any captured-content before storing into another captured-content. VariableCaptureOutput::storeStep(getClosureNode(n), _, _) and c = MkAnyCapturedContent() + or + // Block flow into the "window.location" property, as any assignment/mutation to this causes a page load and stops execution. + // The use of clearsContent here ensures we also block assignments like `window.location.href = ...` + exists(DataFlow::PropRef ref | + ref = DataFlow::globalObjectRef().getAPropertyReference("location") and + n = ref.getBase().getPostUpdateNode() and + c = ContentSet::property("location") + ) } /** diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/global.js b/javascript/ql/test/library-tests/InterProceduralFlow/global.js index a7132f1dcb59..99badab76b83 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/global.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/global.js @@ -9,11 +9,11 @@ function g(x) { let sink1 = g(source1); let sink2 = g(source2); -document.location = source1; // should not flow to `global2.js` in spite of assignment +document.someProp = source1; // should not flow to `global2.js` in spite of assignment // `document = {}` in `fake-document.js` -window.location = source1; +window.someProp = source1; let win = window; -let sink3 = window.location; -let sink4 = win.location; -let sink5 = location; +let sink3 = window.someProp; +let sink4 = win.someProp; +let sink5 = someProp; diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/global2.js b/javascript/ql/test/library-tests/InterProceduralFlow/global2.js index 258b79a7df9b..004a4ce50bb0 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/global2.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/global2.js @@ -1,2 +1,2 @@ let remote_sink = source1; -let other_remote_sink = document.location; +let other_remote_sink = document.someProp; From 2eff07f4760c99c0d5e16801228ea21306547d1d Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 15:12:18 +0200 Subject: [PATCH 142/223] JS: Update TaintTracking test --- .../TaintTracking/BasicTaintTracking.expected | 119 ++++++--- .../TaintTracking/BasicTaintTracking.ql | 55 ++--- .../TaintTracking/DataFlowTracking.expected | 96 ++++++-- .../TaintTracking/DataFlowTracking.ql | 38 ++- .../TaintTracking/arrays-init.js | 18 +- .../library-tests/TaintTracking/booleanOps.js | 14 +- .../TaintTracking/bound-function.js | 25 +- .../library-tests/TaintTracking/call-apply.js | 22 +- .../library-tests/TaintTracking/callbacks.js | 4 +- .../TaintTracking/capture-flow.js | 228 ++++++++++++++++++ .../TaintTracking/constructor-calls.js | 20 +- .../library-tests/TaintTracking/exceptions.js | 16 +- .../TaintTracking/getters-and-setters.js | 4 +- .../TaintTracking/implied-receiver.js | 11 + .../TaintTracking/nested-props.js | 2 +- .../TaintTracking/object-bypass-sanitizer.js | 4 +- .../TaintTracking/partialCalls.js | 2 +- .../library-tests/TaintTracking/promise.js | 30 ++- .../TaintTracking/sanitizer-guards.js | 16 +- .../stringification-read-steps.js | 31 +++ 20 files changed, 598 insertions(+), 157 deletions(-) create mode 100644 javascript/ql/test/library-tests/TaintTracking/implied-receiver.js create mode 100644 javascript/ql/test/library-tests/TaintTracking/stringification-read-steps.js diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 74095771abb5..594ea1acdbe8 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -1,17 +1,29 @@ -typeInferenceMismatch -| call-apply.js:27:14:27:21 | source() | call-apply.js:3:1:5:1 | 'arguments' object of function foo1 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:7:1:9:1 | 'arguments' object of function foo2 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:12:10:12:30 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:16:10:16:40 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:23:1:25:1 | 'arguments' object of function foo1_sink | -| call-apply.js:27:14:27:21 | source() | call-apply.js:29:6:29:32 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:33:6:33:35 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:64:3:66:3 | 'arguments' object of function sinkArguments1 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:67:3:69:3 | 'arguments' object of function sinkArguments0 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:71:3:74:3 | 'arguments' object of function fowardArguments | -| destruct.js:20:7:20:14 | source() | destruct.js:13:14:13:19 | [a, b] | -#select +legacyDataFlowDifference +| bound-function.js:27:8:27:15 | source() | bound-function.js:30:10:30:10 | y | only flow with OLD data flow library | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | only flow with NEW data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | only flow with NEW data flow library | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | only flow with NEW data flow library | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | only flow with NEW data flow library | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | only flow with NEW data flow library | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | only flow with NEW data flow library | +| nested-props.js:19:17:19:24 | source() | nested-props.js:20:10:20:18 | obj.x.y.z | only flow with NEW data flow library | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | only flow with NEW data flow library | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | only flow with NEW data flow library | +| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:23:14:23:20 | obj.foo | only flow with OLD data flow library | +| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | only flow with OLD data flow library | +| promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | only flow with OLD data flow library | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library | +| stringification-read-steps.js:7:22:7:29 | source() | stringification-read-steps.js:17:10:17:31 | JSON.st ... object) | only flow with NEW data flow library | +| stringification-read-steps.js:7:22:7:29 | source() | stringification-read-steps.js:25:10:25:31 | JSON.st ... object) | only flow with NEW data flow library | +consistencyIssue +flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | | addexpr.js:11:15:11:22 | source() | addexpr.js:21:8:21:12 | value | @@ -46,22 +58,22 @@ typeInferenceMismatch | booleanOps.js:2:11:2:18 | source() | booleanOps.js:13:10:13:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:19:10:19:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:22:10:22:10 | x | -| bound-function.js:12:12:12:19 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:14:6:14:13 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:22:8:22:15 | source() | bound-function.js:25:10:25:10 | y | -| bound-function.js:45:10:45:17 | source() | bound-function.js:45:6:45:18 | id3(source()) | -| bound-function.js:49:12:49:19 | source() | bound-function.js:54:6:54:14 | source0() | -| bound-function.js:49:12:49:19 | source() | bound-function.js:55:6:55:14 | source1() | +| bound-function.js:17:21:17:28 | source() | bound-function.js:5:10:5:16 | y.test2 | +| bound-function.js:19:15:19:22 | source() | bound-function.js:6:10:6:16 | y.test3 | +| bound-function.js:50:10:50:17 | source() | bound-function.js:50:6:50:18 | id3(source()) | +| bound-function.js:54:12:54:19 | source() | bound-function.js:59:6:59:14 | source0() | +| bound-function.js:54:12:54:19 | source() | bound-function.js:60:6:60:14 | source1() | | call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 | | call-apply.js:27:14:27:21 | source() | call-apply.js:29:6:29:32 | foo1.ca ... ce, "") | | call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) | | call-apply.js:27:14:27:21 | source() | call-apply.js:33:6:33:35 | foo2.ap ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:40:6:40:29 | foo1_ap ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:46:6:46:28 | foo1_ca ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:47:6:47:28 | foo1_ca ... ource]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:65:10:65:21 | arguments[1] | -| call-apply.js:27:14:27:21 | source() | call-apply.js:68:10:68:21 | arguments[0] | -| call-apply.js:87:17:87:24 | source() | call-apply.js:84:8:84:11 | this | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:40:6:40:28 | foo1_ca ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:41:6:41:28 | foo1_ca ... ource]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:59:10:59:21 | arguments[1] | +| call-apply.js:27:14:27:21 | source() | call-apply.js:62:10:62:21 | arguments[0] | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | +| call-apply.js:81:17:81:24 | source() | call-apply.js:78:8:78:11 | this | | callbacks.js:4:6:4:13 | source() | callbacks.js:34:27:34:27 | x | | callbacks.js:4:6:4:13 | source() | callbacks.js:35:27:35:27 | x | | callbacks.js:5:6:5:13 | source() | callbacks.js:34:27:34:27 | x | @@ -69,6 +81,10 @@ typeInferenceMismatch | callbacks.js:25:16:25:23 | source() | callbacks.js:47:26:47:26 | x | | callbacks.js:25:16:25:23 | source() | callbacks.js:48:26:48:26 | x | | callbacks.js:37:17:37:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | | callbacks.js:44:17:44:24 | source() | callbacks.js:41:10:41:10 | x | | callbacks.js:50:18:50:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y | @@ -76,6 +92,27 @@ typeInferenceMismatch | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() | | capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) | +| capture-flow.js:45:12:45:19 | source() | capture-flow.js:45:6:45:20 | test3(source()) | +| capture-flow.js:60:13:60:20 | source() | capture-flow.js:60:6:60:21 | test3a(source()) | +| capture-flow.js:76:13:76:20 | source() | capture-flow.js:76:6:76:21 | test3b(source()) | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | +| capture-flow.js:93:13:93:20 | source() | capture-flow.js:96:6:96:14 | test4()() | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:101:6:101:22 | test5(source())() | +| capture-flow.js:110:12:110:19 | source() | capture-flow.js:106:14:106:14 | x | +| capture-flow.js:118:37:118:44 | source() | capture-flow.js:114:14:114:14 | x | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:123:14:123:26 | orderingTaint | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:129:14:129:26 | orderingTaint | +| capture-flow.js:177:26:177:33 | source() | capture-flow.js:173:14:173:14 | x | +| capture-flow.js:187:34:187:41 | source() | capture-flow.js:183:14:183:14 | x | +| capture-flow.js:195:24:195:31 | source() | capture-flow.js:191:14:191:14 | x | +| capture-flow.js:205:24:205:31 | source() | capture-flow.js:200:18:200:18 | x | +| capture-flow.js:225:13:225:20 | source() | capture-flow.js:220:51:220:59 | fileOrDir | +| capture-flow.js:230:9:230:16 | source() | capture-flow.js:233:14:233:14 | x | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:243:18:243:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:247:18:247:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:248:18:248:27 | this.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:252:14:252:36 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:253:14:253:23 | this.field | | captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x | | case.js:2:16:2:23 | source() | case.js:5:8:5:35 | changeC ... source) | | case.js:2:16:2:23 | source() | case.js:8:8:8:24 | camelCase(source) | @@ -88,12 +125,15 @@ typeInferenceMismatch | closure.js:6:15:6:22 | source() | closure.js:8:8:8:31 | string. ... (taint) | | closure.js:6:15:6:22 | source() | closure.js:9:8:9:25 | string.trim(taint) | | closure.js:6:15:6:22 | source() | closure.js:10:8:10:33 | string. ... nt, 50) | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:18:8:18:14 | c.taint | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:22:8:22:19 | c_safe.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:26:8:26:14 | d.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:30:8:30:19 | d_safe.taint | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:17:8:17:14 | c.param | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:25:8:25:14 | d.param | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:24:8:24:14 | c.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:28:8:28:19 | c_safe.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:32:8:32:14 | d.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:36:8:36:19 | d_safe.taint | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:23:8:23:14 | c.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:31:8:31:14 | d.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | | destruct.js:20:7:20:14 | source() | destruct.js:5:10:5:10 | z | | destruct.js:20:7:20:14 | source() | destruct.js:8:10:8:10 | w | | destruct.js:20:7:20:14 | source() | destruct.js:11:10:11:10 | q | @@ -104,6 +144,7 @@ typeInferenceMismatch | exceptions.js:21:17:21:24 | source() | exceptions.js:24:10:24:21 | e.toString() | | exceptions.js:21:17:21:24 | source() | exceptions.js:25:10:25:18 | e.message | | exceptions.js:21:17:21:24 | source() | exceptions.js:26:10:26:19 | e.fileName | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | | exceptions.js:59:24:59:31 | source() | exceptions.js:61:12:61:12 | e | | exceptions.js:88:6:88:13 | source() | exceptions.js:11:10:11:10 | e | | exceptions.js:88:6:88:13 | source() | exceptions.js:32:10:32:10 | e | @@ -125,12 +166,14 @@ typeInferenceMismatch | getters-and-setters.js:6:20:6:27 | source() | getters-and-setters.js:13:18:13:20 | c.x | | getters-and-setters.js:27:15:27:22 | source() | getters-and-setters.js:23:18:23:18 | v | | getters-and-setters.js:47:23:47:30 | source() | getters-and-setters.js:45:14:45:16 | c.x | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | | getters-and-setters.js:60:20:60:27 | source() | getters-and-setters.js:66:10:66:14 | obj.x | | getters-and-setters.js:67:13:67:20 | source() | getters-and-setters.js:63:18:63:22 | value | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:88:10:88:18 | new C().x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:92:14:92:16 | c.x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:100:10:100:22 | getX(new C()) | | getters-and-setters.js:89:17:89:24 | source() | getters-and-setters.js:82:18:82:22 | value | +| implied-receiver.js:4:16:4:23 | source() | implied-receiver.js:7:18:7:25 | this.foo | | importedReactComponent.jsx:4:40:4:47 | source() | exportedReactComponent.jsx:2:10:2:19 | props.text | | indexOf.js:4:11:4:18 | source() | indexOf.js:9:10:9:10 | x | | json-stringify.js:2:16:2:23 | source() | json-stringify.js:5:8:5:29 | JSON.st ... source) | @@ -156,12 +199,14 @@ typeInferenceMismatch | json-stringify.js:3:15:3:22 | source() | json-stringify.js:8:8:8:31 | jsonStr ... (taint) | | nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x | | nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | +| nested-props.js:19:17:19:24 | source() | nested-props.js:20:10:20:18 | obj.x.y.z | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | | nested-props.js:35:13:35:20 | source() | nested-props.js:36:10:36:20 | doLoad(obj) | | nested-props.js:43:13:43:20 | source() | nested-props.js:44:10:44:18 | id(obj).x | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | | nested-props.js:67:31:67:38 | source() | nested-props.js:68:10:68:10 | x | | nested-props.js:77:36:77:43 | source() | nested-props.js:78:10:78:10 | x | -| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:23:14:23:20 | obj.foo | -| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | | partialCalls.js:4:17:4:24 | source() | partialCalls.js:17:14:17:14 | x | | partialCalls.js:4:17:4:24 | source() | partialCalls.js:20:14:20:14 | y | | partialCalls.js:4:17:4:24 | source() | partialCalls.js:30:14:30:20 | x.value | @@ -170,7 +215,8 @@ typeInferenceMismatch | promise.js:4:24:4:31 | source() | promise.js:4:8:4:32 | Promise ... urce()) | | promise.js:5:25:5:32 | source() | promise.js:5:8:5:33 | bluebir ... urce()) | | promise.js:10:24:10:31 | source() | promise.js:10:8:10:32 | Promise ... urce()) | -| promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | +| promise.js:18:22:18:29 | source() | promise.js:24:10:24:10 | e | +| promise.js:33:21:33:28 | source() | promise.js:38:10:38:10 | e | | rxjs.js:3:1:3:8 | source() | rxjs.js:10:14:10:17 | data | | rxjs.js:13:1:13:8 | source() | rxjs.js:17:23:17:23 | x | | rxjs.js:13:1:13:8 | source() | rxjs.js:18:23:18:23 | x | @@ -185,6 +231,7 @@ typeInferenceMismatch | sanitizer-guards.js:13:14:13:21 | source() | sanitizer-guards.js:26:9:26:14 | this.x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:45:8:45:8 | x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:48:10:48:10 | x | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | | sanitizer-guards.js:68:11:68:18 | source() | sanitizer-guards.js:75:8:75:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:81:8:81:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:84:10:84:10 | x | @@ -208,6 +255,8 @@ typeInferenceMismatch | string-replace.js:3:13:3:20 | source() | string-replace.js:21:6:21:41 | safe(). ... taint) | | string-replace.js:3:13:3:20 | source() | string-replace.js:22:6:22:48 | safe(). ... taint) | | string-replace.js:3:13:3:20 | source() | string-replace.js:24:6:24:45 | taint.r ... + '!') | +| stringification-read-steps.js:7:22:7:29 | source() | stringification-read-steps.js:17:10:17:31 | JSON.st ... object) | +| stringification-read-steps.js:7:22:7:29 | source() | stringification-read-steps.js:25:10:25:31 | JSON.st ... object) | | summarize-store-load-in-call.js:9:15:9:22 | source() | summarize-store-load-in-call.js:9:10:9:23 | blah(source()) | | thisAssignments.js:4:17:4:24 | source() | thisAssignments.js:5:10:5:18 | obj.field | | thisAssignments.js:7:19:7:26 | source() | thisAssignments.js:8:10:8:20 | this.field2 | diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql index cfbd3a530db1..d76cd7b8fb90 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql @@ -1,5 +1,6 @@ import javascript import semmle.javascript.dataflow.InferredTypes +import testUtilities.ConsistencyChecking DataFlow::CallNode getACall(string name) { result.getCalleeName() = name @@ -7,53 +8,53 @@ DataFlow::CallNode getACall(string name) { result.getCalleeNode().getALocalSource() = DataFlow::globalVarRef(name) } -class Sink extends DataFlow::Node { - Sink() { this = getACall("sink").getAnArgument() } -} +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } + + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } -/** - * A node that shouldn't be taintable according to the type inference, - * as it claims to be neither an object nor a string. - */ -class UntaintableNode extends DataFlow::Node { - UntaintableNode() { - not this.analyze().getAType() = TTObject() and - not this.analyze().getAType() = TTString() + predicate isBarrier(DataFlow::Node node) { + node.(DataFlow::InvokeNode).getCalleeName().matches("sanitizer_%") or + node = DataFlow::MakeBarrierGuard::getABarrierNode() or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() } } -class BasicConfig extends TaintTracking::Configuration { - BasicConfig() { this = "BasicConfig" } +module TestFlow = TaintTracking::Global; - override predicate isSource(DataFlow::Node node) { node = getACall("source") } +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } - override predicate isSink(DataFlow::Node node) { - node instanceof Sink - or - node instanceof UntaintableNode - } + override predicate isSource(DataFlow::Node node) { TestConfig::isSource(node) } + + override predicate isSink(DataFlow::Node node) { TestConfig::isSink(node) } override predicate isSanitizer(DataFlow::Node node) { node.(DataFlow::InvokeNode).getCalleeName().matches("sanitizer_%") } override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { - node instanceof BasicSanitizerGuard + node instanceof BasicSanitizerGuard or + node instanceof TaintTracking::AdHocWhitelistCheckSanitizer } } +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + class BasicSanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { BasicSanitizerGuard() { this = getACall("isSafe") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } -query predicate typeInferenceMismatch(DataFlow::Node source, UntaintableNode sink) { - any(BasicConfig cfg).hasFlow(source, sink) -} +query predicate flow = TestFlow::flow/2; -from BasicConfig cfg, DataFlow::Node src, Sink sink -where cfg.hasFlow(src, sink) -select src, sink +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected index 3808a3e618f1..9f5ed2f65738 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected @@ -1,9 +1,34 @@ +legacyDataFlowDifference +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:38:8:38:13 | arr[5] | only flow with NEW data flow library | +| bound-function.js:27:8:27:15 | source() | bound-function.js:30:10:30:10 | y | only flow with OLD data flow library | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | only flow with NEW data flow library | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | only flow with NEW data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | only flow with NEW data flow library | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | only flow with NEW data flow library | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | only flow with NEW data flow library | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | only flow with NEW data flow library | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | only flow with NEW data flow library | +| nested-props.js:19:17:19:24 | source() | nested-props.js:20:10:20:18 | obj.x.y.z | only flow with NEW data flow library | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | only flow with NEW data flow library | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | only flow with NEW data flow library | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library | +| tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | only flow with NEW data flow library | +| tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | only flow with NEW data flow library | +flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | advanced-callgraph.js:2:13:2:20 | source() | advanced-callgraph.js:6:22:6:22 | v | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:17:8:17:13 | arr[1] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:22:8:22:13 | arr[6] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:28:8:28:13 | arr[1] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:34:8:34:13 | arr[1] | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:38:8:38:13 | arr[5] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:43:10:43:15 | arr[i] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:55:10:55:15 | arr[i] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:61:10:61:13 | item | @@ -13,18 +38,19 @@ | booleanOps.js:2:11:2:18 | source() | booleanOps.js:13:10:13:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:19:10:19:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:22:10:22:10 | x | -| bound-function.js:12:12:12:19 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:14:6:14:13 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:22:8:22:15 | source() | bound-function.js:25:10:25:10 | y | -| bound-function.js:45:10:45:17 | source() | bound-function.js:45:6:45:18 | id3(source()) | -| bound-function.js:49:12:49:19 | source() | bound-function.js:54:6:54:14 | source0() | -| bound-function.js:49:12:49:19 | source() | bound-function.js:55:6:55:14 | source1() | +| bound-function.js:17:21:17:28 | source() | bound-function.js:5:10:5:16 | y.test2 | +| bound-function.js:19:15:19:22 | source() | bound-function.js:6:10:6:16 | y.test3 | +| bound-function.js:50:10:50:17 | source() | bound-function.js:50:6:50:18 | id3(source()) | +| bound-function.js:54:12:54:19 | source() | bound-function.js:59:6:59:14 | source0() | +| bound-function.js:54:12:54:19 | source() | bound-function.js:60:6:60:14 | source1() | | call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 | | call-apply.js:27:14:27:21 | source() | call-apply.js:29:6:29:32 | foo1.ca ... ce, "") | | call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:46:6:46:28 | foo1_ca ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:68:10:68:21 | arguments[0] | -| call-apply.js:87:17:87:24 | source() | call-apply.js:84:8:84:11 | this | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:40:6:40:28 | foo1_ca ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:62:10:62:21 | arguments[0] | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | +| call-apply.js:81:17:81:24 | source() | call-apply.js:78:8:78:11 | this | | callbacks.js:4:6:4:13 | source() | callbacks.js:34:27:34:27 | x | | callbacks.js:4:6:4:13 | source() | callbacks.js:35:27:35:27 | x | | callbacks.js:5:6:5:13 | source() | callbacks.js:34:27:34:27 | x | @@ -32,6 +58,10 @@ | callbacks.js:25:16:25:23 | source() | callbacks.js:47:26:47:26 | x | | callbacks.js:25:16:25:23 | source() | callbacks.js:48:26:48:26 | x | | callbacks.js:37:17:37:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | | callbacks.js:44:17:44:24 | source() | callbacks.js:41:10:41:10 | x | | callbacks.js:50:18:50:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y | @@ -39,14 +69,39 @@ | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() | | capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) | +| capture-flow.js:45:12:45:19 | source() | capture-flow.js:45:6:45:20 | test3(source()) | +| capture-flow.js:60:13:60:20 | source() | capture-flow.js:60:6:60:21 | test3a(source()) | +| capture-flow.js:76:13:76:20 | source() | capture-flow.js:76:6:76:21 | test3b(source()) | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | +| capture-flow.js:93:13:93:20 | source() | capture-flow.js:96:6:96:14 | test4()() | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:101:6:101:22 | test5(source())() | +| capture-flow.js:110:12:110:19 | source() | capture-flow.js:106:14:106:14 | x | +| capture-flow.js:118:37:118:44 | source() | capture-flow.js:114:14:114:14 | x | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:123:14:123:26 | orderingTaint | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:129:14:129:26 | orderingTaint | +| capture-flow.js:177:26:177:33 | source() | capture-flow.js:173:14:173:14 | x | +| capture-flow.js:187:34:187:41 | source() | capture-flow.js:183:14:183:14 | x | +| capture-flow.js:195:24:195:31 | source() | capture-flow.js:191:14:191:14 | x | +| capture-flow.js:205:24:205:31 | source() | capture-flow.js:200:18:200:18 | x | +| capture-flow.js:225:13:225:20 | source() | capture-flow.js:220:51:220:59 | fileOrDir | +| capture-flow.js:230:9:230:16 | source() | capture-flow.js:233:14:233:14 | x | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:243:18:243:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:247:18:247:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:248:18:248:27 | this.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:252:14:252:36 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:253:14:253:23 | this.field | | captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:18:8:18:14 | c.taint | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:22:8:22:19 | c_safe.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:26:8:26:14 | d.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:30:8:30:19 | d_safe.taint | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:17:8:17:14 | c.param | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:25:8:25:14 | d.param | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:24:8:24:14 | c.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:28:8:28:19 | c_safe.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:32:8:32:14 | d.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:36:8:36:19 | d_safe.taint | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:23:8:23:14 | c.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:31:8:31:14 | d.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | | exceptions.js:3:15:3:22 | source() | exceptions.js:5:10:5:10 | e | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | | exceptions.js:59:24:59:31 | source() | exceptions.js:61:12:61:12 | e | | exceptions.js:88:6:88:13 | source() | exceptions.js:11:10:11:10 | e | | exceptions.js:93:11:93:18 | source() | exceptions.js:95:10:95:10 | e | @@ -64,18 +119,24 @@ | getters-and-setters.js:6:20:6:27 | source() | getters-and-setters.js:13:18:13:20 | c.x | | getters-and-setters.js:27:15:27:22 | source() | getters-and-setters.js:23:18:23:18 | v | | getters-and-setters.js:47:23:47:30 | source() | getters-and-setters.js:45:14:45:16 | c.x | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | | getters-and-setters.js:60:20:60:27 | source() | getters-and-setters.js:66:10:66:14 | obj.x | | getters-and-setters.js:67:13:67:20 | source() | getters-and-setters.js:63:18:63:22 | value | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:88:10:88:18 | new C().x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:92:14:92:16 | c.x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:100:10:100:22 | getX(new C()) | | getters-and-setters.js:89:17:89:24 | source() | getters-and-setters.js:82:18:82:22 | value | +| implied-receiver.js:4:16:4:23 | source() | implied-receiver.js:7:18:7:25 | this.foo | | indexOf.js:4:11:4:18 | source() | indexOf.js:9:10:9:10 | x | | indexOf.js:4:11:4:18 | source() | indexOf.js:13:10:13:10 | x | | nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x | | nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | +| nested-props.js:19:17:19:24 | source() | nested-props.js:20:10:20:18 | obj.x.y.z | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | | nested-props.js:35:13:35:20 | source() | nested-props.js:36:10:36:20 | doLoad(obj) | | nested-props.js:43:13:43:20 | source() | nested-props.js:44:10:44:18 | id(obj).x | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | | nested-props.js:67:31:67:38 | source() | nested-props.js:68:10:68:10 | x | | object-bypass-sanitizer.js:32:21:32:28 | source() | object-bypass-sanitizer.js:15:10:15:24 | sanitizer_id(x) | | object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:27:10:27:30 | sanitiz ... bj.foo) | @@ -97,10 +158,11 @@ | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:45:8:45:8 | x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:48:10:48:10 | x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:52:10:52:10 | x | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | | sanitizer-guards.js:68:11:68:18 | source() | sanitizer-guards.js:75:8:75:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:81:8:81:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:84:10:84:10 | x | -| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:86:7:86:7 | x | +| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:86:9:86:9 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:93:8:93:8 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:96:10:96:10 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:98:7:98:7 | x | @@ -109,4 +171,6 @@ | thisAssignments.js:4:17:4:24 | source() | thisAssignments.js:5:10:5:18 | obj.field | | thisAssignments.js:7:19:7:26 | source() | thisAssignments.js:8:10:8:20 | this.field2 | | tst.js:2:13:2:20 | source() | tst.js:4:10:4:10 | x | +| tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | +| tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | | tst.js:2:13:2:20 | source() | tst.js:54:14:54:19 | unsafe | diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql index 6799b0ffd78a..62abcda81a54 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql @@ -2,26 +2,44 @@ import javascript DataFlow::CallNode getACall(string name) { result.getCalleeName() = name } -class BasicConfig extends DataFlow::Configuration { - BasicConfig() { this = "BasicConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } - override predicate isSource(DataFlow::Node node) { node = getACall("source") } + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } - override predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } - - override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { + additional predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { node instanceof BasicBarrierGuard } + + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeLegacyBarrierGuard::getABarrierNode() + } } +module TestFlow = DataFlow::Global; + class BasicBarrierGuard extends DataFlow::BarrierGuardNode, DataFlow::CallNode { BasicBarrierGuard() { this = getACall("isSafe") } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocks(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } -from BasicConfig cfg, DataFlow::Node src, DataFlow::Node sink -where cfg.hasFlow(src, sink) -select src, sink +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } + + override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { + TestConfig::isBarrierGuard(node) + } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/TaintTracking/arrays-init.js b/javascript/ql/test/library-tests/TaintTracking/arrays-init.js index 74faa5934786..a0f3839d275c 100644 --- a/javascript/ql/test/library-tests/TaintTracking/arrays-init.js +++ b/javascript/ql/test/library-tests/TaintTracking/arrays-init.js @@ -1,7 +1,7 @@ (function () { let source = source(); - var str = "FALSE"; + var str = "FALSE"; console.log("=== access by index (init by ctor) ==="); var arr = new Array(2); @@ -24,18 +24,18 @@ console.log("=== access by index (init by [...]) ==="); var arr = [str, source]; - sink(arr[0]); // OK + sink(arr[0]); // OK [INCONSISTENCY] sink(arr[1]); // NOT OK sink(str); // OK console.log("=== access by index (init by [...], array.lenght > 5) ==="); var arr = [str, source, 'b', 'c', 'd', source]; - sink(arr[0]); // OK + sink(arr[0]); // OK [INCONSISTENCY] sink(arr[1]); // NOT OK - sink(arr[2]); // OK - sink(arr[3]); // OK - sink(arr[4]); // OK - sink(arr[5]); // NOT OK - but not flagged [INCONSISTENCY] + sink(arr[2]); // OK [INCONSISTENCY] + sink(arr[3]); // OK [INCONSISTENCY] + sink(arr[4]); // OK [INCONSISTENCY] + sink(arr[5]); // NOT OK console.log("=== access in for (init by [...]) ==="); var arr = [str, source]; @@ -58,6 +58,6 @@ console.log("=== access in forof (init by [...]) ==="); var arr = [str, source]; for (const item of arr) { - sink(item); // NOT OK + sink(item); // NOT OK } -}()); \ No newline at end of file +}()); diff --git a/javascript/ql/test/library-tests/TaintTracking/booleanOps.js b/javascript/ql/test/library-tests/TaintTracking/booleanOps.js index 876d43bbc391..6cb0d6cea338 100644 --- a/javascript/ql/test/library-tests/TaintTracking/booleanOps.js +++ b/javascript/ql/test/library-tests/TaintTracking/booleanOps.js @@ -1,23 +1,23 @@ function test() { let x = source(); - + sink(x); // NOT OK - + if (x === 'a') sink(x); // OK - + if (x === 'a' || x === 'b') sink(x); // OK - + if (x === 'a' || 1 === 1) sink(x); // NOT OK if (isSafe(x)) sink(x); // OK - + if (isSafe(x, y) || isSafe(x, z)) - sink(x); // OK - + sink(x); // OK [INCONSISTENCY] + if (isSafe(x) || 1 === 1) sink(x); // NOT OK } diff --git a/javascript/ql/test/library-tests/TaintTracking/bound-function.js b/javascript/ql/test/library-tests/TaintTracking/bound-function.js index b38dee1c922a..bc74312ea618 100644 --- a/javascript/ql/test/library-tests/TaintTracking/bound-function.js +++ b/javascript/ql/test/library-tests/TaintTracking/bound-function.js @@ -1,28 +1,33 @@ import * as dummy from 'dummy'; function foo(x, y) { - sink(y); + sink(y.test1); // OK + sink(y.test2); // NOT OK + sink(y.test3); // NOT OK + sink(y.test4); // OK + sink(y.test5); // OK + sink(y.test6); // OK } let foo0 = foo.bind(null); let foo1 = foo.bind(null, null); let foo2 = foo.bind(null, null, null); -foo0(source(), null); // OK -foo0(null, source()); // NOT OK +foo0({ test1: source() }, null); +foo0(null, { test2: source() }); -foo1(source()); // NOT OK -foo1(null, source()); // OK +foo1({ test3: source() }); +foo1(null, { test4: source() }); -foo2(source()); // OK -foo2(null, source()); // OK +foo2({ test5: source() }); +foo2(null, { test6: source() }); function takesCallback(cb) { - cb(source()); // NOT OK + cb(source()); } function callback(x, y) { - sink(y); + sink(y); // NOT OK [INCONSISTENCY] - lambda flow in dataflow2 does not handle partial invocations yet } takesCallback(callback.bind(null, null)); @@ -33,7 +38,7 @@ function id(x) { let sourceGetter = id.bind(null, source()); let constGetter = id.bind(null, 'safe'); -sink(sourceGetter()); // NOT OK - but not flagged +sink(sourceGetter()); // NOT OK [INCONSISTENCY] sink(constGetter()); // OK function id2(x, y) { diff --git a/javascript/ql/test/library-tests/TaintTracking/call-apply.js b/javascript/ql/test/library-tests/TaintTracking/call-apply.js index e26e3aa3835d..0782ad71babe 100644 --- a/javascript/ql/test/library-tests/TaintTracking/call-apply.js +++ b/javascript/ql/test/library-tests/TaintTracking/call-apply.js @@ -30,21 +30,15 @@ sink(foo1.call(null, source, "")); // NOT OK sink(foo2.call(null, source, "")); // OK sink(foo1.apply(null, [source, ""])); // NOT OK -sink(foo2.apply(null, [source, ""])); // OK - -// doesn't work due to fundamental limitations of our dataflow analysis. -// exactly (and I mean exactly) the same thing happens in the below `obj.foo` example. -// in general we don't track flow that first goes through a call, and then a return, unless we can summarize it. -// in the other examples we can summarize the flow, because it's quite simple, but here we can't. -// (try to read the QLDoc in the top of `Configuration.qll`, that might help). -sink(foo1_apply([source, ""])); // NOT OK - but not flagged [INCONSISTENCY] +sink(foo2.apply(null, [source, ""])); // OK [INCONSISTENCY] +sink(foo1_apply([source, ""])); // NOT OK foo1_apply_sink([source, ""]); // This works, because we don't need a return after a call (the sink is inside the called function). sink(foo1_apply.apply(["", source])); // OK sink(foo1_call([source, ""])); // NOT OK -sink(foo1_call(["", source])); // OK +sink(foo1_call(["", source])); // OK [INCONSISTENCY] var obj = { @@ -58,21 +52,21 @@ function foo(x) { function bar(x) { return x.foo; } -sink(foo(obj)); // NOT OK - but not flagged [INCONSISTENCY] +sink(foo(obj)); // NOT OK function argumentsObject() { function sinkArguments1() { - sink(arguments[1]); // OK + sink(arguments[1]); // OK [INCONSISTENCY] } function sinkArguments0() { sink(arguments[0]); // NOT OK } - + function fowardArguments() { sinkArguments1.apply(this, arguments); sinkArguments0.apply(this, arguments); } - + fowardArguments.apply(this, [source, ""]); } @@ -84,4 +78,4 @@ function sinksThis2() { sink(this); // NOT OK } -sinksThis.apply(source(), []); \ No newline at end of file +sinksThis.apply(source(), []); diff --git a/javascript/ql/test/library-tests/TaintTracking/callbacks.js b/javascript/ql/test/library-tests/TaintTracking/callbacks.js index e317514f88ff..62299defcd9c 100644 --- a/javascript/ql/test/library-tests/TaintTracking/callbacks.js +++ b/javascript/ql/test/library-tests/TaintTracking/callbacks.js @@ -35,8 +35,8 @@ function test() { provideTaint2(x => sink(x)); // NOT OK forwardTaint2(source(), x => sink(x)); // NOT OK - forwardTaint2("safe", x => sink(x)); // OK - + forwardTaint2("safe", x => sink(x)); // OK [INCONSISTENCY] + function helper1(x) { sink(x); // NOT OK return x; diff --git a/javascript/ql/test/library-tests/TaintTracking/capture-flow.js b/javascript/ql/test/library-tests/TaintTracking/capture-flow.js index af50e7523a9b..bb9dc523bb84 100644 --- a/javascript/ql/test/library-tests/TaintTracking/capture-flow.js +++ b/javascript/ql/test/library-tests/TaintTracking/capture-flow.js @@ -29,3 +29,231 @@ function confuse(x) { sink(confuse('safe')); // OK sink(confuse(source())); // NOT OK + +function test3(param) { + var x; + function one() { + x = param; + } + function two() { + one(); + return x; + } + return two(); +} + +sink(test3(source())); // NOT OK +sink(test3("safe")); // OK + +function test3a(param) { + var x; + function one() { + x = param; + } + one(); + function two() { + return x; + } + return two(); +} + +sink(test3a(source())); // NOT OK +sink(test3a("safe")); // OK + +function test3b(param) { + var x; + function one() { + x = param; + } + one(); + function two() { + one(); + return x; + } + return two(); +} + +sink(test3b(source())); // NOT OK +sink(test3b("safe")); // OK + +function test3c(param) { + function one() { + return param; + } + function two() { + return one(); + } + return two(); +} + +sink(test3c(source())); // NOT OK +sink(test3c("safe")); // OK + +function test4() { + var x = source(); + return () => x; +} +sink(test4()()); // NOT OK + +function test5(x) { + return () => x; +} +sink(test5(source())()); // NOT OK +sink(test5("safe")()); // OK + +function testEscape(x) { + function escapingFunction() { + sink(x); // NOT OK + } + global.doEscape(escapingFunction); +} +testEscape(source()); + +function testEscapeViaReturn(x) { + function escapingFunction() { + sink(x); // NOT OK + } + return escapingFunction; +} +global.doEscape(testEscapeViaReturn(source())); + +function ordering() { + var orderingTaint; + global.addEventListener('click', () => { + sink(orderingTaint); // NOT OK + }); + global.addEventListener('load', () => { + orderingTaint = source(); + }); + global.addEventListener('click', () => { + sink(orderingTaint); // NOT OK + }); +} +ordering(); + +function makeSafe(x) { + console.log(x); + return "safe"; +} +function flowSensitiveParamUpdate(x) { + x = makeSafe(x); + function captureX() { + console.log(x); + } + captureX(); + sink(x); // OK +} +flowSensitiveParamUpdate(source()); + +function flowSensitiveLocalUpdate() { + let x = source(); + x = makeSafe(x); + function captureX() { + console.log(x); + } + captureX(); + sink(x); // OK +} +flowSensitiveLocalUpdate(); + +function flowSensitiveLocalIncrement() { + let x = source(); + ++x; + function captureX() { + console.log(x); + } + captureX(); + sink(x); // OK +} +flowSensitiveLocalIncrement(); + +function destructuredVarDecl(param) { + let { x } = param; + function inner() { + sink(x); // NOT OK + } + inner(); +} +destructuredVarDecl({ x: source() }); + +function destructuredLocalAssignment(param) { + let x; + ({ x } = param); + function inner() { + sink(x); // NOT OK + } + inner(); +} +destructuredLocalAssignment({ x: source() }); + +function destructuredParam({ x }) { + function inner() { + sink(x); // NOT OK + } + inner(); +} +destructuredParam({ x: source() }); + +function destructuredLoop(data) { + for (let { x } of data) { + function inner() { + sink(x); // NOT OK + } + inner(); + } +} +destructuredLoop([{ x: source() }]); + + +function testPromise(arg) { + function transform(x) { + return { prop: x }; + } + class Foo { + updatePrVisibility(y) { + const { prop: variable } = transform(y); + this.exists(variable).then(() => { + transform(variable); + }); + } + exists(fileOrDir) { + return new Promise(resolve => fs.sink(fileOrDir, err => resolve(!err))); // NOT OK + } + } + new Foo().updatePrVisibility(arg); +} +testPromise(source()); + +function sinkInner() { + var x = "safe"; + console.log(x); + x = source(); + console.log(x); + function inner() { + sink(x); // NOT OK + } + inner(); +} +sinkInner(); + +function testObjectWithMethods(taint) { + const objectWithMethods = { + field: taint, + arrowFunction: () => { + sink(objectWithMethods.field); // NOT OK + sink(this.field); // OK - refers to outer 'this' + }, + regularFunction() { + sink(objectWithMethods.field); // NOT OK + sink(this.field); // NOT OK + }, + }; + objectWithMethods.functionAddedLater = function() { + sink(objectWithMethods.field); // NOT OK + sink(this.field); // NOT OK + }; + objectWithMethods.arrowFunction(); + objectWithMethods.regularFunction(); + objectWithMethods.functionAddedLater(); +} +testObjectWithMethods(source()); diff --git a/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js b/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js index c59915527874..049bf486e5c5 100644 --- a/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js +++ b/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js @@ -10,22 +10,36 @@ function JsClass(param) { this.taint = source(); } +class SubClass extends EcmaClass { + constructor(param) { + super(param); + } +} + function test() { let taint = source(); let c = new EcmaClass(taint); sink(c.param); // NOT OK sink(c.taint); // NOT OK - + let c_safe = new EcmaClass("safe"); sink(c_safe.param); // OK sink(c_safe.taint); // NOT OK - + let d = new JsClass(taint); sink(d.param); // NOT OK sink(d.taint); // NOT OK - + let d_safe = new JsClass("safe"); sink(d_safe.param); // OK sink(d_safe.taint); // NOT OK + + let e = new SubClass(taint); + sink(e.param); // NOT OK + sink(e.taint); // NOT OK + + let f_safe = new SubClass("safe"); + sink(f_safe.param); // OK + sink(f_safe.taint); // NOT OK } diff --git a/javascript/ql/test/library-tests/TaintTracking/exceptions.js b/javascript/ql/test/library-tests/TaintTracking/exceptions.js index 72d822be9ada..6ada4f4fb50d 100644 --- a/javascript/ql/test/library-tests/TaintTracking/exceptions.js +++ b/javascript/ql/test/library-tests/TaintTracking/exceptions.js @@ -23,7 +23,7 @@ function test(unsafe, safe) { sink(e); // NOT OK sink(e.toString()); // NOT OK sink(e.message); // NOT OK - sink(e.fileName); // OK - but flagged anyway + sink(e.fileName); // OK - but flagged anyway [INCONSISTENCY] } try { @@ -32,16 +32,16 @@ function test(unsafe, safe) { sink(e); // NOT OK sink(e.toString()); // NOT OK sink(e.message); // NOT OK - sink(e.fileName); // OK - but flagged anyway + sink(e.fileName); // OK - but flagged anyway [INCONSISTENCY] } try { throwError2(safe); } catch (e) { - sink(e); // NOT OK - sink(e.toString()); // NOT OK - sink(e.message); // NOT OK - sink(e.fileName); // OK - but flagged anyway + sink(e); // OK + sink(e.toString()); // OK + sink(e.message); // OK + sink(e.fileName); // OK } try { @@ -51,14 +51,14 @@ function test(unsafe, safe) { } throwAsync(source()).catch(e => { - sink(e); // NOT OK - but not flagged + sink(e); // NOT OK }); async function asyncTester() { try { await throwAsync(source()); } catch (e) { - sink(e); // NOT OK - but not flagged + sink(e); // NOT OK } } } diff --git a/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js b/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js index 4fae44d083ca..677110e003aa 100644 --- a/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js +++ b/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js @@ -50,7 +50,7 @@ function testFlowThroughGetter() { function getX(c) { return c.x; } - sink(getX(new C(source()))); // NOT OK - but not flagged + sink(getX(new C(source()))); // NOT OK getX(null); } @@ -67,7 +67,7 @@ function testFlowThroughObjectLiteralAccessors() { obj.y = source(); function indirection(c) { - sink(c.x); // NOT OK - but not currently flagged + sink(c.x); // NOT OK - but not currently flagged [INCONSISTENCY] } indirection(obj); indirection(null); diff --git a/javascript/ql/test/library-tests/TaintTracking/implied-receiver.js b/javascript/ql/test/library-tests/TaintTracking/implied-receiver.js new file mode 100644 index 000000000000..5fb230ee7b61 --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/implied-receiver.js @@ -0,0 +1,11 @@ +import 'dummy'; + +function Foo() { + this.foo = source(); + var obj = { + bar: function() { + sink(this.foo); // NOT OK + } + }; + Object.assign(this, obj); +} diff --git a/javascript/ql/test/library-tests/TaintTracking/nested-props.js b/javascript/ql/test/library-tests/TaintTracking/nested-props.js index a5ea3cc248be..e3878b1a1854 100644 --- a/javascript/ql/test/library-tests/TaintTracking/nested-props.js +++ b/javascript/ql/test/library-tests/TaintTracking/nested-props.js @@ -57,7 +57,7 @@ function doLoadLoad(obj) { } function storeBackloadCallLoadLoadReturn(obj) { obj.x.y = source(); - sink(doLoadStore(obj)); // NOT OK - but not found + sink(doLoadStore(obj)); // NOT OK - but not found [INCONSISTENCY] } function doStoreReturn(val) { diff --git a/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js b/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js index 129b3ed7b329..bc12c0162b62 100644 --- a/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js +++ b/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js @@ -20,12 +20,12 @@ function useTaintedValue(x) { function useTaintedObject(obj) { if (isSafe(obj)) { sink(obj); // OK - sink(obj.foo); // NOT OK + sink(obj.foo); // NOT OK [INCONSISTENCY] - FN caused by barriers blocking content flow } sink(sanitizer_id(obj)); // OK sink(sanitizer_id(obj.foo)); // OK - sink(sanitizer_id(obj).foo); // NOT OK + sink(sanitizer_id(obj).foo); // NOT OK [INCONSISTENCY] - FN caused by barriers blocking content flow } function test() { diff --git a/javascript/ql/test/library-tests/TaintTracking/partialCalls.js b/javascript/ql/test/library-tests/TaintTracking/partialCalls.js index e673538005c7..1fc61e96ffdf 100644 --- a/javascript/ql/test/library-tests/TaintTracking/partialCalls.js +++ b/javascript/ql/test/library-tests/TaintTracking/partialCalls.js @@ -42,7 +42,7 @@ function test() { let taintGetter = id.bind(null, taint); sink(taintGetter); // OK - this is a function object - sink(taintGetter()); // NOT OK - but not currently detected + sink(taintGetter()); // NOT OK - but not currently detected [INCONSISTENCY] function safearray(x) { sink(x); // OK diff --git a/javascript/ql/test/library-tests/TaintTracking/promise.js b/javascript/ql/test/library-tests/TaintTracking/promise.js index 9714d258df5d..84c972f4d686 100644 --- a/javascript/ql/test/library-tests/TaintTracking/promise.js +++ b/javascript/ql/test/library-tests/TaintTracking/promise.js @@ -10,5 +10,31 @@ function closure() { sink(Promise.resolve(source())); // NOT OK let resolver = Promise.withResolver(); resolver.resolve(source()); - sink(resolver.promise); // NOT OK -} \ No newline at end of file + sink(resolver.promise); // NOT OK [INCONSISTENCY] - flow summary for withResolver() currently not working +} + +function exceptionThroughThen() { + return new Promise((resolve, reject) => { + reject(new Error(source())); + }) + .then(x => "safe") + .then(x => "safe") + .then(x => "safe") + .catch(e => { + sink(e); // NOT OK + }) +} + +function exceptionThroughThen2() { + return new Promise((resolve, reject) => { + resolve("safe") + }) + .then(x => { + throw new Error(source()) + }) + .then(x => "safe") + .then(x => "safe") + .catch(e => { + sink(e); // NOT OK + }) +} diff --git a/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js b/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js index 8aaa9fd24e27..14f4139ca083 100644 --- a/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js +++ b/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js @@ -1,8 +1,8 @@ function test() { let x = source(); - + sink(x); // NOT OK - + if (isSafe(x)) { sink(x); // OK } @@ -18,7 +18,7 @@ class C { sink(this.x); // OK addEventListener('hey', () => { - sink(this.x); // OK - but still flagged + sink(this.x); // OK - but still flagged [INCONSISTENCY] }); } @@ -61,7 +61,7 @@ function phi() { } else { x = null; } - sink(x); // OK + sink(x); // OK [INCONSISTENCY] - dataflow2 cannot block the phi edge } function phi2() { @@ -77,13 +77,13 @@ function phi2() { function falsy() { let x = source(); - + sink(x); // NOT OK - + if (x) { - sink(x); // OK (for taint-tracking) + sink(x); // NOT OK (for taint-tracking) } else { - sink(x); // NOT OK + sink(x); // OK } } diff --git a/javascript/ql/test/library-tests/TaintTracking/stringification-read-steps.js b/javascript/ql/test/library-tests/TaintTracking/stringification-read-steps.js new file mode 100644 index 000000000000..a17bd43aa69e --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/stringification-read-steps.js @@ -0,0 +1,31 @@ +import 'dummy'; + +function makeObject() { + return { + foo: { + bar: { + baz: source() + } + } + }; +} + +function test() { + const object = makeObject(); + + sink(object); // OK + sink(JSON.stringify(object)); // NOT OK + sink(object); // OK +} + +function testCapture() { + const object = makeObject(); + + sink(object); // OK + sink(JSON.stringify(object)); // NOT OK + sink(object); // OK - use-use flow should not see the effects of the implicit read in JSON.stringify + + function capture() { + object; + } +} From 85e8998067984c21406e6912bef0e24f607e2c44 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 15:16:48 +0200 Subject: [PATCH 143/223] JS: Update ImportEquals test --- .../TypeScript/ImportEquals/tests.expected | 3 ++- .../TypeScript/ImportEquals/tests.ql | 22 +++++++++++++------ 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected index 4299e997ca85..d891fe49179e 100644 --- a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected +++ b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference dataFlowModuleImports | ./esDefaultExport | tst.ts:1:26:1:53 | require ... xport') | | ./esNamedExports | tst.ts:2:18:2:44 | require ... ports') | @@ -29,4 +30,4 @@ resolution | tst.ts:10:1:10:20 | new NodeFullExport() | nodeFullExport.ts:3:18:3:40 | class N ... port {} | tst.ts | NodeFullExport | nodeFullExport.ts | | tst.ts:11:1:11:31 | new nod ... xport() | nodeNamedExport.ts:3:27:3:50 | class N ... port {} | tst.ts | NodeNamedExport | nodeNamedExport.ts | taint -| test taint config | taintSource.ts:3:27:3:47 | externa ... ource() | tst.ts:18:19:18:42 | taintSo ... edValue | +| taintSource.ts:3:27:3:47 | externa ... ource() | tst.ts:18:19:18:42 | taintSo ... edValue | diff --git a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql index c7bc19292092..caa919ffe8d4 100644 --- a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql +++ b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql @@ -38,18 +38,26 @@ query predicate resolution( klassFile = klass.getFile().getBaseName() } -class TaintConfig extends TaintTracking::Configuration { - TaintConfig() { this = "test taint config" } - - override predicate isSource(DataFlow::Node node) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = DataFlow::moduleImport("externalTaintSource").getACall() } - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = DataFlow::moduleImport("externalTaintSink").getACall().getArgument(0) } } -query predicate taint(TaintConfig cfg, DataFlow::Node source, DataFlow::Node sink) { - cfg.hasFlow(source, sink) +module TestFlow = TaintTracking::Global; + +query predicate taint = TestFlow::flow/2; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff From bab639f23caa8da4949693dfe362f783f638cdcf Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 15:25:07 +0200 Subject: [PATCH 144/223] JS: Update ReflectedXssWithCustomSanitizer test --- .../ReflectedXss/ReflectedXssWithCustomSanitizer.ql | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql index 3fcf8c0377bf..b9c4107a6ad9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql @@ -3,18 +3,17 @@ // import javascript import semmle.javascript.security.dataflow.ReflectedXssQuery +private import semmle.javascript.security.dataflow.Xss::Shared as SharedXss -class IsVarNameSanitizer extends TaintTracking::AdditionalSanitizerGuardNode, DataFlow::CallNode { +class IsVarNameSanitizer extends SharedXss::BarrierGuard, DataFlow::CallNode { IsVarNameSanitizer() { this.getCalleeName() = "isVarName" } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } - - override predicate appliesTo(TaintTracking::Configuration cfg) { cfg instanceof Configuration } } -from Configuration xss, Source source, Sink sink -where xss.hasFlow(source, sink) +from Source source, Sink sink +where ReflectedXssFlow::flow(source, sink) select sink, "Cross-site scripting vulnerability due to $@.", source, "user-provided value" From 9b46c4596c9c1343d2131a6d7df0ee3636c7ce76 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 15:25:47 +0200 Subject: [PATCH 145/223] JS: Update HeuristicSoruceCodeInjection test --- .../HeuristicSourceCodeInjection.expected | 393 +++++------------- .../HeuristicSourceCodeInjection.ql | 6 +- 2 files changed, 96 insertions(+), 303 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected index 7e4bd3059551..cdeea504be42 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected @@ -1,342 +1,135 @@ -nodes -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| eslint-escope-build.js:20:22:20:22 | c | -| eslint-escope-build.js:20:22:20:22 | c | -| eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:21:16:21:16 | c | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:27:34:27:38 | taint | -| express.js:27:34:27:38 | taint | -| express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:43:15:43:19 | taint | -| express.js:43:15:43:19 | taint | -| express.js:49:30:49:32 | msg | -| express.js:49:30:49:32 | msg | -| express.js:50:10:50:12 | msg | -| express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| template-sinks.js:18:9:18:31 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:31:18:31:23 | source | -| tst.js:31:18:31:23 | source | -| tst.js:33:14:33:19 | source | -| tst.js:33:14:33:19 | source | -| tst.js:35:28:35:33 | source | -| tst.js:35:28:35:33 | source | -| tst.js:37:33:37:38 | source | -| tst.js:37:33:37:38 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | edges | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | | eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | | express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | | express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | | express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | | express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | | express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | | express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | | express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | | express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | | react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | | react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | | react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | | template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | | template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | | tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | | tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | | tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | | tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | | tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | | tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | | tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | | tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | | tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | | tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | | tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash | +nodes +| NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query | +| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | semmle.label | req.body | +| actions.js:4:10:4:50 | github. ... message | semmle.label | github. ... message | +| angularjs.js:10:22:10:36 | location.search | semmle.label | location.search | +| angularjs.js:13:23:13:37 | location.search | semmle.label | location.search | +| angularjs.js:16:28:16:42 | location.search | semmle.label | location.search | +| angularjs.js:19:22:19:36 | location.search | semmle.label | location.search | +| angularjs.js:22:27:22:41 | location.search | semmle.label | location.search | +| angularjs.js:25:23:25:37 | location.search | semmle.label | location.search | +| angularjs.js:28:33:28:47 | location.search | semmle.label | location.search | +| angularjs.js:31:28:31:42 | location.search | semmle.label | location.search | +| angularjs.js:34:18:34:32 | location.search | semmle.label | location.search | +| angularjs.js:40:18:40:32 | location.search | semmle.label | location.search | +| angularjs.js:44:17:44:31 | location.search | semmle.label | location.search | +| angularjs.js:47:16:47:30 | location.search | semmle.label | location.search | +| angularjs.js:50:22:50:36 | location.search | semmle.label | location.search | +| angularjs.js:53:32:53:46 | location.search | semmle.label | location.search | +| eslint-escope-build.js:20:22:20:22 | c | semmle.label | c | +| eslint-escope-build.js:21:16:21:16 | c | semmle.label | c | +| express.js:7:24:7:69 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:7:44:7:62 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:9:34:9:79 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:9:54:9:72 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:12:8:12:53 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:12:28:12:46 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:15:22:15:54 | req.par ... ction") | semmle.label | req.par ... ction") | +| express.js:17:30:17:53 | req.par ... cript") | semmle.label | req.par ... cript") | +| express.js:19:37:19:70 | req.par ... odule") | semmle.label | req.par ... odule") | +| express.js:21:19:21:48 | req.par ... ntext") | semmle.label | req.par ... ntext") | +| express.js:26:9:26:35 | taint | semmle.label | taint | +| express.js:26:17:26:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:27:34:27:38 | taint | semmle.label | taint | +| express.js:34:9:34:35 | taint | semmle.label | taint | +| express.js:34:17:34:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:43:15:43:19 | taint | semmle.label | taint | +| express.js:49:30:49:32 | msg | semmle.label | msg | +| express.js:50:10:50:12 | msg | semmle.label | msg | +| module.js:9:16:9:29 | req.query.code | semmle.label | req.query.code | +| module.js:11:17:11:30 | req.query.code | semmle.label | req.query.code | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:32:8:38 | tainted | semmle.label | tainted | +| react-native.js:10:23:10:29 | tainted | semmle.label | tainted | +| react.js:10:56:10:77 | documen ... on.hash | semmle.label | documen ... on.hash | +| template-sinks.js:18:9:18:31 | tainted | semmle.label | tainted | +| template-sinks.js:18:19:18:31 | req.query.foo | semmle.label | req.query.foo | +| template-sinks.js:20:17:20:23 | tainted | semmle.label | tainted | +| template-sinks.js:21:16:21:22 | tainted | semmle.label | tainted | +| template-sinks.js:22:18:22:24 | tainted | semmle.label | tainted | +| template-sinks.js:23:17:23:23 | tainted | semmle.label | tainted | +| template-sinks.js:24:18:24:24 | tainted | semmle.label | tainted | +| template-sinks.js:25:16:25:22 | tainted | semmle.label | tainted | +| template-sinks.js:26:27:26:33 | tainted | semmle.label | tainted | +| template-sinks.js:27:21:27:27 | tainted | semmle.label | tainted | +| template-sinks.js:28:17:28:23 | tainted | semmle.label | tainted | +| template-sinks.js:29:24:29:30 | tainted | semmle.label | tainted | +| template-sinks.js:30:21:30:27 | tainted | semmle.label | tainted | +| template-sinks.js:31:19:31:25 | tainted | semmle.label | tainted | +| template-sinks.js:32:16:32:22 | tainted | semmle.label | tainted | +| template-sinks.js:33:17:33:23 | tainted | semmle.label | tainted | +| tst.js:2:6:2:27 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:2:6:2:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:5:12:5:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:14:10:14:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:14:10:14:74 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:17:21:17:42 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:20:30:20:51 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:6:23:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) | +| tst.js:23:11:23:32 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:11:23:45 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst.js:26:26:26:40 | location.search | semmle.label | location.search | +| tst.js:26:26:26:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) | +| tst.js:29:9:29:82 | source | semmle.label | source | +| tst.js:29:18:29:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:29:18:29:82 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:31:18:31:23 | source | semmle.label | source | +| tst.js:33:14:33:19 | source | semmle.label | source | +| tst.js:35:28:35:33 | source | semmle.label | source | +| tst.js:37:33:37:38 | source | semmle.label | source | +| webix/webix.html:3:16:3:37 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:4:26:4:47 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:5:47:5:68 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:4:22:4:43 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:5:43:5:64 | documen ... on.hash | semmle.label | documen ... on.hash | +subpaths #select | eslint-escope-build.js:21:16:21:16 | c | eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | $@ flows to here and is interpreted as code. | eslint-escope-build.js:20:22:20:22 | c | User-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql index 2e5a95533f1d..da6b4f631a9e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql @@ -1,9 +1,9 @@ import javascript import semmle.javascript.heuristics.AdditionalSources import semmle.javascript.security.dataflow.CodeInjectionQuery -import DataFlow::PathGraph +import CodeInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +where CodeInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "$@ flows to here and is interpreted as code.", source.getNode(), "User-provided value" From 98c79e7674af63be1ec60be5fb138ace92a4529a Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 9 Oct 2023 10:46:36 +0200 Subject: [PATCH 146/223] JS: Update test output showing lack of global flow (geniune FN) --- .../library-tests/InterProceduralFlow/tests.expected | 9 --------- 1 file changed, 9 deletions(-) diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected index 7278acf71610..aab7951f4804 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected +++ b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected @@ -24,8 +24,6 @@ dataFlow | esLib.js:3:21:3:29 | "tainted" | esClient.js:11:13:11:17 | esFoo | | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | -| global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | -| global.js:1:15:1:24 | "tainted1" | global.js:18:13:18:24 | win.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -63,7 +61,6 @@ dataFlow | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | -| properties.js:18:26:18:42 | "tainted as well" | properties.js:20:24:20:33 | window.foo | | tst2.js:2:17:2:26 | "tainted1" | tst2.js:10:15:10:24 | g(source1) | | tst2.js:3:17:3:26 | "tainted2" | tst2.js:11:15:11:24 | g(source2) | | tst2.js:6:24:6:37 | "also tainted" | tst2.js:10:15:10:24 | g(source1) | @@ -109,8 +106,6 @@ taintTracking | esLib.js:3:21:3:29 | "tainted" | esClient.js:11:13:11:17 | esFoo | | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | -| global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | -| global.js:1:15:1:24 | "tainted1" | global.js:18:13:18:24 | win.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -151,7 +146,6 @@ taintTracking | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | -| properties.js:18:26:18:42 | "tainted as well" | properties.js:20:24:20:33 | window.foo | | tst2.js:2:17:2:26 | "tainted1" | tst2.js:10:15:10:24 | g(source1) | | tst2.js:3:17:3:26 | "tainted2" | tst2.js:11:15:11:24 | g(source2) | | tst2.js:6:24:6:37 | "also tainted" | tst2.js:10:15:10:24 | g(source1) | @@ -219,8 +213,6 @@ germanFlow | esLib.js:3:21:3:29 | "tainted" | esClient.js:11:13:11:17 | esFoo | | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | -| global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | -| global.js:1:15:1:24 | "tainted1" | global.js:18:13:18:24 | win.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -258,7 +250,6 @@ germanFlow | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | -| properties.js:18:26:18:42 | "tainted as well" | properties.js:20:24:20:33 | window.foo | | tst2.js:2:17:2:26 | "tainted1" | tst2.js:10:15:10:24 | g(source1) | | tst2.js:3:17:3:26 | "tainted2" | tst2.js:11:15:11:24 | g(source2) | | tst2.js:6:24:6:37 | "also tainted" | tst2.js:10:15:10:24 | g(source1) | From 7c5eb89491a35845b9f45e43af1a2048c5fd33ac Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 9 Oct 2023 10:00:46 +0200 Subject: [PATCH 147/223] JS: Add tests for captured 'this' (genuine FN) --- .../TaintTracking/BasicTaintTracking.expected | 6 +++++ .../TaintTracking/DataFlowTracking.expected | 4 +++ .../TaintTracking/capture-flow.js | 25 +++++++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 594ea1acdbe8..2a1bcc1c998b 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -7,6 +7,9 @@ legacyDataFlowDifference | callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | | capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | | capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:272:10:272:17 | this.foo | only flow with OLD data flow library | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:274:6:274:45 | new Cap ... ()).foo | only flow with OLD data flow library | +| capture-flow.js:283:34:283:41 | source() | capture-flow.js:284:6:284:44 | new Cap ... e').foo | only flow with NEW data flow library | | constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | only flow with NEW data flow library | | constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | only flow with NEW data flow library | | constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | only flow with NEW data flow library | @@ -113,6 +116,9 @@ flow | capture-flow.js:259:23:259:30 | source() | capture-flow.js:248:18:248:27 | this.field | | capture-flow.js:259:23:259:30 | source() | capture-flow.js:252:14:252:36 | objectW ... s.field | | capture-flow.js:259:23:259:30 | source() | capture-flow.js:253:14:253:23 | this.field | +| capture-flow.js:262:16:262:23 | source() | capture-flow.js:264:14:264:21 | this.foo | +| capture-flow.js:283:34:283:41 | source() | capture-flow.js:283:6:283:46 | new Cap ... ()).foo | +| capture-flow.js:283:34:283:41 | source() | capture-flow.js:284:6:284:44 | new Cap ... e').foo | | captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x | | case.js:2:16:2:23 | source() | case.js:5:8:5:35 | changeC ... source) | | case.js:2:16:2:23 | source() | case.js:8:8:8:24 | camelCase(source) | diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected index 9f5ed2f65738..5bcd9a8f9c32 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected @@ -9,6 +9,8 @@ legacyDataFlowDifference | callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | | capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | | capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:272:10:272:17 | this.foo | only flow with OLD data flow library | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:274:6:274:45 | new Cap ... ()).foo | only flow with OLD data flow library | | constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | only flow with NEW data flow library | | constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | only flow with NEW data flow library | | constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | only flow with NEW data flow library | @@ -90,6 +92,8 @@ flow | capture-flow.js:259:23:259:30 | source() | capture-flow.js:248:18:248:27 | this.field | | capture-flow.js:259:23:259:30 | source() | capture-flow.js:252:14:252:36 | objectW ... s.field | | capture-flow.js:259:23:259:30 | source() | capture-flow.js:253:14:253:23 | this.field | +| capture-flow.js:262:16:262:23 | source() | capture-flow.js:264:14:264:21 | this.foo | +| capture-flow.js:283:34:283:41 | source() | capture-flow.js:283:6:283:46 | new Cap ... ()).foo | | captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x | | constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:24:8:24:14 | c.taint | | constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:28:8:28:19 | c_safe.taint | diff --git a/javascript/ql/test/library-tests/TaintTracking/capture-flow.js b/javascript/ql/test/library-tests/TaintTracking/capture-flow.js index bb9dc523bb84..baa6c6c95d29 100644 --- a/javascript/ql/test/library-tests/TaintTracking/capture-flow.js +++ b/javascript/ql/test/library-tests/TaintTracking/capture-flow.js @@ -257,3 +257,28 @@ function testObjectWithMethods(taint) { objectWithMethods.functionAddedLater(); } testObjectWithMethods(source()); + +function captureThis() { + this.foo = source(); + window.addEventListener('click', () => { + sink(this.foo); // NOT OK + }); +} + +function CaptureThisWithoutJump(x) { + [1].forEach(() => { + this.foo = x; + }); + sink(this.foo); // NOT OK [INCONSISTENCY] +} +sink(new CaptureThisWithoutJump(source()).foo); // NOT OK [INCONSISTENCY] +sink(new CaptureThisWithoutJump('safe').foo); // OK + +function CaptureThisWithoutJump2(x) { + this.foo = x; + let y; + [1].forEach(() => y = this.foo); + return y; +} +sink(new CaptureThisWithoutJump2(source()).foo); // NOT OK +sink(new CaptureThisWithoutJump2('safe').foo); // OK [INCONSISTENCY] From 24bab27ffed04256f024d99dd3418d5a1d6cfefb Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 4 Oct 2023 15:30:20 +0200 Subject: [PATCH 148/223] JS: Add TODO for dynamic import step --- javascript/ql/lib/semmle/javascript/Promises.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/javascript/ql/lib/semmle/javascript/Promises.qll b/javascript/ql/lib/semmle/javascript/Promises.qll index c254128f87b5..f25fa2bc820d 100644 --- a/javascript/ql/lib/semmle/javascript/Promises.qll +++ b/javascript/ql/lib/semmle/javascript/Promises.qll @@ -705,6 +705,7 @@ private module DynamicImportSteps { */ class DynamicImportStep extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + // TODO: this step needs to be ported to dataflow2 exists(DynamicImportExpr imprt | pred = imprt.getImportedModule().getAnExportedValue("default") and succ = imprt.flow() and From 51dec79401713bd11cc7473fea2862343971095b Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 15:48:25 +0200 Subject: [PATCH 149/223] JS: Lower access path limit to 2 --- .../javascript/dataflow/internal/DataFlowPrivate.qll | 2 +- .../TaintTracking/BasicTaintTracking.expected | 9 +++------ .../TaintTracking/DataFlowTracking.expected | 2 -- .../ql/test/library-tests/frameworks/Redux/test.expected | 2 +- 4 files changed, 5 insertions(+), 10 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 223a0ff15503..c8f7e749030b 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -879,7 +879,7 @@ predicate isUnreachableInCall(Node n, DataFlowCall call) { none() // TODO: could be useful, but not currently implemented for JS } -int accessPathLimit() { result = 5 } +int accessPathLimit() { result = 2 } /** * Holds if flow is allowed to pass from parameter `p` and back to itself as a diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 2a1bcc1c998b..c71c187c98a7 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -16,16 +16,16 @@ legacyDataFlowDifference | exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | only flow with NEW data flow library | | getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | only flow with NEW data flow library | | nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | only flow with NEW data flow library | -| nested-props.js:19:17:19:24 | source() | nested-props.js:20:10:20:18 | obj.x.y.z | only flow with NEW data flow library | | nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | only flow with NEW data flow library | | nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | only flow with NEW data flow library | | object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:23:14:23:20 | obj.foo | only flow with OLD data flow library | | object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | only flow with OLD data flow library | | promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | only flow with OLD data flow library | | sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library | -| stringification-read-steps.js:7:22:7:29 | source() | stringification-read-steps.js:17:10:17:31 | JSON.st ... object) | only flow with NEW data flow library | -| stringification-read-steps.js:7:22:7:29 | source() | stringification-read-steps.js:25:10:25:31 | JSON.st ... object) | only flow with NEW data flow library | consistencyIssue +| library-tests/TaintTracking/nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | +| library-tests/TaintTracking/stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | +| library-tests/TaintTracking/stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -206,7 +206,6 @@ flow | nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x | | nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y | | nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | -| nested-props.js:19:17:19:24 | source() | nested-props.js:20:10:20:18 | obj.x.y.z | | nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | | nested-props.js:35:13:35:20 | source() | nested-props.js:36:10:36:20 | doLoad(obj) | | nested-props.js:43:13:43:20 | source() | nested-props.js:44:10:44:18 | id(obj).x | @@ -261,8 +260,6 @@ flow | string-replace.js:3:13:3:20 | source() | string-replace.js:21:6:21:41 | safe(). ... taint) | | string-replace.js:3:13:3:20 | source() | string-replace.js:22:6:22:48 | safe(). ... taint) | | string-replace.js:3:13:3:20 | source() | string-replace.js:24:6:24:45 | taint.r ... + '!') | -| stringification-read-steps.js:7:22:7:29 | source() | stringification-read-steps.js:17:10:17:31 | JSON.st ... object) | -| stringification-read-steps.js:7:22:7:29 | source() | stringification-read-steps.js:25:10:25:31 | JSON.st ... object) | | summarize-store-load-in-call.js:9:15:9:22 | source() | summarize-store-load-in-call.js:9:10:9:23 | blah(source()) | | thisAssignments.js:4:17:4:24 | source() | thisAssignments.js:5:10:5:18 | obj.field | | thisAssignments.js:7:19:7:26 | source() | thisAssignments.js:8:10:8:20 | this.field2 | diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected index 5bcd9a8f9c32..6ca5cb174b88 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected @@ -17,7 +17,6 @@ legacyDataFlowDifference | exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | only flow with NEW data flow library | | getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | only flow with NEW data flow library | | nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | only flow with NEW data flow library | -| nested-props.js:19:17:19:24 | source() | nested-props.js:20:10:20:18 | obj.x.y.z | only flow with NEW data flow library | | nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | only flow with NEW data flow library | | nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | only flow with NEW data flow library | | sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library | @@ -136,7 +135,6 @@ flow | nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x | | nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y | | nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | -| nested-props.js:19:17:19:24 | source() | nested-props.js:20:10:20:18 | obj.x.y.z | | nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | | nested-props.js:35:13:35:20 | source() | nested-props.js:36:10:36:20 | doLoad(obj) | | nested-props.js:43:13:43:20 | source() | nested-props.js:44:10:44:18 | id(obj).x | diff --git a/javascript/ql/test/library-tests/frameworks/Redux/test.expected b/javascript/ql/test/library-tests/frameworks/Redux/test.expected index 92c12137ad7c..62997826b366 100644 --- a/javascript/ql/test/library-tests/frameworks/Redux/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Redux/test.expected @@ -1,4 +1,5 @@ legacyDataFlowDifference +| react-redux.jsx:70:30:70:37 | source() | react-redux.jsx:77:10:77:28 | props.propFromAsync | only flow with OLD data flow library | reducerArg | exportedReducer.js:12:12:12:35 | (state, ... > state | | react-redux.jsx:12:33:17:9 | (state, ... } | @@ -112,7 +113,6 @@ taintFlow | react-redux.jsx:69:31:69:38 | source() | react-redux.jsx:74:10:74:35 | props.p ... lAction | | react-redux.jsx:69:31:69:38 | source() | react-redux.jsx:75:10:75:36 | props.p ... Action2 | | react-redux.jsx:69:31:69:38 | source() | react-redux.jsx:76:10:76:36 | props.p ... Action3 | -| react-redux.jsx:70:30:70:37 | source() | react-redux.jsx:77:10:77:28 | props.propFromAsync | reactComponentRef | accessPaths.js:7:1:15:1 | functio ... pan>;\\n} | accessPaths.js:7:1:15:1 | functio ... pan>;\\n} | | react-redux.jsx:64:1:80:1 | functio ... r}}/>\\n} | react-redux.jsx:64:1:80:1 | functio ... r}}/>\\n} | From d3f5169e6622611d82c9bd1dbdf675cbe7c4b20a Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 6 Oct 2023 15:58:08 +0200 Subject: [PATCH 150/223] JS: Lower field-flow branch limit on Polynomial ReDoS --- .../semmle/javascript/security/regexp/PolynomialReDoSQuery.qll | 2 ++ 1 file changed, 2 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll index dbe45503f2c7..3046febcc2ab 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll @@ -27,6 +27,8 @@ module PolynomialReDoSConfig implements DataFlow::ConfigSig { // TODO: localFieldStep is too expensive with dataflow2 // DataFlow::localFieldStep(pred, succ) } + + int fieldFlowBranchLimit() { result = 1 } // library inputs are too expensive on some projects } /** Taint-tracking for reasoning about polynomial regular expression denial-of-service attacks. */ From e738b5d1255bfcc94feb2b59663f6c4a500fa56f Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 14:35:26 +0200 Subject: [PATCH 151/223] JS: Expand callback test case Type-based pruning is confused by the different tests being interleaved, so we additionally want to have a test that is independent from the other parts of this test. --- .../TaintTracking/BasicTaintTracking.expected | 3 +++ .../TaintTracking/DataFlowTracking.expected | 3 +++ .../test/library-tests/TaintTracking/callbacks.js | 15 +++++++++++++++ 3 files changed, 21 insertions(+) diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index c71c187c98a7..b37f63afae0a 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -5,6 +5,7 @@ legacyDataFlowDifference | callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library | | callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | only flow with NEW data flow library | | callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| callbacks.js:73:17:73:24 | source() | callbacks.js:74:35:74:35 | x | only flow with NEW data flow library | | capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | | capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | | capture-flow.js:274:33:274:40 | source() | capture-flow.js:272:10:272:17 | this.foo | only flow with OLD data flow library | @@ -92,6 +93,8 @@ flow | callbacks.js:50:18:50:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x | +| callbacks.js:73:17:73:24 | source() | callbacks.js:73:37:73:37 | x | +| callbacks.js:73:17:73:24 | source() | callbacks.js:74:35:74:35 | x | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() | | capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) | diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected index 6ca5cb174b88..4ebebe573f14 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected @@ -7,6 +7,7 @@ legacyDataFlowDifference | callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library | | callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | only flow with NEW data flow library | | callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| callbacks.js:73:17:73:24 | source() | callbacks.js:74:35:74:35 | x | only flow with NEW data flow library | | capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | | capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | | capture-flow.js:274:33:274:40 | source() | capture-flow.js:272:10:272:17 | this.foo | only flow with OLD data flow library | @@ -67,6 +68,8 @@ flow | callbacks.js:50:18:50:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x | +| callbacks.js:73:17:73:24 | source() | callbacks.js:73:37:73:37 | x | +| callbacks.js:73:17:73:24 | source() | callbacks.js:74:35:74:35 | x | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() | | capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) | diff --git a/javascript/ql/test/library-tests/TaintTracking/callbacks.js b/javascript/ql/test/library-tests/TaintTracking/callbacks.js index 62299defcd9c..2724571e9568 100644 --- a/javascript/ql/test/library-tests/TaintTracking/callbacks.js +++ b/javascript/ql/test/library-tests/TaintTracking/callbacks.js @@ -58,3 +58,18 @@ function test() { sink(x); // NOT OK }); } + +function forwardTaint3(x, cb) { + cb(x); // Same as 'forwardTaint' but copied to avoid interference between tests + cb(x); +} + +function forwardTaint4(x, cb) { + forwardTaint3(x, cb); // Same as 'forwardTaint2' but copied to avoid interference between tests + forwardTaint3(x, cb); +} + +function test2() { + forwardTaint4(source(), x => sink(x)); // NOT OK + forwardTaint4("safe", x => sink(x)); // OK [INCONSISTENCY] +} From 9faf300dd0bdabe09d942e5bd0ebbd9e0dc03cf3 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 14:39:53 +0200 Subject: [PATCH 152/223] JS: Use type-pruning to restrict callback flow --- .../dataflow/internal/DataFlowPrivate.qll | 48 ++++++++++++++++--- .../TaintTracking/BasicTaintTracking.expected | 2 - .../TaintTracking/DataFlowTracking.expected | 2 - .../library-tests/TaintTracking/callbacks.js | 2 +- 4 files changed, 43 insertions(+), 11 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index c8f7e749030b..2c6227f522b6 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -297,16 +297,46 @@ DataFlowCallable nodeGetEnclosingCallable(Node node) { } private newtype TDataFlowType = - TTodoDataFlowType() or - TTodoDataFlowType2() // Add a dummy value to prevent bad functionality-induced joins arising from a type of size 1. + TFunctionType(Function f) or + TAnyType() class DataFlowType extends TDataFlowType { - string toString() { result = "" } + string toString() { + this instanceof TFunctionType and + result = + "TFunctionType(" + this.asFunction().toString() + ") at line " + + this.asFunction().getLocation().getStartLine() + or + this instanceof TAnyType and result = "TAnyType" + } + + Function asFunction() { this = TFunctionType(result) } } -predicate typeStrongerThan(DataFlowType t1, DataFlowType t2) { none() } +/** + * Holds if `t1` is strictly stronger than `t2`. + */ +predicate typeStrongerThan(DataFlowType t1, DataFlowType t2) { + t1 instanceof TFunctionType and t2 = TAnyType() +} + +private DataFlowType getPreciseType(Node node) { + exists(Function f | + (node = TValueNode(f) or node = TFunctionSelfReferenceNode(f)) and + result = TFunctionType(f) + ) + or + result = getPreciseType(node.getImmediatePredecessor()) + or + result = getPreciseType(node.(PostUpdateNode).getPreUpdateNode()) +} -DataFlowType getNodeType(Node node) { result = TTodoDataFlowType() and exists(node) } +DataFlowType getNodeType(Node node) { + result = getPreciseType(node) + or + not exists(getPreciseType(node)) and + result = TAnyType() +} predicate nodeIsHidden(Node node) { DataFlow::PathNode::shouldNodeBeHidden(node) @@ -344,7 +374,13 @@ predicate neverSkipInPathGraph(Node node) { string ppReprType(DataFlowType t) { none() } pragma[inline] -predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { any() } +predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { + t1 = t2 + or + t1 instanceof TAnyType and exists(t2) + or + t2 instanceof TAnyType and exists(t1) +} predicate forceHighPrecision(Content c) { none() } diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index b37f63afae0a..50cc7e739462 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -5,7 +5,6 @@ legacyDataFlowDifference | callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library | | callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | only flow with NEW data flow library | | callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | -| callbacks.js:73:17:73:24 | source() | callbacks.js:74:35:74:35 | x | only flow with NEW data flow library | | capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | | capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | | capture-flow.js:274:33:274:40 | source() | capture-flow.js:272:10:272:17 | this.foo | only flow with OLD data flow library | @@ -94,7 +93,6 @@ flow | callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x | | callbacks.js:73:17:73:24 | source() | callbacks.js:73:37:73:37 | x | -| callbacks.js:73:17:73:24 | source() | callbacks.js:74:35:74:35 | x | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() | | capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) | diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected index 4ebebe573f14..7fedc241a2c7 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected @@ -7,7 +7,6 @@ legacyDataFlowDifference | callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library | | callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | only flow with NEW data flow library | | callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | -| callbacks.js:73:17:73:24 | source() | callbacks.js:74:35:74:35 | x | only flow with NEW data flow library | | capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | | capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | | capture-flow.js:274:33:274:40 | source() | capture-flow.js:272:10:272:17 | this.foo | only flow with OLD data flow library | @@ -69,7 +68,6 @@ flow | callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x | | callbacks.js:73:17:73:24 | source() | callbacks.js:73:37:73:37 | x | -| callbacks.js:73:17:73:24 | source() | callbacks.js:74:35:74:35 | x | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() | | capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) | diff --git a/javascript/ql/test/library-tests/TaintTracking/callbacks.js b/javascript/ql/test/library-tests/TaintTracking/callbacks.js index 2724571e9568..2c0bb776a6a0 100644 --- a/javascript/ql/test/library-tests/TaintTracking/callbacks.js +++ b/javascript/ql/test/library-tests/TaintTracking/callbacks.js @@ -71,5 +71,5 @@ function forwardTaint4(x, cb) { function test2() { forwardTaint4(source(), x => sink(x)); // NOT OK - forwardTaint4("safe", x => sink(x)); // OK [INCONSISTENCY] + forwardTaint4("safe", x => sink(x)); // OK } From 5775fe6d6e921ff30eda70c631aaad4405fab91d Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 13 Oct 2023 11:06:57 +0200 Subject: [PATCH 153/223] JS: Use TAnyType in FlowSummaryPrivate --- .../dataflow/internal/DataFlowPrivate.qll | 2 +- .../dataflow/internal/FlowSummaryPrivate.qll | 23 ++++++++++++++----- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 2c6227f522b6..10cbd9ad659d 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -296,7 +296,7 @@ DataFlowCallable nodeGetEnclosingCallable(Node node) { node = TGenericSynthesizedNode(_, _, result) } -private newtype TDataFlowType = +newtype TDataFlowType = TFunctionType(Function f) or TAnyType() diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index a872dc101354..e838281f0bdc 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -38,31 +38,42 @@ ArgumentPosition callbackSelfParameterPosition() { result.isFunctionSelfReferenc SummaryCall summaryDataFlowCall(Private::SummaryNode receiver) { receiver = result.getReceiver() } /** Gets the type of content `c`. */ -DataFlowType getContentType(ContentSet c) { any() } +DataFlowType getContentType(ContentSet c) { result = TAnyType() and exists(c) } /** Gets the type of the parameter at the given position. */ bindingset[c, pos] -DataFlowType getParameterType(SummarizedCallable c, ParameterPosition pos) { any() } +DataFlowType getParameterType(SummarizedCallable c, ParameterPosition pos) { + // TODO: we could assign a more precise type to the function self-reference parameter + result = TAnyType() and exists(c) and exists(pos) +} /** Gets the return type of kind `rk` for callable `c`. */ bindingset[c, rk] -DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) { any() } +DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) { + result = TAnyType() and exists(c) and exists(rk) +} /** * Gets the type of the `i`th parameter in a synthesized call that targets a * callback of type `t`. */ bindingset[t, pos] -DataFlowType getCallbackParameterType(DataFlowType t, ArgumentPosition pos) { any() } +DataFlowType getCallbackParameterType(DataFlowType t, ArgumentPosition pos) { + result = TAnyType() and exists(t) and exists(pos) +} /** * Gets the return type of kind `rk` in a synthesized call that targets a * callback of type `t`. */ -DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { any() } +DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { + result = TAnyType() and exists(t) and exists(rk) +} /** Gets the type of synthetic global `sg`. */ -DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { any() } +DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { + result = TAnyType() and exists(sg) +} /** * Holds if an external flow summary exists for `c` with input specification From 3c7c5377ecef6a5fcb1f4560bd005fbf882c34dd Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 10 Oct 2023 14:51:54 +0200 Subject: [PATCH 154/223] JS: Add content approximation This seems to fix a performance issue for RegExpInjection in angular --- .../dataflow/internal/DataFlowPrivate.qll | 57 ++++++++++++++++++- 1 file changed, 55 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 10cbd9ad659d..3f3bc38e3d46 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -384,10 +384,63 @@ predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { predicate forceHighPrecision(Content c) { none() } -class ContentApprox = Unit; +newtype TContentApprox = + TApproxPropertyContent() or + TApproxMapKey() or + TApproxMapValue() or + TApproxSetElement() or + TApproxIteratorElement() or + TApproxIteratorError() or + TApproxPromiseValue() or + TApproxPromiseError() or + TApproxCapturedContent() + +class ContentApprox extends TContentApprox { + string toString() { + this = TApproxPropertyContent() and result = "TApproxPropertyContent" + or + this = TApproxMapKey() and result = "TApproxMapKey" + or + this = TApproxMapValue() and result = "TApproxMapValue" + or + this = TApproxSetElement() and result = "TApproxSetElement" + or + this = TApproxIteratorElement() and result = "TApproxIteratorElement" + or + this = TApproxIteratorError() and result = "TApproxIteratorError" + or + this = TApproxPromiseValue() and result = "TApproxPromiseValue" + or + this = TApproxPromiseError() and result = "TApproxPromiseError" + or + this = TApproxCapturedContent() and result = "TApproxCapturedContent" + } +} pragma[inline] -ContentApprox getContentApprox(Content c) { exists(result) and exists(c) } +ContentApprox getContentApprox(Content c) { + c instanceof MkPropertyContent and result = TApproxPropertyContent() + or + c instanceof MkArrayElementUnknown and result = TApproxPropertyContent() + or + c instanceof MkMapKey and result = TApproxMapKey() + or + c instanceof MkMapValueWithKnownKey and result = TApproxMapValue() + or + c instanceof MkMapValueWithUnknownKey and result = TApproxMapValue() + or + c instanceof MkSetElement and result = TApproxSetElement() + or + c instanceof MkIteratorElement and result = TApproxIteratorElement() + or + c instanceof MkIteratorError and result = TApproxIteratorError() + or + c instanceof MkPromiseValue and result = TApproxPromiseValue() + or + c instanceof MkPromiseError and result = TApproxPromiseError() + or + c instanceof MkCapturedContent and result = TApproxCapturedContent() +} cached private newtype TDataFlowCall = From a02ab2ad886c9073b12e2479432b4c6c45fad958 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 11 Oct 2023 12:50:04 +0200 Subject: [PATCH 155/223] JS: Port heuristic versions of standard queries --- .../CWE-020/UntrustedDataToExternalAPI.ql | 10 ++++--- .../src/Security/CWE-078/CommandInjection.ql | 12 ++++----- .../heuristics/ql/src/Security/CWE-079/Xss.ql | 6 ++--- .../ql/src/Security/CWE-089/SqlInjection.ql | 26 ++++++++++++------- .../ql/src/Security/CWE-117/LogInjection.ql | 6 ++--- .../Security/CWE-770/ResourceExhaustion.ql | 6 ++--- .../src/Security/CWE-807/ConditionalBypass.ql | 10 ++++--- .../CWE-915/PrototypePollutingAssignment.ql | 3 ++- 8 files changed, 46 insertions(+), 33 deletions(-) diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index dff265363191..4bf06b544474 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -12,11 +12,15 @@ import javascript import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import ExternalAPIUsedWithUntrustedDataFlow::PathGraph -from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from + ExternalAPIUsedWithUntrustedDataFlow::PathNode source, + ExternalAPIUsedWithUntrustedDataFlow::PathNode sink +where + ExternalAPIUsedWithUntrustedDataFlow::flowPath(source, sink) and + source.getNode() instanceof HeuristicSource select sink, source, sink, "Call to " + sink.getNode().(Sink).getApiName() + " with untrusted data from $@.", source, source.toString() diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql index b21c86fc50a6..f59de018f8b3 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql @@ -16,17 +16,17 @@ import javascript import semmle.javascript.security.dataflow.CommandInjectionQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import CommandInjectionFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight, - Source sourceNode + CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, + DataFlow::Node highlight, Source sourceNode where - cfg.hasFlowPath(source, sink) and + CommandInjectionFlow::flowPath(source, sink) and ( - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + if isSinkWithHighlight(sink.getNode(), _) + then isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() ) and sourceNode = source.getNode() and diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql index e93cd7e6ca5c..2db4b18e570e 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql @@ -15,11 +15,11 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXssQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import DomBasedXssFlow::PathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from DomBasedXssFlow::PathNode source, DomBasedXssFlow::PathNode sink +where DomBasedXssFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql index e82b9d40d5be..b8928021085f 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql @@ -15,18 +15,24 @@ */ import javascript -import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection -import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection -import DataFlow::PathGraph +import semmle.javascript.security.dataflow.SqlInjectionQuery as Sql +import semmle.javascript.security.dataflow.NosqlInjectionQuery as Nosql import semmle.javascript.heuristics.AdditionalSources -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string type +module Merged = + DataFlow::MergePathGraph; + +import DataFlow::DeduplicatePathGraph + +from PathNode source, PathNode sink, string type where - ( - cfg instanceof SqlInjection::Configuration and type = "string" - or - cfg instanceof NosqlInjection::Configuration and type = "object" - ) and - cfg.hasFlowPath(source, sink) + Sql::SqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode1(), + sink.getAnOriginalPathNode().asPathNode1()) and + type = "string" + or + Nosql::NosqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode2(), + sink.getAnOriginalPathNode().asPathNode2()) and + type = "object" select sink.getNode(), source, sink, "This query " + type + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql index 534de9167725..8d9eca39be52 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql @@ -13,11 +13,11 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.LogInjectionQuery import semmle.javascript.heuristics.AdditionalSources +import LogInjectionFlow::PathGraph -from LogInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from LogInjectionFlow::PathNode source, LogInjectionFlow::PathNode sink +where LogInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "Log entry depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql index 37e702b55e01..9b37ce896d18 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql @@ -14,11 +14,11 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.ResourceExhaustionQuery import semmle.javascript.heuristics.AdditionalSources +import ResourceExhaustionFlow::PathGraph -from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink -where dataflow.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from ResourceExhaustionFlow::PathNode source, ResourceExhaustionFlow::PathNode sink +where ResourceExhaustionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink, source, sink, sink.getNode().(Sink).getProblemDescription() + " from a $@.", source, "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql index 6fe3ff742f3f..2980b78e1d1d 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql @@ -14,13 +14,15 @@ import javascript import semmle.javascript.security.dataflow.ConditionalBypassQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import ConditionalBypassFlow::PathGraph -from DataFlow::PathNode source, DataFlow::PathNode sink, SensitiveAction action +from + ConditionalBypassFlow::PathNode source, ConditionalBypassFlow::PathNode sink, + SensitiveAction action where - isTaintedGuardForSensitiveAction(sink, source, action) and - not isEarlyAbortGuard(sink, action) and + isTaintedGuardNodeForSensitiveAction(sink, source, action) and + not isEarlyAbortGuardNode(sink, action) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "This condition guards a sensitive $@, but a $@ controls it.", action, "action", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql index a939794e375d..2b619f0614e0 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql @@ -20,13 +20,14 @@ import javascript import semmle.javascript.security.dataflow.PrototypePollutingAssignmentQuery -import PrototypePollutingAssignmentFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import PrototypePollutingAssignmentFlow::PathGraph from PrototypePollutingAssignmentFlow::PathNode source, PrototypePollutingAssignmentFlow::PathNode sink where PrototypePollutingAssignmentFlow::flowPath(source, sink) and + not isIgnoredLibraryFlow(source.getNode(), sink.getNode()) and source.getNode() instanceof HeuristicSource select sink, source, sink, "This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@.", From f94aa2ceec53d4533cf9f3fb30ff8e2c455cd58d Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 12 Mar 2024 14:41:11 +0100 Subject: [PATCH 156/223] Update javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll --- .../ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index 8323bc23314f..60a139f6f1eb 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -50,7 +50,7 @@ private module Cached { // We have read steps out of the await operand, so it technically needs a post-update e = any(AwaitExpr a).getOperand() or e = any(Function f) or // functions are passed as their own self-reference argument - // RHS of a setter call is an argument, so it needs a post-update node + // The RHS of an assignment can be an argument to a setter-call, so it needs a post-update node e = any(Assignment asn | asn.getTarget() instanceof PropAccess).getRhs() } or TConstructorThisArgumentNode(InvokeExpr e) { e instanceof NewExpr or e instanceof SuperCall } or From 28fc8ba0c19ad945ae31b4f26e5e96a9539f3e5e Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 12 Mar 2024 14:59:04 +0100 Subject: [PATCH 157/223] JS: Remove EmptyType --- .../javascript/dataflow/internal/DataFlowPrivate.qll | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 3f3bc38e3d46..1970163794dd 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -140,11 +140,6 @@ class OutNode extends DataFlow::Node { OutNode getAnOutNode(DataFlowCall call, ReturnKind kind) { result = getAnOutNodeImpl(call, kind) } -/** - * Base class for classes that should be empty. - */ -abstract private class EmptyType extends DataFlow::Node { } - cached predicate postUpdatePair(Node pre, Node post) { exists(AST::ValueNode expr | @@ -173,7 +168,9 @@ predicate postUpdatePair(Node pre, Node post) { VariableCaptureOutput::capturePostUpdateNode(getClosureNode(post), getClosureNode(pre)) } -class CastNode extends DataFlow::Node instanceof EmptyType { } +class CastNode extends DataFlow::Node { + CastNode() { none() } +} cached newtype TDataFlowCallable = From 76e0445af03cf2c6663f58931b47e21dfcada987 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 12 Mar 2024 15:08:59 +0100 Subject: [PATCH 158/223] JS: Be consistent about caching in PreCallGraphStep --- .../semmle/javascript/dataflow/internal/PreCallGraphStep.qll | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll index 0416dc99a020..01b109ba2762 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll @@ -46,6 +46,7 @@ class PreCallGraphStep extends Unit { } } +cached module PreCallGraphStep { /** * Holds if there is a step from `pred` to `succ`. @@ -83,6 +84,7 @@ module PreCallGraphStep { /** * Holds if there is a step from the `loadProp` property of `pred` to the `storeProp` property in `succ`. */ + cached predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp ) { @@ -129,6 +131,7 @@ class LegacyPreCallGraphStep extends Unit { } } +cached module LegacyPreCallGraphStep { /** * Holds if there is a step from `pred` to `succ`. @@ -166,6 +169,7 @@ module LegacyPreCallGraphStep { /** * Holds if there is a step from the `loadProp` property of `pred` to the `storeProp` property in `succ`. */ + cached predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp ) { From 5aafd33cec30c439898aae08a75858978ae27f47 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 12 Mar 2024 15:11:25 +0100 Subject: [PATCH 159/223] JS: Rename Arrays2 -> Arrays --- .../javascript/internal/flow_summaries/AllFlowSummaries.qll | 2 +- .../internal/flow_summaries/{Arrays2.qll => Arrays.qll} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename javascript/ql/lib/semmle/javascript/internal/flow_summaries/{Arrays2.qll => Arrays.qll} (100%) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 9ca967f73540..13cf48cb5a92 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -1,5 +1,5 @@ private import AmbiguousCoreMethods -private import Arrays2 +private import Arrays private import AsyncAwait private import ForOfLoops private import Generators diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll similarity index 100% rename from javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays2.qll rename to javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll From b3fad7a8dc029b5e9551daef3c832191d660a13a Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 12 Mar 2024 15:12:07 +0100 Subject: [PATCH 160/223] JS: Rename Iterators2 -> Iterators --- .../javascript/internal/flow_summaries/AllFlowSummaries.qll | 2 +- .../internal/flow_summaries/{Iterators2.qll => Iterators.qll} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename javascript/ql/lib/semmle/javascript/internal/flow_summaries/{Iterators2.qll => Iterators.qll} (100%) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 13cf48cb5a92..9fe734c90d88 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -3,7 +3,7 @@ private import Arrays private import AsyncAwait private import ForOfLoops private import Generators -private import Iterators2 +private import Iterators private import JsonStringify private import Maps2 private import Promises2 diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators.qll similarity index 100% rename from javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators2.qll rename to javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators.qll From e2f35652272973264a258cb1dfff0ce23b1d82fc Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 12 Mar 2024 21:14:29 +0100 Subject: [PATCH 161/223] JS: Rename Maps2 -> Maps --- .../javascript/internal/flow_summaries/AllFlowSummaries.qll | 2 +- .../javascript/internal/flow_summaries/{Maps2.qll => Maps.qll} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename javascript/ql/lib/semmle/javascript/internal/flow_summaries/{Maps2.qll => Maps.qll} (100%) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 9fe734c90d88..47c35d643d32 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -5,7 +5,7 @@ private import ForOfLoops private import Generators private import Iterators private import JsonStringify -private import Maps2 +private import Maps private import Promises2 private import Sets2 private import Strings2 diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll similarity index 100% rename from javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps2.qll rename to javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll From 433489478d3311ca0c3a58f98e35e9c2701c4610 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 12 Mar 2024 21:16:43 +0100 Subject: [PATCH 162/223] JS: Rename Promise2 -> Promise --- .../javascript/internal/flow_summaries/AllFlowSummaries.qll | 2 +- .../internal/flow_summaries/{Promises2.qll => Promises.qll} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename javascript/ql/lib/semmle/javascript/internal/flow_summaries/{Promises2.qll => Promises.qll} (100%) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 47c35d643d32..2d1c70f8c1d7 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -6,6 +6,6 @@ private import Generators private import Iterators private import JsonStringify private import Maps -private import Promises2 +private import Promises private import Sets2 private import Strings2 diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll similarity index 100% rename from javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises2.qll rename to javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll From 478dd25f3e06f6a16a126f6ebf919fc9990078e3 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 12 Mar 2024 21:17:29 +0100 Subject: [PATCH 163/223] JS: Rename Sets2 -> Sets --- .../javascript/internal/flow_summaries/AllFlowSummaries.qll | 2 +- .../javascript/internal/flow_summaries/{Sets2.qll => Sets.qll} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename javascript/ql/lib/semmle/javascript/internal/flow_summaries/{Sets2.qll => Sets.qll} (100%) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 2d1c70f8c1d7..03858c577316 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -7,5 +7,5 @@ private import Iterators private import JsonStringify private import Maps private import Promises -private import Sets2 +private import Sets private import Strings2 diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets.qll similarity index 100% rename from javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets2.qll rename to javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets.qll From 2c1aa08f793fbc5c971939bbbc6c821fa2ab297f Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 12 Mar 2024 21:18:14 +0100 Subject: [PATCH 164/223] JS: Rename Strings2 -> Strings --- .../javascript/internal/flow_summaries/AllFlowSummaries.qll | 2 +- .../internal/flow_summaries/{Strings2.qll => Strings.qll} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename javascript/ql/lib/semmle/javascript/internal/flow_summaries/{Strings2.qll => Strings.qll} (100%) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 03858c577316..d7eba4852db2 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -8,4 +8,4 @@ private import JsonStringify private import Maps private import Promises private import Sets -private import Strings2 +private import Strings diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings2.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll similarity index 100% rename from javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings2.qll rename to javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll From 13a8e0fbf0581cb97d21e71fdd34284705888b9e Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 08:54:06 +0100 Subject: [PATCH 165/223] JS: Add failing test for Promise.all() --- .../library-tests/TaintTracking/BasicTaintTracking.expected | 2 ++ javascript/ql/test/library-tests/TaintTracking/promise.js | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 50cc7e739462..70ea63077bc0 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -21,9 +21,11 @@ legacyDataFlowDifference | object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:23:14:23:20 | obj.foo | only flow with OLD data flow library | | object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | only flow with OLD data flow library | | promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | only flow with OLD data flow library | +| promise.js:43:20:43:27 | source() | promise.js:43:8:43:28 | Promise ... urce()) | only flow with OLD data flow library | | sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library | consistencyIssue | library-tests/TaintTracking/nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | +| library-tests/TaintTracking/promise.js:43 | expected an alert, but found none | NOT OK | Consistency | | library-tests/TaintTracking/stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | library-tests/TaintTracking/stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | flow diff --git a/javascript/ql/test/library-tests/TaintTracking/promise.js b/javascript/ql/test/library-tests/TaintTracking/promise.js index 84c972f4d686..6401cd971a2c 100644 --- a/javascript/ql/test/library-tests/TaintTracking/promise.js +++ b/javascript/ql/test/library-tests/TaintTracking/promise.js @@ -38,3 +38,7 @@ function exceptionThroughThen2() { sink(e); // NOT OK }) } + +function promiseAllTaint() { + sink(Promise.all(source())); // NOT OK +} From 858c79e3959e3c758f3ae7f5762b9be5baaf10b7 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 08:57:42 +0100 Subject: [PATCH 166/223] JS: Add plain taint step through Promise.all() --- .../semmle/javascript/internal/flow_summaries/Promises.qll | 4 ++++ .../library-tests/TaintTracking/BasicTaintTracking.expected | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll index 9a2a79e8a0ae..fb2f05f17b79 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll @@ -228,6 +228,10 @@ private class PromiseAll extends SummarizedCallable { preservesValue = true and input = "Argument[0].ArrayElement.WithAwaited[error]" and output = "ReturnValue" + or + preservesValue = false and + input = "Argument[0]" and + output = "ReturnValue" } } diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 70ea63077bc0..41c60235be27 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -21,11 +21,9 @@ legacyDataFlowDifference | object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:23:14:23:20 | obj.foo | only flow with OLD data flow library | | object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | only flow with OLD data flow library | | promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | only flow with OLD data flow library | -| promise.js:43:20:43:27 | source() | promise.js:43:8:43:28 | Promise ... urce()) | only flow with OLD data flow library | | sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library | consistencyIssue | library-tests/TaintTracking/nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | -| library-tests/TaintTracking/promise.js:43 | expected an alert, but found none | NOT OK | Consistency | | library-tests/TaintTracking/stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | library-tests/TaintTracking/stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | flow @@ -225,6 +223,7 @@ flow | promise.js:10:24:10:31 | source() | promise.js:10:8:10:32 | Promise ... urce()) | | promise.js:18:22:18:29 | source() | promise.js:24:10:24:10 | e | | promise.js:33:21:33:28 | source() | promise.js:38:10:38:10 | e | +| promise.js:43:20:43:27 | source() | promise.js:43:8:43:28 | Promise ... urce()) | | rxjs.js:3:1:3:8 | source() | rxjs.js:10:14:10:17 | data | | rxjs.js:13:1:13:8 | source() | rxjs.js:17:23:17:23 | x | | rxjs.js:13:1:13:8 | source() | rxjs.js:18:23:18:23 | x | From 4043bc13ab7c61e21efb94eb949cb44032fe8bc5 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 09:19:03 +0100 Subject: [PATCH 167/223] JS: Explicit mark comment as a TODO --- .../ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll index 57d4fb69340b..c80bee19aaa7 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll @@ -82,7 +82,7 @@ class MapGet extends SummarizedCallable { MapGet() { this = "Map#get" } override DataFlow::MethodCallNode getACallSimple() { - none() and // Disabled for now - need MaD syntax for known map values + none() and // TODO: Disabled for now - need MaD syntax for known map values result.getMethodName() = "get" and result.getNumArgument() = 1 } @@ -108,7 +108,7 @@ class MapSet extends SummarizedCallable { output = "ReturnValue" or preservesValue = true and - none() and // Disabled for now - need MaD syntax for known map values + none() and // TODO: Disabled for now - need MaD syntax for known map values ( input = "Argument[0]" and output = "Argument[this].MapKey" From e66f27cfe3c302a58d7b3c9c1a9bb146ba56277c Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 09:19:26 +0100 Subject: [PATCH 168/223] JS: Move hasWildcardReplaceRegExp to a shared place --- .../ql/lib/semmle/javascript/StandardLibrary.qll | 9 +++++++++ .../lib/semmle/javascript/dataflow/TaintTracking.qll | 8 +------- .../javascript/internal/flow_summaries/Strings.qll | 10 ++-------- 3 files changed, 12 insertions(+), 15 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/StandardLibrary.qll b/javascript/ql/lib/semmle/javascript/StandardLibrary.qll index b40f10d93691..dc856fbab4bf 100644 --- a/javascript/ql/lib/semmle/javascript/StandardLibrary.qll +++ b/javascript/ql/lib/semmle/javascript/StandardLibrary.qll @@ -154,6 +154,15 @@ class StringReplaceCall extends DataFlow::MethodCallNode { new = ret.getStringValue() ) } + + /** + * Holds if this call takes a regexp containing a wildcard-like term such as `.`. + * + * Also see `RegExp::isWildcardLike`. + */ + final predicate hasRegExpContainingWildcard() { + RegExp::isWildcardLike(this.getRegExp().getRoot().getAChild*()) + } } /** diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 8e1964ac0e3a..2574660fbebb 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -424,7 +424,7 @@ module TaintTracking { // In and out of .replace callbacks exists(StringReplaceCall call | // Into the callback if the regexp does not sanitize matches - hasWildcardReplaceRegExp(call) and + call.hasRegExpContainingWildcard() and pred = call.getReceiver() and succ = call.getReplacementCallback().getParameter(0) or @@ -435,12 +435,6 @@ module TaintTracking { } } - /** Holds if the given call takes a regexp containing a wildcard. */ - pragma[noinline] - private predicate hasWildcardReplaceRegExp(StringReplaceCall call) { - RegExp::isWildcardLike(call.getRegExp().getRoot().getAChild*()) - } - /** * A taint propagating data flow edge arising from string formatting. */ diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll index cfa8688105ec..941b9a825c37 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll @@ -5,12 +5,6 @@ private import javascript private import semmle.javascript.dataflow.FlowSummary -/** Holds if the given call takes a regexp containing a wildcard. */ -pragma[noinline] -private predicate hasWildcardReplaceRegExp(StringReplaceCall call) { - RegExp::isWildcardLike(call.getRegExp().getRoot().getAChild*()) -} - /** * Summary for calls to `.replace` or `.replaceAll` (without a regexp pattern containing a wildcard). */ @@ -19,7 +13,7 @@ private class StringReplaceNoWildcard extends SummarizedCallable { this = "String#replace / String#replaceAll (without wildcard pattern)" } - override StringReplaceCall getACall() { not hasWildcardReplaceRegExp(result) } + override StringReplaceCall getACall() { not result.hasRegExpContainingWildcard() } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { preservesValue = false and @@ -43,7 +37,7 @@ private class StringReplaceWithWildcard extends SummarizedCallable { this = "String#replace / String#replaceAll (with wildcard pattern)" } - override StringReplaceCall getACall() { hasWildcardReplaceRegExp(result) } + override StringReplaceCall getACall() { result.hasRegExpContainingWildcard() } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { preservesValue = false and From 14e75be5103a394a5a409886e3d88076805c84fa Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 09:27:00 +0100 Subject: [PATCH 169/223] JS: Expand comments and synthetic node name in ForOfLoops --- .../internal/flow_summaries/ForOfLoops.qll | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll index 0efe77bcab88..1407ce7c79e5 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll @@ -10,8 +10,14 @@ private import semmle.javascript.dataflow.internal.DataFlowPrivate class ForOfLoopStep extends AdditionalFlowInternal { override predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) { // Intermediate nodes to convert (MapKey, MapValue) to a `[key, value]` array. + // + // For the loop `for (let lvalue of domain)` we generate the following steps: + // + // domain --- READ[MapKey] ---> synthetic node 1 --- STORE[0] ---> lvalue + // domain --- READ[MapValue] ---> synthetic node 2 --- STORE[1] ---> lvalue + // node instanceof ForOfStmt and - tag = ["map-key", "map-value"] and + tag = ["for-of-map-key", "for-of-map-value"] and container.asSourceCallable() = node.getContainer() } @@ -27,10 +33,10 @@ class ForOfLoopStep extends AdditionalFlowInternal { succ = DataFlow::lvalueNode(stmt.getLValue()) or contents = DataFlow::ContentSet::mapKey() and - succ = getSynthesizedNode(stmt, "map-key") + succ = getSynthesizedNode(stmt, "for-of-map-key") or contents = DataFlow::ContentSet::mapValueAll() and - succ = getSynthesizedNode(stmt, "map-value") + succ = getSynthesizedNode(stmt, "for-of-map-value") or contents = DataFlow::ContentSet::iteratorError() and succ = stmt.getIterationDomain().getExceptionTarget() @@ -41,10 +47,10 @@ class ForOfLoopStep extends AdditionalFlowInternal { DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ ) { exists(ForOfStmt stmt | - pred = getSynthesizedNode(stmt, "map-key") and + pred = getSynthesizedNode(stmt, "for-of-map-key") and contents.asArrayIndex() = 0 or - pred = getSynthesizedNode(stmt, "map-value") and + pred = getSynthesizedNode(stmt, "for-of-map-value") and contents.asArrayIndex() = 1 | succ = DataFlow::lvalueNode(stmt.getLValue()) From e6401540480508e715aa7bb272884a9c5672ef51 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 10:54:02 +0100 Subject: [PATCH 170/223] JS: Be backwards compatible with AdditionalBarrierGuardNode I've confirmed that the 'legacyBarrier' predicate does not occur in the DIL --- .../dataflow/internal/DataFlowPrivate.qll | 25 ++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 1970163794dd..2bcad7d9f1a7 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -8,6 +8,7 @@ private import semmle.javascript.dataflow.internal.VariableCapture private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon private import semmle.javascript.internal.flow_summaries.AllFlowSummaries private import sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.BarrierGuards private class Node = DataFlow::Node; @@ -730,18 +731,36 @@ private predicate sameContainerAsEnclosingContainer(Node node, Function fun) { node.getContainer() = fun.getEnclosingContainer() } +private class BarrierGuardAdapter extends DataFlow::Node instanceof DataFlow::AdditionalBarrierGuardNode +{ + // Note: avoid depending on DataFlow::FlowLabel here as it will cause these barriers to be re-evaluated + predicate blocksExpr(boolean outcome, Expr e) { super.blocks(outcome, e) } +} + +/** + * Holds if `node` should be a barrier in all data flow configurations due to custom subclasses + * of `AdditionalBarrierGuardNode`. + * + * The standard library contains no subclasses of that class; this is for backwards compatibility only. + */ +pragma[nomagic] +private predicate legacyBarrier(DataFlow::Node node) { + node = MakeBarrierGuard::getABarrierNode() +} + /** - * Holds if `node` should be removed from the local data flow graph, but the node - * still exists for use by the legacy data flow library. + * Holds if `node` should be removed from the local data flow graph, for compatibility with legacy code. */ pragma[nomagic] -private predicate isBlockedLegacyNode(TCapturedVariableNode node) { +private predicate isBlockedLegacyNode(Node node) { // Ignore captured variable nodes for those variables that are handled by the captured-variable library. // Note that some variables, such as top-level variables, are still modelled with these nodes (which will result in jump steps). exists(LocalVariable variable | node = TCapturedVariableNode(variable) and variable instanceof VariableCaptureConfig::CapturedVariable ) + or + legacyBarrier(node) } /** From fce2be0af30a473c146fe5903a9294d541c1a63f Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 11:02:09 +0100 Subject: [PATCH 171/223] JS: Use BarrierGuardLegacy in TaintedPath --- .../dataflow/TaintedPathCustomizations.qll | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll index 77227841c42d..d4deb186b09e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll @@ -44,10 +44,10 @@ module TaintedPath { } /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ - abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { - override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + abstract class BarrierGuardLegacy extends BarrierGuard, DataFlow::BarrierGuardNode { + override predicate blocks(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { this.blocksExpr(outcome, e, label) } } @@ -366,7 +366,7 @@ module TaintedPath { * * This is relevant for paths that are known to be normalized. */ - class StartsWithDotDotSanitizer extends BarrierGuard instanceof StringOps::StartsWith { + class StartsWithDotDotSanitizer extends BarrierGuardLegacy instanceof StringOps::StartsWith { StartsWithDotDotSanitizer() { isDotDotSlashPrefix(super.getSubstring()) } override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { @@ -386,7 +386,7 @@ module TaintedPath { /** * A check of the form `whitelist.includes(x)` or equivalent, which sanitizes `x` in its "then" branch. */ - class MembershipTestBarrierGuard extends BarrierGuard { + class MembershipTestBarrierGuard extends BarrierGuardLegacy { MembershipCandidate candidate; MembershipTestBarrierGuard() { this = candidate.getTest() } @@ -401,7 +401,7 @@ module TaintedPath { * A check of form `x.startsWith(dir)` that sanitizes normalized absolute paths, since it is then * known to be in a subdirectory of `dir`. */ - class StartsWithDirSanitizer extends BarrierGuard { + class StartsWithDirSanitizer extends BarrierGuardLegacy { StringOps::StartsWith startsWith; StartsWithDirSanitizer() { @@ -425,7 +425,7 @@ module TaintedPath { * A call to `path.isAbsolute` as a sanitizer for relative paths in true branch, * and a sanitizer for absolute paths in the false branch. */ - class IsAbsoluteSanitizer extends BarrierGuard { + class IsAbsoluteSanitizer extends BarrierGuardLegacy { DataFlow::Node operand; boolean polarity; boolean negatable; @@ -461,7 +461,7 @@ module TaintedPath { /** * An expression of form `x.includes("..")` or similar. */ - class ContainsDotDotSanitizer extends BarrierGuard instanceof StringOps::Includes { + class ContainsDotDotSanitizer extends BarrierGuardLegacy instanceof StringOps::Includes { ContainsDotDotSanitizer() { isDotDotSlashPrefix(super.getSubstring()) } override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { @@ -474,7 +474,7 @@ module TaintedPath { /** * An expression of form `x.matches(/\.\./)` or similar. */ - class ContainsDotDotRegExpSanitizer extends BarrierGuard instanceof StringOps::RegExpTest { + class ContainsDotDotRegExpSanitizer extends BarrierGuardLegacy instanceof StringOps::RegExpTest { ContainsDotDotRegExpSanitizer() { super.getRegExp().getAMatchedString() = [".", "..", "../"] } override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { @@ -505,7 +505,7 @@ module TaintedPath { * } * ``` */ - class RelativePathStartsWithSanitizer extends BarrierGuard { + class RelativePathStartsWithSanitizer extends BarrierGuardLegacy { StringOps::StartsWith startsWith; DataFlow::CallNode pathCall; string member; @@ -563,7 +563,7 @@ module TaintedPath { * An expression of form `isInside(x, y)` or similar, where `isInside` is * a library check for the relation between `x` and `y`. */ - class IsInsideCheckSanitizer extends BarrierGuard { + class IsInsideCheckSanitizer extends BarrierGuardLegacy { DataFlow::Node checked; boolean onlyNormalizedAbsolutePaths; From e0aae53ac7dcb5342cc9bb8dbff9b294a3b167ae Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 11:05:23 +0100 Subject: [PATCH 172/223] JS: Remove unnecessary BarrierGuardLegacy class --- .../javascript/security/dataflow/StoredXssCustomizations.qll | 5 ----- 1 file changed, 5 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll index b0de349a53d8..412332b54115 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll @@ -31,11 +31,6 @@ module StoredXss { predicate blocksExpr(boolean outcome, Expr e) { none() } } - /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ - abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { - override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } - } - /** An arbitrary XSS sink, considered as a flow sink for stored XSS. */ private class AnySink extends Sink { AnySink() { this instanceof Shared::Sink } From b31f20a64e61177fc07304ed1740be29b53b925f Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 11:08:25 +0100 Subject: [PATCH 173/223] JS: Explain why ObjetWrapperFlowLabel is deprecated --- .../dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll index b05190e4b7a5..2af00bdac2a3 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll @@ -39,7 +39,12 @@ module ExternalAPIUsedWithUntrustedDataConfig implements DataFlow::ConfigSig { module ExternalAPIUsedWithUntrustedDataFlow = TaintTracking::Global; -/** Flow label for objects from which a tainted value is reachable. */ +/** + * Flow label for objects from which a tainted value is reachable. + * + * Only used by the legacy data-flow configuration, as the new data flow configuration + * uses `allowImplicitRead` to achieve this instead. + */ deprecated private class ObjectWrapperFlowLabel extends DataFlow::FlowLabel { ObjectWrapperFlowLabel() { this = "object-wrapper" } } From 11983faccfa3ba06083216748cde92dee7a4915d Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 11:26:56 +0100 Subject: [PATCH 174/223] JS: Remove out-commented code --- .../javascript/security/dataflow/FileAccessToHttpQuery.qll | 2 -- 1 file changed, 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll index 7f3d2c5f3419..6b713af340a0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll @@ -22,8 +22,6 @@ module FileAccessToHttpConfig implements DataFlow::ConfigSig { predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { isSink(node) and - // or - // node = any(DataFlow::MethodCallNode call | call.getMethodName() = "stringify").getAnArgument() contents = DataFlow::ContentSet::anyProperty() } } From 0a2050bc42c68caf058d402a5300613fb6280731 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 11:27:18 +0100 Subject: [PATCH 175/223] JS: Deduplicate predicate in HostHeaderPoisoningQuery --- .../HostHeaderPoisoningInEmailGenerationQuery.qll | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll index 889500668029..acc2eacec07b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll @@ -30,14 +30,7 @@ module HostHeaderPoisoningFlow = TaintTracking::Global Date: Wed, 13 Mar 2024 11:30:52 +0100 Subject: [PATCH 176/223] JS: Add comment about allowImplicitRead in PostMessageStar --- .../semmle/javascript/security/dataflow/PostMessageStarQuery.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll index c267c9df8e09..5fde270041e4 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll @@ -34,6 +34,7 @@ module PostMessageStarConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // If an object leaks, all of its properties have leaked isSink(node) and contents = DataFlow::ContentSet::anyProperty() } } From ea4bc9cdbbddd4ab1016c34e3b824a86f13e1502 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 12:26:56 +0100 Subject: [PATCH 177/223] JS: Comment about manually applying taint steps --- .../security/dataflow/SecondOrderCommandInjectionQuery.qll | 2 ++ .../security/dataflow/TemplateObjectInjectionQuery.qll | 2 ++ 2 files changed, 4 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll index 86045d167f15..1fab45843a94 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll @@ -43,6 +43,8 @@ module SecondOrderCommandInjectionConfig implements DataFlow::StateConfigSig { ) { TaintedObject::step(src, trg, inlbl, outlbl) or + // We're not using a taint-tracking config because taint steps would then apply to all flow states. + // So we use a plain data flow config and manually add the default taint steps. inlbl.isTaint() and TaintTracking::defaultTaintStep(src, trg) and inlbl = outlbl diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll index 0d3c76578105..1a4f02be601f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll @@ -39,6 +39,8 @@ module TemplateObjectInjectionConfig implements DataFlow::StateConfigSig { ) { TaintedObject::step(src, trg, inlbl, outlbl) or + // We're not using a taint-tracking config because taint steps would then apply to all flow states. + // So we use a plain data flow config and manually add the default taint steps. inlbl.isTaint() and TaintTracking::defaultTaintStep(src, trg) and inlbl = outlbl From fa8933eb415e02c8f3a8a37f25569bb74510a0f4 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 12:29:56 +0100 Subject: [PATCH 178/223] JS: Reduce duplication in UnsafeDynamicMethodAccessQuery --- .../UnsafeDynamicMethodAccessQuery.qll | 38 +++++++------------ 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll index 556204375df9..1d1098f87e17 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll @@ -43,7 +43,7 @@ module UnsafeDynamicMethodAccessConfig implements DataFlow::StateConfigSig { label.isTaint() } - predicate isAdditionalFlowStep( + additional predicate additionalFlowStep( DataFlow::Node src, DataFlow::FlowLabel srclabel, DataFlow::Node dst, DataFlow::FlowLabel dstlabel ) { @@ -64,7 +64,16 @@ module UnsafeDynamicMethodAccessConfig implements DataFlow::StateConfigSig { srclabel.isTaint() and dstlabel = unsafeFunction() ) + } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel srclabel, DataFlow::Node dst, + DataFlow::FlowLabel dstlabel + ) { + additionalFlowStep(src, srclabel, dst, dstlabel) or + // We're not using a taint-tracking config because taint steps would then apply to all flow states. + // So we use a plain data flow config and manually add the default taint steps. srclabel.isTaint() and TaintTracking::defaultTaintStep(src, dst) and srclabel = dstlabel @@ -83,20 +92,17 @@ deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeDynamicMethodAccess" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getFlowLabel() = label + UnsafeDynamicMethodAccessConfig::isSource(source, label) } override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink.(Sink).getFlowLabel() = label + UnsafeDynamicMethodAccessConfig::isSink(sink, label) } override predicate isSanitizer(DataFlow::Node node) { super.isSanitizer(node) or - node instanceof Sanitizer - or - exists(StringConcatenation::getOperand(node, _)) and - not StringConcatenation::isCoercion(node) + UnsafeDynamicMethodAccessConfig::isBarrier(node) } /** @@ -110,22 +116,6 @@ deprecated class Configuration extends TaintTracking::Configuration { DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, DataFlow::FlowLabel dstlabel ) { - // Reading a property of the global object or of a function - exists(DataFlow::PropRead read | - this.hasUnsafeMethods(read.getBase().getALocalSource()) and - src = read.getPropertyNameExpr().flow() and - dst = read and - srclabel.isTaint() and - dstlabel = unsafeFunction() - ) - or - // Reading a chain of properties from any object with a prototype can lead to Function - exists(PropertyProjection proj | - not PropertyInjection::isPrototypeLessObject(proj.getObject().getALocalSource()) and - src = proj.getASelector() and - dst = proj and - srclabel.isTaint() and - dstlabel = unsafeFunction() - ) + UnsafeDynamicMethodAccessConfig::additionalFlowStep(src, srclabel, dst, dstlabel) } } From 97567f412e5d33ac1d0915b6d3e893a400337178 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 14:53:00 +0100 Subject: [PATCH 179/223] JS: Update VariableCapture.qll after changes to API --- .../semmle/javascript/dataflow/internal/VariableCapture.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll index 1b1f50b9ecd1..5e5ebacbf6bd 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll @@ -3,7 +3,7 @@ private import semmle.javascript.dataflow.internal.DataFlowNode private import codeql.dataflow.VariableCapture private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon -module VariableCaptureConfig implements InputSig { +module VariableCaptureConfig implements InputSig { private js::Function getLambdaFromVariable(js::LocalVariable variable) { result.getVariable() = variable or @@ -261,7 +261,7 @@ module VariableCaptureConfig implements InputSig { predicate exitBlock(BasicBlock bb) { bb.getLastNode() instanceof js::ControlFlowExitNode } } -module VariableCaptureOutput = Flow; +module VariableCaptureOutput = Flow; js::DataFlow::Node getNodeFromClosureNode(VariableCaptureOutput::ClosureNode node) { result = TValueNode(node.(VariableCaptureOutput::ExprNode).getExpr()) From bb1f729a3f463de7ef603907f61cb9fded6810f8 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 15:16:37 +0100 Subject: [PATCH 180/223] Update VariableCapture.qll --- .../lib/semmle/javascript/dataflow/internal/VariableCapture.qll | 2 -- 1 file changed, 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll index 5e5ebacbf6bd..8cb83930f4f0 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll @@ -130,8 +130,6 @@ module VariableCaptureConfig implements InputSig { Callable getEnclosingCallable() { result = this.getContainer().getFunctionBoundary() } } - class Location = js::Location; - class Callable extends js::StmtContainer { predicate isConstructor() { // TODO: clarify exactly what the library wants to know here as the meaning of "constructor" varies between languages. From e5bc8db2f07e4e2f03999599c7c790a7b7b8f1b3 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 15:17:08 +0100 Subject: [PATCH 181/223] JS: Fix conflicting default for visbleImplInCallContext --- .../javascript/dataflow/internal/sharedlib/DataFlowArg.qll | 2 ++ 1 file changed, 2 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll index 6422dca52dd2..fda3d94c4c9b 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll @@ -12,6 +12,8 @@ module JSDataFlow implements SharedDataFlow::InputSig { predicate neverSkipInPathGraph = Private::neverSkipInPathGraph/1; predicate accessPathLimit = Private::accessPathLimit/0; + + predicate viableImplInCallContext = Private::viableImplInCallContext/2; } module JSTaintFlow implements SharedTaintTracking::InputSig { From 82abd867a029e9e059216424c1ef17a883ac74c5 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 15:17:58 +0100 Subject: [PATCH 182/223] JS: Update uses of AccessPathSyntax This doesn't yet migrate to the FlowSummaryImpl.qll in a qlpack, just trying to make things compile first --- .../javascript/dataflow/internal/Contents.qll | 6 ++--- .../dataflow/internal/FlowSummaryPrivate.qll | 8 +++--- .../internal/sharedlib/FlowSummaryImpl.qll | 26 +++++++++---------- 3 files changed, 19 insertions(+), 21 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll index 5c87d3c0a512..6c6272e6e324 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll @@ -1,5 +1,5 @@ private import javascript -private import semmle.javascript.frameworks.data.internal.AccessPathSyntax as AccessPathSyntax +private import semmle.javascript.frameworks.data.internal.ApiGraphModels as ApiGraphModels module Private { import Public @@ -25,7 +25,7 @@ module Private { call.getArgument(0).getStringValue() = key ) or - exists(AccessPathSyntax::AccessPathToken token | + exists(ApiGraphModels::AccessPathToken token | token.getName() = "MapValue" and token.getAnArgument() = key ) @@ -47,7 +47,7 @@ module Private { or this = getAPreciseArrayIndex().toString() or - exists(AccessPathSyntax::AccessPathToken tok | + exists(ApiGraphModels::AccessPathToken tok | tok.getName() = "Member" and this = tok.getAnArgument() ) } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index e838281f0bdc..58ab67ec8a7d 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -9,7 +9,7 @@ private import semmle.javascript.dataflow.FlowSummary as FlowSummary private import sharedlib.DataFlowImplCommon private import sharedlib.FlowSummaryImpl::Private as Private private import sharedlib.FlowSummaryImpl::Public -import semmle.javascript.frameworks.data.internal.AccessPathSyntax as AccessPathSyntax +private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax private class Node = DataFlow::Node; @@ -147,7 +147,7 @@ private predicate desugaredPositionName(ParameterPosition pos, string operand) { operand = "any" and pos.asPositionalLowerBound() = 0 or - pos.asPositional() = AccessPathSyntax::AccessPath::parseInt(operand) // parse closed intervals + pos.asPositional() = AccessPathSyntax::parseInt(operand) // parse closed intervals } bindingset[operand] @@ -186,7 +186,7 @@ SummaryComponent interpretComponentSpecific(Private::AccessPathToken c) { result = makePropertyContentComponents(c, "ArrayElement", n.toString()) or // ArrayElement[n..] refers to index n or greater - n = AccessPathSyntax::AccessPath::parseLowerBound(c.getAnArgument()) and + n = AccessPathSyntax::parseLowerBound(c.getAnArgument()) and result = makeContentComponents(c, "ArrayElement", ContentSet::arrayElementLowerBoundFromInt(n)) ) or @@ -355,7 +355,7 @@ ArgumentPosition parseParamBody(string s) { or s = "function" and result.isFunctionSelfReference() or - result.asPositional() = AccessPathSyntax::AccessPath::parseInt(s) + result.asPositional() = AccessPathSyntax::parseInt(s) } /** Gets the parameter position obtained by parsing `X` in `Argument[X]`. */ diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll index 0aa17c521b43..7bbb1abe2f9f 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll @@ -340,7 +340,7 @@ module Public { */ module Private { private import Public - import AccessPathSyntax + private import codeql.dataflow.internal.AccessPathSyntax newtype TSummaryComponent = TContentSummaryComponent(ContentSet c) or @@ -1037,23 +1037,21 @@ module Private { } } + /** Holds if `spec` is a relevant external specification. */ + private predicate relevantSpec(string spec) { + summaryElement(_, spec, _, _, _) or + summaryElement(_, _, spec, _, _) or + sourceElement(_, spec, _, _) or + sinkElement(_, spec, _, _) + } + + import AccessPath + /** * Provides a means of translating externally (e.g., MaD) defined flow * summaries into a `SummarizedCallable`s. */ module External { - /** Holds if `spec` is a relevant external specification. */ - private predicate relevantSpec(string spec) { - summaryElement(_, spec, _, _, _) or - summaryElement(_, _, spec, _, _) or - sourceElement(_, spec, _, _) or - sinkElement(_, spec, _, _) - } - - private class AccessPathRange extends AccessPath::Range { - AccessPathRange() { relevantSpec(this) } - } - /** Holds if specification component `token` parses as parameter `pos`. */ predicate parseParam(AccessPathToken token, ArgumentPosition pos) { token.getName() = "Parameter" and @@ -1184,7 +1182,7 @@ module Private { predicate invalidIndexComponent(AccessPath spec, AccessPathToken part) { part = spec.getToken(_) and part.getName() = ["Parameter", "Argument"] and - AccessPath::parseInt(part.getArgumentList()) < 0 + parseInt(part.getArgumentList()) < 0 } private predicate inputNeedsReference(AccessPathToken c) { From 8ecdb5cefe9cd08d22275f4eba62f920403b695c Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 15:24:20 +0100 Subject: [PATCH 183/223] Update VariableCapture.qll --- .../semmle/javascript/dataflow/internal/VariableCapture.qll | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll index 8cb83930f4f0..4e8aa233eb22 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll @@ -185,7 +185,7 @@ module VariableCaptureConfig implements InputSig { string toString() { none() } // Overridden in subclass - Location getLocation() { none() } // Overridden in subclass + js::Location getLocation() { none() } // Overridden in subclass predicate hasCfgNode(BasicBlock bb, int i) { none() } // Overridden in subclass @@ -203,7 +203,7 @@ module VariableCaptureConfig implements InputSig { override string toString() { result = pattern.toString() } /** Gets the location of this write. */ - override Location getLocation() { result = pattern.getLocation() } + override js::Location getLocation() { result = pattern.getLocation() } override js::DataFlow::Node getSource() { // Note: there is not always an expression corresponding to the RHS of the assignment. @@ -239,7 +239,7 @@ module VariableCaptureConfig implements InputSig { override string toString() { result = "[implicit init] " + variable } - override Location getLocation() { result = variable.getLocation() } + override js::Location getLocation() { result = variable.getLocation() } override CapturedVariable getVariable() { result = variable } From ddf6eb3a045875316b81b4f3d475ab4057e2390c Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 15:24:53 +0100 Subject: [PATCH 184/223] JS: Quick fix to make DeduplicatePathGraph compile There's an open PR for this where a real fix should be written --- shared/dataflow/codeql/dataflow/DataFlow.qll | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 5ef4ffbb36a3..97d6ef7a1b04 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -935,11 +935,15 @@ module DataFlowMake { exists(getAPathNode(node, toString)) } + private predicate edgesProj(InputPathNode node1, InputPathNode node2) { + Graph::edges(node2, node1, _, _) + } + private module Pass1 = - MakeDiscriminatorPass; + MakeDiscriminatorPass; private predicate edgesRev(InputPathNode node1, InputPathNode node2) { - Graph::edges(node2, node1) + Graph::edges(node2, node1, _, _) } private predicate subpathsRev( @@ -1009,8 +1013,9 @@ module DataFlowMake { Graph::nodes(node.getAnOriginalPathNode(), key, val) } - query predicate edges(PathNode node1, PathNode node2) { - Graph::edges(node1.getAnOriginalPathNode(), node2.getAnOriginalPathNode()) + query predicate edges(PathNode node1, PathNode node2, string key, string val) { + // TODO: ensure deduplication preserves key/val sequence? + Graph::edges(node1.getAnOriginalPathNode(), node2.getAnOriginalPathNode(), key, val) } query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) { From eff5f3b7d6d6a354370e2d404ce5fd38b1477c49 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 13 Mar 2024 20:43:44 +0100 Subject: [PATCH 185/223] JS: Remove duplicate dependency from qlpack.yml --- javascript/ql/lib/qlpack.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index da79517156fe..ef3ca7521aca 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -12,7 +12,6 @@ dependencies: codeql/tutorial: ${workspace} codeql/util: ${workspace} codeql/yaml: ${workspace} - codeql/dataflow: ${workspace} dataExtensions: - semmle/javascript/frameworks/**/model.yml warnOnImplicitThis: true From 711a08b0d4b6c7cf17e65dd6f9d2de42e080e144 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 15 Mar 2024 09:26:19 +0100 Subject: [PATCH 186/223] JS: Add TODO about switching to the shared library --- .../javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll index 7bbb1abe2f9f..6671fc229bc8 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll @@ -12,6 +12,7 @@ private import DataFlowImplSpecific::Public private import DataFlowImplCommon private import codeql.util.Unit +// TODO: switch to the shared implementation of FlowSummaryImpl.qll /** Provides classes and predicates for defining flow summaries. */ module Public { private import Private From 2de9af2236c1acaa02c1aa91db7f024ae42c0706 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 6 May 2024 10:09:20 +0200 Subject: [PATCH 187/223] JS: Update to getLocation() in DeduplicatePathGraph --- shared/dataflow/codeql/dataflow/DataFlow.qll | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 33fd249cb648..ce7814c1c745 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -1004,19 +1004,8 @@ module DataFlowMake Lang> { result = this.asPreservedNode().toString() or this = TCollapsedPathNode(_, result) } - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getAnOriginalPathNode() - .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + /** Gets the location of this node. */ + Location getLocation() { result = this.getAnOriginalPathNode().getLocation() } /** Gets the corresponding data-flow node. */ Node getNode() { From 19f14622f3450041b64d7736d190a56baa04fe16 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 6 May 2024 10:11:49 +0200 Subject: [PATCH 188/223] JS: Update use of Locations --- .../semmle/javascript/dataflow/DataFlow.qll | 26 +++---------------- .../dataflow/internal/DataFlowPrivate.qll | 12 +-------- .../dataflow/internal/VariableCapture.qll | 10 +++---- .../dataflow/internal/sharedlib/DataFlow.qll | 3 ++- .../internal/sharedlib/DataFlowArg.qll | 5 ++-- .../internal/sharedlib/DataFlowImpl.qll | 3 ++- .../internal/sharedlib/DataFlowImplCommon.qll | 3 ++- .../internal/sharedlib/TaintTracking.qll | 3 ++- 8 files changed, 21 insertions(+), 44 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index 5726c0b30a2a..a80b2e79ff9c 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -1056,11 +1056,7 @@ module DataFlow { override StmtContainer getContainer() { result = expr.getContainer() } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - expr.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Location getLocation() { result = expr.getLocation() } } /** @@ -1075,13 +1071,7 @@ module DataFlow { override StmtContainer getContainer() { result = constructor } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - constructor - .getLocation() - .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Location getLocation() { result = constructor.getLocation() } } /** @@ -1403,11 +1393,7 @@ module DataFlow { override string toString() { result = "[function self-reference] " + function.toString() } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - function.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Location getLocation() { result = function.getLocation() } } /** @@ -1423,11 +1409,7 @@ module DataFlow { override StmtContainer getContainer() { result = expr.getContainer() } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - expr.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Location getLocation() { result = expr.getLocation() } override string toString() { result = "[post update] " + expr.toString() } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 2bcad7d9f1a7..d19e265a2b4e 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -59,12 +59,6 @@ class CaptureNode extends DataFlow::Node, TSynthCaptureNode { cached private Location getLocation() { result = this.getNode().getLocation() } - - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } } class GenericSynthesizedNode extends DataFlow::Node, TGenericSynthesizedNode { @@ -78,11 +72,7 @@ class GenericSynthesizedNode extends DataFlow::Node, TGenericSynthesizedNode { override string toString() { result = "[synthetic node] " + tag } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - node.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Location getLocation() { result = node.getLocation() } string getTag() { result = tag } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll index 4e8aa233eb22..f170b99e8924 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll @@ -3,7 +3,7 @@ private import semmle.javascript.dataflow.internal.DataFlowNode private import codeql.dataflow.VariableCapture private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon -module VariableCaptureConfig implements InputSig { +module VariableCaptureConfig implements InputSig { private js::Function getLambdaFromVariable(js::LocalVariable variable) { result.getVariable() = variable or @@ -185,7 +185,7 @@ module VariableCaptureConfig implements InputSig { string toString() { none() } // Overridden in subclass - js::Location getLocation() { none() } // Overridden in subclass + js::DbLocation getLocation() { none() } // Overridden in subclass predicate hasCfgNode(BasicBlock bb, int i) { none() } // Overridden in subclass @@ -203,7 +203,7 @@ module VariableCaptureConfig implements InputSig { override string toString() { result = pattern.toString() } /** Gets the location of this write. */ - override js::Location getLocation() { result = pattern.getLocation() } + override js::DbLocation getLocation() { result = pattern.getLocation() } override js::DataFlow::Node getSource() { // Note: there is not always an expression corresponding to the RHS of the assignment. @@ -239,7 +239,7 @@ module VariableCaptureConfig implements InputSig { override string toString() { result = "[implicit init] " + variable } - override js::Location getLocation() { result = variable.getLocation() } + override js::DbLocation getLocation() { result = variable.getLocation() } override CapturedVariable getVariable() { result = variable } @@ -259,7 +259,7 @@ module VariableCaptureConfig implements InputSig { predicate exitBlock(BasicBlock bb) { bb.getLastNode() instanceof js::ControlFlowExitNode } } -module VariableCaptureOutput = Flow; +module VariableCaptureOutput = Flow; js::DataFlow::Node getNodeFromClosureNode(VariableCaptureOutput::ClosureNode node) { result = TValueNode(node.(VariableCaptureOutput::ExprNode).getExpr()) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll index fda541f1d31f..a9148af94acc 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll @@ -1,4 +1,5 @@ +private import semmle.javascript.Locations private import codeql.dataflow.DataFlow private import DataFlowArg -import DataFlowMake +import DataFlowMake import DataFlowImplSpecific::Public diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll index fda3d94c4c9b..4b102e76ec4e 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll @@ -1,8 +1,9 @@ +private import semmle.javascript.Locations private import DataFlowImplSpecific private import codeql.dataflow.DataFlow as SharedDataFlow private import codeql.dataflow.TaintTracking as SharedTaintTracking -module JSDataFlow implements SharedDataFlow::InputSig { +module JSDataFlow implements SharedDataFlow::InputSig { import Private import Public @@ -16,6 +17,6 @@ module JSDataFlow implements SharedDataFlow::InputSig { predicate viableImplInCallContext = Private::viableImplInCallContext/2; } -module JSTaintFlow implements SharedTaintTracking::InputSig { +module JSTaintFlow implements SharedTaintTracking::InputSig { import semmle.javascript.dataflow.internal.TaintTrackingPrivate } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll index 1b888d53859d..3ddcb693f540 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll @@ -1,3 +1,4 @@ +private import semmle.javascript.Locations private import codeql.dataflow.internal.DataFlowImpl private import DataFlowArg -import MakeImpl +import MakeImpl diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll index 8db21ff168fc..62188d47b809 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll @@ -1,3 +1,4 @@ +private import semmle.javascript.Locations private import DataFlowArg private import codeql.dataflow.internal.DataFlowImplCommon -import MakeImplCommon +import MakeImplCommon diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll index d5f3604202aa..bfa4c4de8c99 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll @@ -1,3 +1,4 @@ +private import semmle.javascript.Locations private import codeql.dataflow.TaintTracking private import DataFlowArg -import TaintFlowMake +import TaintFlowMake From 5a2260b4813c7e442b0d5ecbcd0f494ac3c0cdb5 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 6 May 2024 10:12:15 +0200 Subject: [PATCH 189/223] JS: Update to match changes to API --- .../javascript/dataflow/internal/DataFlowPrivate.qll | 12 +++++++++++- .../dataflow/internal/TaintTrackingPrivate.qll | 4 ++++ .../dataflow/internal/sharedlib/DataFlowArg.qll | 2 ++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index d19e265a2b4e..22d8a98861e7 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -10,6 +10,8 @@ private import semmle.javascript.internal.flow_summaries.AllFlowSummaries private import sharedlib.FlowSummaryImpl as FlowSummaryImpl private import semmle.javascript.dataflow.internal.BarrierGuards +class DataFlowSecondLevelScope = Unit; + private class Node = DataFlow::Node; class PostUpdateNode = DataFlow::PostUpdateNode; @@ -701,7 +703,7 @@ DataFlowCallable viableCallable(DataFlowCall node) { * Holds if the set of viable implementations that can be called by `call` * might be improved by knowing the call context. */ -predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c) { none() } +predicate mayBenefitFromCallContext(DataFlowCall call) { none() } /** * Gets a viable dispatch target of `call` in the context `ctx`. This is @@ -780,6 +782,14 @@ private predicate valuePreservingStep(Node node1, Node node2) { ) } +predicate knownSourceModel(Node sink, string model) { none() } + +predicate knownSinkModel(Node sink, string model) { none() } + +predicate simpleLocalFlowStep(Node node1, Node node2, string model) { + simpleLocalFlowStep(node1, node2) and model = "" +} + predicate simpleLocalFlowStep(Node node1, Node node2) { valuePreservingStep(node1, node2) and nodeGetEnclosingCallable(pragma[only_bind_out](node1)) = diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll index 03d82ad42ead..f60c4e0f5dbd 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll @@ -19,6 +19,10 @@ predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) ContentSet::arrayElement(), node2.(FlowSummaryNode).getSummaryNode()) } +predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2, string model) { + defaultAdditionalTaintStep(node1, node2) and model = "" // TODO: set model +} + private class SanitizerGuardAdapter extends DataFlow::Node instanceof TaintTracking::AdditionalSanitizerGuardNode { // Note: avoid depending on DataFlow::FlowLabel here as it will cause these barriers to be re-evaluated diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll index 4b102e76ec4e..e3a855063071 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll @@ -15,6 +15,8 @@ module JSDataFlow implements SharedDataFlow::InputSig { predicate accessPathLimit = Private::accessPathLimit/0; predicate viableImplInCallContext = Private::viableImplInCallContext/2; + + predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1; } module JSTaintFlow implements SharedTaintTracking::InputSig { From 23d28fc098caa20a0eaa7d9ce3b676f5b3a8ef58 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 6 May 2024 13:50:40 +0200 Subject: [PATCH 190/223] Shared: add location for 'this' nodes --- shared/dataflow/codeql/dataflow/VariableCapture.qll | 2 ++ 1 file changed, 2 insertions(+) diff --git a/shared/dataflow/codeql/dataflow/VariableCapture.qll b/shared/dataflow/codeql/dataflow/VariableCapture.qll index 9fd385d44587..c48b46e8a7ba 100644 --- a/shared/dataflow/codeql/dataflow/VariableCapture.qll +++ b/shared/dataflow/codeql/dataflow/VariableCapture.qll @@ -645,6 +645,8 @@ module Flow Input> implements OutputSig Location getLocation() { exists(CapturedVariable v | this = TVariable(v) and result = v.getLocation()) + or + exists(Callable c | this = TThis(c) and result = c.getLocation()) } } From 536c115c1c130b3f1077efb7a2957f3f38f58cb5 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 6 May 2024 13:51:25 +0200 Subject: [PATCH 191/223] JS: Fix location override in CaptureNode --- .../lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 22d8a98861e7..54a6148993b1 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -60,7 +60,7 @@ class CaptureNode extends DataFlow::Node, TSynthCaptureNode { override string toString() { result = this.toStringInternal() } // cached in parent class cached - private Location getLocation() { result = this.getNode().getLocation() } + override Location getLocation() { result = this.getNode().getLocation() } } class GenericSynthesizedNode extends DataFlow::Node, TGenericSynthesizedNode { From f43a189f06623ccdf411162a45b53c7e0d93e9f2 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 6 May 2024 13:51:35 +0200 Subject: [PATCH 192/223] JS: Make CaptureNode.toString() more explicit --- .../lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 54a6148993b1..330b0a59038e 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -55,7 +55,7 @@ class CaptureNode extends DataFlow::Node, TSynthCaptureNode { override StmtContainer getContainer() { result = this.getNode().getEnclosingCallable() } cached - private string toStringInternal() { result = this.getNode().toString() } + private string toStringInternal() { result = this.getNode().toString() + " [capture node]" } override string toString() { result = this.toStringInternal() } // cached in parent class From 20df5adbaa7bd868a958b75ca2d31cd9b10278e1 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 25 Jun 2024 10:28:29 +0200 Subject: [PATCH 193/223] JS: Bugfix in DeduplicatePathGraph This was introduced after a quick fix to handle the addition of provenance. --- shared/dataflow/codeql/dataflow/DataFlow.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index ce7814c1c745..e110d65468ae 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -957,7 +957,7 @@ module DataFlowMake Lang> { } private predicate edgesProj(InputPathNode node1, InputPathNode node2) { - Graph::edges(node2, node1, _, _) + Graph::edges(node1, node2, _, _) } private module Pass1 = From bd3fccd1a8ed3b16af2d5e070d567b76d764af1b Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 25 Jun 2024 10:03:35 +0200 Subject: [PATCH 194/223] JS: Update test output with provenance column --- .../IndirectCommandInjection.expected | 222 +-- ...llCommandInjectionFromEnvironment.expected | 12 +- .../UnsafeShellCommandConstruction.expected | 280 ++-- .../UnsafeDynamicMethodAccess.expected | 52 +- .../Security/CWE-201/PostMessageStar.expected | 12 +- .../CWE-327/BrokenCryptoAlgorithm.expected | 6 +- .../CWE-338/InsecureRandomness.expected | 64 +- .../CWE-798/HardcodedCredentials.expected | 76 +- .../CWE-829/InsecureDownload.expected | 32 +- .../PrototypePollutingFunction.expected | 1388 ++++++++--------- 10 files changed, 1072 insertions(+), 1072 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected index 51c52e864498..1dd1715cdcc8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected @@ -1,115 +1,115 @@ edges -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e | -| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args | -| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:12:26:12:29 | args | -| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:14:18:14:21 | args | -| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | -| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | command-line-parameter-command-injection.js:10:6:10:33 | args | -| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | -| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | -| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | -| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | -| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | -| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:20:26:20:29 | arg0 | -| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | -| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | -| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args | -| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args | -| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | -| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:36:6:39:7 | args | command-line-parameter-command-injection.js:41:22:41:25 | args | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args | -| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:47:8:53:12 | args | command-line-parameter-command-injection.js:55:22:55:25 | args | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | command-line-parameter-command-injection.js:47:8:53:12 | args | -| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | -| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | -| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | -| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | -| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | -| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | -| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | -| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | -| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | -| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | -| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | -| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | -| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | -| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | -| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | -| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | command-line-parameter-command-injection.js:68:6:68:40 | taint3 | -| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | command-line-parameter-command-injection.js:69:22:69:27 | taint3 | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | -| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | -| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | command-line-parameter-command-injection.js:71:6:71:40 | taint4 | -| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | command-line-parameter-command-injection.js:72:22:72:27 | taint4 | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | -| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | -| command-line-parameter-command-injection.js:76:8:76:35 | argv | command-line-parameter-command-injection.js:79:31:79:34 | argv | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | command-line-parameter-command-injection.js:76:8:76:35 | argv | -| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | -| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | -| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | -| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | -| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | -| command-line-parameter-command-injection.js:88:6:88:37 | flags | command-line-parameter-command-injection.js:89:22:89:26 | flags | -| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | command-line-parameter-command-injection.js:88:6:88:37 | flags | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | -| command-line-parameter-command-injection.js:89:22:89:26 | flags | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:91:6:91:38 | flags | command-line-parameter-command-injection.js:92:22:92:26 | flags | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | -| command-line-parameter-command-injection.js:92:22:92:26 | flags | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:107:8:107:51 | options | command-line-parameter-command-injection.js:108:22:108:28 | options | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options | -| command-line-parameter-command-injection.js:108:22:108:28 | options | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:114:8:114:52 | cli | command-line-parameter-command-injection.js:116:22:116:24 | cli | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli | -| command-line-parameter-command-injection.js:116:22:116:24 | cli | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:122:6:122:46 | opts | command-line-parameter-command-injection.js:124:22:124:25 | opts | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts | -| command-line-parameter-command-injection.js:124:22:124:25 | opts | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:127:6:127:26 | opts | command-line-parameter-command-injection.js:129:22:129:25 | opts | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts | -| command-line-parameter-command-injection.js:129:22:129:25 | opts | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:133:8:133:41 | program | command-line-parameter-command-injection.js:137:22:137:28 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:28 | program | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | +| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | provenance | | +| actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e | provenance | | +| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | provenance | | +| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | provenance | | +| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:12:26:12:29 | args | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:14:18:14:21 | args | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | command-line-parameter-command-injection.js:10:6:10:33 | args | provenance | | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | provenance | | +| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | provenance | | +| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | provenance | | +| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | provenance | | +| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | provenance | | +| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | provenance | | +| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:20:26:20:29 | arg0 | provenance | | +| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | provenance | | +| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | provenance | | +| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args | provenance | | +| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args | provenance | | +| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args | provenance | | +| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | provenance | | +| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | provenance | | +| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | provenance | | +| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | provenance | | +| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | provenance | | +| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | provenance | | +| command-line-parameter-command-injection.js:36:6:39:7 | args | command-line-parameter-command-injection.js:41:22:41:25 | args | provenance | | +| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args | provenance | | +| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | provenance | | +| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | provenance | | +| command-line-parameter-command-injection.js:47:8:53:12 | args | command-line-parameter-command-injection.js:55:22:55:25 | args | provenance | | +| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | provenance | | +| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | command-line-parameter-command-injection.js:47:8:53:12 | args | provenance | | +| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | provenance | | +| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | provenance | | +| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | provenance | | +| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | provenance | | +| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | provenance | | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | provenance | | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | provenance | | +| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | provenance | | +| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | provenance | | +| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | provenance | | +| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | provenance | | +| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | provenance | | +| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | provenance | | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | provenance | | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | provenance | | +| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | provenance | | +| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | provenance | | +| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | provenance | | +| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | provenance | | +| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | command-line-parameter-command-injection.js:68:6:68:40 | taint3 | provenance | | +| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | command-line-parameter-command-injection.js:69:22:69:27 | taint3 | provenance | | +| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | provenance | | +| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | provenance | | +| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | command-line-parameter-command-injection.js:71:6:71:40 | taint4 | provenance | | +| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | command-line-parameter-command-injection.js:72:22:72:27 | taint4 | provenance | | +| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | provenance | | +| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | provenance | | +| command-line-parameter-command-injection.js:76:8:76:35 | argv | command-line-parameter-command-injection.js:79:31:79:34 | argv | provenance | | +| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | command-line-parameter-command-injection.js:76:8:76:35 | argv | provenance | | +| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | provenance | | +| command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | provenance | | +| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | provenance | | +| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | provenance | | +| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | provenance | | +| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | provenance | | +| command-line-parameter-command-injection.js:88:6:88:37 | flags | command-line-parameter-command-injection.js:89:22:89:26 | flags | provenance | | +| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | command-line-parameter-command-injection.js:88:6:88:37 | flags | provenance | | +| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | provenance | | +| command-line-parameter-command-injection.js:89:22:89:26 | flags | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | provenance | | +| command-line-parameter-command-injection.js:91:6:91:38 | flags | command-line-parameter-command-injection.js:92:22:92:26 | flags | provenance | | +| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | provenance | | +| command-line-parameter-command-injection.js:92:22:92:26 | flags | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | provenance | | +| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | provenance | | +| command-line-parameter-command-injection.js:107:8:107:51 | options | command-line-parameter-command-injection.js:108:22:108:28 | options | provenance | | +| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options | provenance | | +| command-line-parameter-command-injection.js:108:22:108:28 | options | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | provenance | | +| command-line-parameter-command-injection.js:114:8:114:52 | cli | command-line-parameter-command-injection.js:116:22:116:24 | cli | provenance | | +| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli | provenance | | +| command-line-parameter-command-injection.js:116:22:116:24 | cli | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | provenance | | +| command-line-parameter-command-injection.js:122:6:122:46 | opts | command-line-parameter-command-injection.js:124:22:124:25 | opts | provenance | | +| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts | provenance | | +| command-line-parameter-command-injection.js:124:22:124:25 | opts | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | provenance | | +| command-line-parameter-command-injection.js:127:6:127:26 | opts | command-line-parameter-command-injection.js:129:22:129:25 | opts | provenance | | +| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts | provenance | | +| command-line-parameter-command-injection.js:129:22:129:25 | opts | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | provenance | | +| command-line-parameter-command-injection.js:133:8:133:41 | program | command-line-parameter-command-injection.js:137:22:137:28 | program | provenance | | +| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program | provenance | | +| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:137:22:137:28 | program | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | provenance | | nodes | actions.js:4:6:4:16 | process.env | semmle.label | process.env | | actions.js:4:6:4:29 | process ... _DATA'] | semmle.label | process ... _DATA'] | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected index c231dc9d8854..046d83da0588 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected @@ -1,10 +1,10 @@ edges -| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | provenance | | nodes | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") | | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected index 4755cc2a0ae7..cf74ed305476 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected @@ -1,144 +1,144 @@ edges -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name | -| lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name | -| lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | lib/lib.js:181:6:181:52 | broken | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:239:28:239:28 | s | lib/lib.js:245:9:245:9 | s | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:251:27:251:30 | name | -| lib/lib.js:251:6:251:31 | cleaned | lib/lib.js:253:22:253:28 | cleaned | -| lib/lib.js:251:16:251:31 | cleanInput(name) | lib/lib.js:251:6:251:31 | cleaned | -| lib/lib.js:251:27:251:30 | name | lib/lib.js:239:28:239:28 | s | -| lib/lib.js:251:27:251:30 | name | lib/lib.js:251:16:251:31 | cleanInput(name) | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj | -| lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:26 | opts | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:279:19:279:22 | opts | -| lib/lib.js:277:23:277:26 | opts | lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | lib/lib.js:281:23:281:26 | this [opts, bla] | -| lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | -| lib/lib.js:279:19:279:22 | opts | lib/lib.js:279:19:279:26 | opts.bla | -| lib/lib.js:279:19:279:26 | opts.bla | lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | -| lib/lib.js:281:23:281:26 | this [opts, bla] | lib/lib.js:281:23:281:31 | this.opts [bla] | -| lib/lib.js:281:23:281:31 | this.opts [bla] | lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | -| lib/lib.js:339:39:339:39 | n | lib/lib.js:340:25:340:25 | n | -| lib/lib.js:340:25:340:25 | n | lib/lib.js:329:13:329:13 | x | -| lib/lib.js:340:25:340:25 | n | lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | -| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:426:2:426:4 | [post update] arr | lib/lib.js:425:6:425:13 | arr | -| lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | -| lib/lib.js:428:36:428:39 | name | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | -| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | -| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | -| lib/lib.js:432:6:432:13 | arr | lib/lib.js:437:9:437:11 | arr | -| lib/lib.js:436:10:436:12 | [post update] arr | lib/lib.js:432:6:432:13 | arr | -| lib/lib.js:436:19:436:22 | last | lib/lib.js:436:10:436:12 | [post update] arr | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | -| lib/lib.js:478:27:478:32 | config | lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:551:33:551:36 | args | lib/lib.js:552:23:552:26 | args | -| lib/lib.js:555:25:555:37 | ["-rf", name] | lib/lib.js:551:33:551:36 | args | -| lib/lib.js:555:33:555:36 | name | lib/lib.js:555:25:555:37 | ["-rf", name] | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/index.js:7:18:7:21 | name | -| lib/subLib4/index.js:7:18:7:21 | name | lib/subLib4/subsub.js:3:28:3:31 | name | -| lib/subLib4/subsub.js:3:28:3:31 | name | lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | +| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | provenance | | +| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | provenance | | +| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | provenance | | +| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | provenance | | +| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | provenance | | +| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | provenance | | +| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | provenance | | +| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | provenance | | +| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | provenance | | +| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | provenance | | +| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | provenance | | +| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | provenance | | +| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | provenance | | +| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name | provenance | | +| lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | provenance | | +| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | provenance | | +| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | provenance | | +| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | provenance | | +| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | provenance | | +| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | provenance | | +| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | provenance | | +| lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name | provenance | | +| lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken | provenance | | +| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | provenance | | +| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | provenance | | +| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | lib/lib.js:181:6:181:52 | broken | provenance | | +| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | provenance | | +| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | provenance | | +| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | provenance | | +| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | provenance | | +| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | provenance | | +| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | provenance | | +| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | provenance | | +| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | provenance | | +| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | provenance | | +| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | provenance | | +| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | provenance | | +| lib/lib.js:239:28:239:28 | s | lib/lib.js:245:9:245:9 | s | provenance | | +| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | provenance | | +| lib/lib.js:248:42:248:45 | name | lib/lib.js:251:27:251:30 | name | provenance | | +| lib/lib.js:251:6:251:31 | cleaned | lib/lib.js:253:22:253:28 | cleaned | provenance | | +| lib/lib.js:251:16:251:31 | cleanInput(name) | lib/lib.js:251:6:251:31 | cleaned | provenance | | +| lib/lib.js:251:27:251:30 | name | lib/lib.js:239:28:239:28 | s | provenance | | +| lib/lib.js:251:27:251:30 | name | lib/lib.js:251:16:251:31 | cleanInput(name) | provenance | | +| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | provenance | | +| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | provenance | | +| lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj | provenance | | +| lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version | provenance | | +| lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:26 | opts | provenance | | +| lib/lib.js:276:8:276:11 | opts | lib/lib.js:279:19:279:22 | opts | provenance | | +| lib/lib.js:277:23:277:26 | opts | lib/lib.js:277:23:277:30 | opts.bla | provenance | | +| lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | lib/lib.js:281:23:281:26 | this [opts, bla] | provenance | | +| lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | provenance | | +| lib/lib.js:279:19:279:22 | opts | lib/lib.js:279:19:279:26 | opts.bla | provenance | | +| lib/lib.js:279:19:279:26 | opts.bla | lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | provenance | | +| lib/lib.js:281:23:281:26 | this [opts, bla] | lib/lib.js:281:23:281:31 | this.opts [bla] | provenance | | +| lib/lib.js:281:23:281:31 | this.opts [bla] | lib/lib.js:281:23:281:35 | this.opts.bla | provenance | | +| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | provenance | | +| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | provenance | | +| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | provenance | | +| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | provenance | | +| lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | provenance | | +| lib/lib.js:339:39:339:39 | n | lib/lib.js:340:25:340:25 | n | provenance | | +| lib/lib.js:340:25:340:25 | n | lib/lib.js:329:13:329:13 | x | provenance | | +| lib/lib.js:340:25:340:25 | n | lib/lib.js:340:22:340:26 | id(n) | provenance | | +| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | provenance | | +| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | provenance | | +| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | provenance | | +| lib/lib.js:426:2:426:4 | [post update] arr | lib/lib.js:425:6:425:13 | arr | provenance | | +| lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr | provenance | | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | provenance | | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | provenance | | +| lib/lib.js:428:36:428:39 | name | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | provenance | | +| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | provenance | | +| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | provenance | | +| lib/lib.js:432:6:432:13 | arr | lib/lib.js:437:9:437:11 | arr | provenance | | +| lib/lib.js:436:10:436:12 | [post update] arr | lib/lib.js:432:6:432:13 | arr | provenance | | +| lib/lib.js:436:19:436:22 | last | lib/lib.js:436:10:436:12 | [post update] arr | provenance | | +| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | provenance | | +| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | provenance | | +| lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | provenance | | +| lib/lib.js:478:27:478:32 | config | lib/lib.js:478:27:478:46 | config.installedPath | provenance | | +| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | provenance | | +| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | provenance | | +| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | provenance | | +| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | provenance | | +| lib/lib.js:551:33:551:36 | args | lib/lib.js:552:23:552:26 | args | provenance | | +| lib/lib.js:555:25:555:37 | ["-rf", name] | lib/lib.js:551:33:551:36 | args | provenance | | +| lib/lib.js:555:33:555:36 | name | lib/lib.js:555:25:555:37 | ["-rf", name] | provenance | | +| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | provenance | | +| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | provenance | | +| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | provenance | | +| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | provenance | | +| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | provenance | | +| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | provenance | | +| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | provenance | | +| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | provenance | | +| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | provenance | | +| lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/index.js:7:18:7:21 | name | provenance | | +| lib/subLib4/index.js:7:18:7:21 | name | lib/subLib4/subsub.js:3:28:3:31 | name | provenance | | +| lib/subLib4/subsub.js:3:28:3:31 | name | lib/subLib4/subsub.js:4:22:4:25 | name | provenance | | +| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | provenance | | +| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | provenance | | +| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | provenance | | +| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | provenance | | nodes | lib/isImported.js:5:49:5:52 | name | semmle.label | name | | lib/isImported.js:6:22:6:25 | name | semmle.label | name | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected b/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected index 4a5f9141a993..f5bbd2e9a7ba 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected @@ -1,30 +1,30 @@ edges -| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | -| example.js:10:9:10:37 | message | example.js:13:12:13:18 | message | -| example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message | -| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data | -| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) | -| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name | -| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | -| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | -| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | -| tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message | -| tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message | -| tst.js:4:9:4:37 | message | tst.js:11:7:11:13 | message | -| tst.js:4:9:4:37 | message | tst.js:21:17:21:23 | message | -| tst.js:4:19:4:37 | JSON.parse(ev.data) | tst.js:4:9:4:37 | message | -| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data | -| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) | -| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name | -| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | -| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name | -| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | -| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name | -| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | -| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | -| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name | -| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name | +| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | provenance | | +| example.js:10:9:10:37 | message | example.js:13:12:13:18 | message | provenance | | +| example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message | provenance | | +| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data | provenance | | +| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) | provenance | | +| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name | provenance | | +| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | provenance | | +| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | provenance | | +| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | provenance | | +| tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message | provenance | | +| tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message | provenance | | +| tst.js:4:9:4:37 | message | tst.js:11:7:11:13 | message | provenance | | +| tst.js:4:9:4:37 | message | tst.js:21:17:21:23 | message | provenance | | +| tst.js:4:19:4:37 | JSON.parse(ev.data) | tst.js:4:9:4:37 | message | provenance | | +| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data | provenance | | +| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) | provenance | | +| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name | provenance | | +| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | provenance | | +| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name | provenance | | +| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | provenance | | +| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name | provenance | | +| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | provenance | | +| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | provenance | | +| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | provenance | | +| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name | provenance | | +| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name | provenance | | nodes | example.js:9:37:9:38 | ev | semmle.label | ev | | example.js:10:9:10:37 | message | semmle.label | message | diff --git a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected index c5a5a9ac2067..c6c416c93e03 100644 --- a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected +++ b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected @@ -1,10 +1,10 @@ edges -| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:8:29:8:32 | data [foo] | -| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:9:29:9:32 | data [foo] | -| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:4:7:4:15 | data [foo] | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | -| PostMessageStar2.js:8:29:8:32 | data [foo] | PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:9:29:9:32 | data [foo] | PostMessageStar2.js:9:29:9:36 | data.foo | +| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:8:29:8:32 | data [foo] | provenance | | +| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:9:29:9:32 | data [foo] | provenance | | +| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:4:7:4:15 | data [foo] | provenance | | +| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | provenance | | +| PostMessageStar2.js:8:29:8:32 | data [foo] | PostMessageStar2.js:8:29:8:32 | data | provenance | | +| PostMessageStar2.js:9:29:9:32 | data [foo] | PostMessageStar2.js:9:29:9:36 | data.foo | provenance | | nodes | PostMessageStar2.js:1:27:1:34 | password | semmle.label | password | | PostMessageStar2.js:4:7:4:15 | data [foo] | semmle.label | data [foo] | diff --git a/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected b/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected index ad32c9ea18ea..0b9cb0374515 100644 --- a/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected +++ b/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected @@ -1,7 +1,7 @@ edges -| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | -| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | -| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | +| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | provenance | | +| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | provenance | | +| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | provenance | | nodes | tst.js:3:5:3:24 | secretText | semmle.label | secretText | | tst.js:3:18:3:24 | trusted | semmle.label | trusted | diff --git a/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected b/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected index 8d4e9c108fbb..7337287c748f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected +++ b/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected @@ -1,36 +1,36 @@ edges -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix | -| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | -| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix | -| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | -| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand | -| tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand | -| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | -| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) | -| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | -| tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat | -| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() | -| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() | -| tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret | -| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | -| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | -| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | -| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | -| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | -| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | -| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | -| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | -| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | -| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] | -| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | -| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) | +| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | provenance | | +| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix | provenance | | +| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | provenance | | +| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix | provenance | | +| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | provenance | | +| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | provenance | | +| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | provenance | | +| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | provenance | | +| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | provenance | | +| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | provenance | | +| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand | provenance | | +| tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand | provenance | | +| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | provenance | | +| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) | provenance | | +| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | provenance | | +| tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat | provenance | | +| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() | provenance | | +| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() | provenance | | +| tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret | provenance | | +| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | provenance | | +| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | provenance | | +| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | provenance | | +| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | provenance | | +| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | provenance | | +| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | provenance | | +| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | provenance | | +| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | provenance | | +| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | provenance | | +| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | provenance | | +| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] | provenance | | +| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | provenance | | +| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) | provenance | | nodes | tst.js:2:20:2:32 | Math.random() | semmle.label | Math.random() | | tst.js:6:20:6:43 | "prefix ... andom() | semmle.label | "prefix ... andom() | diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected index a1806eb239f3..12f0b7bb5a71 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected @@ -1,42 +1,42 @@ edges -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:171:11:171:25 | USER | HardcodedCredentials.js:173:35:173:38 | USER | -| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:11:171:25 | USER | -| HardcodedCredentials.js:172:11:172:25 | PASS | HardcodedCredentials.js:173:43:173:46 | PASS | -| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:11:172:25 | PASS | -| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:178:39:178:42 | AUTH | -| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:188:39:188:42 | AUTH | -| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:195:46:195:49 | AUTH | -| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:204:44:204:47 | AUTH | -| HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | HardcodedCredentials.js:173:11:173:49 | AUTH | -| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | -| HardcodedCredentials.js:173:35:173:38 | USER | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:173:43:173:46 | PASS | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:178:39:178:42 | AUTH | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:188:39:188:42 | AUTH | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | -| HardcodedCredentials.js:214:11:214:25 | USER | HardcodedCredentials.js:216:35:216:38 | USER | -| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER | -| HardcodedCredentials.js:215:11:215:25 | PASS | HardcodedCredentials.js:216:43:216:46 | PASS | -| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS | -| HardcodedCredentials.js:216:11:216:49 | AUTH | HardcodedCredentials.js:221:46:221:49 | AUTH | -| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | HardcodedCredentials.js:216:11:216:49 | AUTH | -| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | -| HardcodedCredentials.js:216:35:216:38 | USER | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:216:43:216:46 | PASS | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:231:11:231:29 | username | HardcodedCredentials.js:237:47:237:54 | username | -| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username | -| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | -| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | -| HardcodedCredentials.js:237:47:237:54 | username | HardcodedCredentials.js:237:47:237:71 | usernam ... assword | -| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | -| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey | -| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey | -| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | -| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | -| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | +| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | provenance | | +| HardcodedCredentials.js:171:11:171:25 | USER | HardcodedCredentials.js:173:35:173:38 | USER | provenance | | +| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:11:171:25 | USER | provenance | | +| HardcodedCredentials.js:172:11:172:25 | PASS | HardcodedCredentials.js:173:43:173:46 | PASS | provenance | | +| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:11:172:25 | PASS | provenance | | +| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:178:39:178:42 | AUTH | provenance | | +| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:188:39:188:42 | AUTH | provenance | | +| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:195:46:195:49 | AUTH | provenance | | +| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:204:44:204:47 | AUTH | provenance | | +| HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | HardcodedCredentials.js:173:11:173:49 | AUTH | provenance | | +| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | provenance | | +| HardcodedCredentials.js:173:35:173:38 | USER | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | provenance | | +| HardcodedCredentials.js:173:43:173:46 | PASS | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | provenance | | +| HardcodedCredentials.js:178:39:178:42 | AUTH | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | provenance | | +| HardcodedCredentials.js:188:39:188:42 | AUTH | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | provenance | | +| HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | provenance | | +| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | provenance | | +| HardcodedCredentials.js:214:11:214:25 | USER | HardcodedCredentials.js:216:35:216:38 | USER | provenance | | +| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER | provenance | | +| HardcodedCredentials.js:215:11:215:25 | PASS | HardcodedCredentials.js:216:43:216:46 | PASS | provenance | | +| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS | provenance | | +| HardcodedCredentials.js:216:11:216:49 | AUTH | HardcodedCredentials.js:221:46:221:49 | AUTH | provenance | | +| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | HardcodedCredentials.js:216:11:216:49 | AUTH | provenance | | +| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | provenance | | +| HardcodedCredentials.js:216:35:216:38 | USER | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | provenance | | +| HardcodedCredentials.js:216:43:216:46 | PASS | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | provenance | | +| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | provenance | | +| HardcodedCredentials.js:231:11:231:29 | username | HardcodedCredentials.js:237:47:237:54 | username | provenance | | +| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username | provenance | | +| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | provenance | | +| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | provenance | | +| HardcodedCredentials.js:237:47:237:54 | username | HardcodedCredentials.js:237:47:237:71 | usernam ... assword | provenance | | +| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | provenance | | +| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey | provenance | | +| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey | provenance | | +| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | provenance | | +| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | provenance | | +| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | provenance | | nodes | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | semmle.label | 'dbuser' | | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | semmle.label | 'hgfedcba' | diff --git a/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected b/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected index 8e0f2f5af591..d697f55bdd79 100644 --- a/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected +++ b/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected @@ -22,22 +22,22 @@ nodes | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | semmle.label | "http:/ ... unsafe" | | insecure-download.js:52:11:52:45 | "http:/ ... nknown" | semmle.label | "http:/ ... nknown" | edges -| insecure-download.js:4:28:4:36 | installer [url] | insecure-download.js:5:16:5:24 | installer [url] | -| insecure-download.js:5:16:5:24 | installer [url] | insecure-download.js:5:16:5:28 | installer.url | -| insecure-download.js:7:9:11:5 | constants [buildTools, installerUrl] | insecure-download.js:13:28:13:36 | constants [buildTools, installerUrl] | -| insecure-download.js:7:21:11:5 | {\\n ... }\\n } [buildTools, installerUrl] | insecure-download.js:7:9:11:5 | constants [buildTools, installerUrl] | -| insecure-download.js:8:21:10:9 | {\\n ... } [installerUrl] | insecure-download.js:7:21:11:5 | {\\n ... }\\n } [buildTools, installerUrl] | -| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:8:21:10:9 | {\\n ... } [installerUrl] | -| insecure-download.js:13:15:13:47 | buildTools [installerUrl] | insecure-download.js:15:18:15:27 | buildTools [installerUrl] | -| insecure-download.js:13:28:13:36 | constants [buildTools, installerUrl] | insecure-download.js:13:28:13:47 | constants.buildTools [installerUrl] | -| insecure-download.js:13:28:13:47 | constants.buildTools [installerUrl] | insecure-download.js:13:15:13:47 | buildTools [installerUrl] | -| insecure-download.js:14:16:16:9 | {\\n ... } [url] | insecure-download.js:19:19:19:46 | getBuil ... rPath() [url] | -| insecure-download.js:15:18:15:27 | buildTools [installerUrl] | insecure-download.js:15:18:15:40 | buildTo ... llerUrl | -| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:14:16:16:9 | {\\n ... } [url] | -| insecure-download.js:19:19:19:46 | getBuil ... rPath() [url] | insecure-download.js:4:28:4:36 | installer [url] | -| insecure-download.js:36:9:36:45 | url | insecure-download.js:37:23:37:25 | url | -| insecure-download.js:36:9:36:45 | url | insecure-download.js:39:26:39:28 | url | -| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url | +| insecure-download.js:4:28:4:36 | installer [url] | insecure-download.js:5:16:5:24 | installer [url] | provenance | | +| insecure-download.js:5:16:5:24 | installer [url] | insecure-download.js:5:16:5:28 | installer.url | provenance | | +| insecure-download.js:7:9:11:5 | constants [buildTools, installerUrl] | insecure-download.js:13:28:13:36 | constants [buildTools, installerUrl] | provenance | | +| insecure-download.js:7:21:11:5 | {\\n ... }\\n } [buildTools, installerUrl] | insecure-download.js:7:9:11:5 | constants [buildTools, installerUrl] | provenance | | +| insecure-download.js:8:21:10:9 | {\\n ... } [installerUrl] | insecure-download.js:7:21:11:5 | {\\n ... }\\n } [buildTools, installerUrl] | provenance | | +| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:8:21:10:9 | {\\n ... } [installerUrl] | provenance | | +| insecure-download.js:13:15:13:47 | buildTools [installerUrl] | insecure-download.js:15:18:15:27 | buildTools [installerUrl] | provenance | | +| insecure-download.js:13:28:13:36 | constants [buildTools, installerUrl] | insecure-download.js:13:28:13:47 | constants.buildTools [installerUrl] | provenance | | +| insecure-download.js:13:28:13:47 | constants.buildTools [installerUrl] | insecure-download.js:13:15:13:47 | buildTools [installerUrl] | provenance | | +| insecure-download.js:14:16:16:9 | {\\n ... } [url] | insecure-download.js:19:19:19:46 | getBuil ... rPath() [url] | provenance | | +| insecure-download.js:15:18:15:27 | buildTools [installerUrl] | insecure-download.js:15:18:15:40 | buildTo ... llerUrl | provenance | | +| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:14:16:16:9 | {\\n ... } [url] | provenance | | +| insecure-download.js:19:19:19:46 | getBuil ... rPath() [url] | insecure-download.js:4:28:4:36 | installer [url] | provenance | | +| insecure-download.js:36:9:36:45 | url | insecure-download.js:37:23:37:25 | url | provenance | | +| insecure-download.js:36:9:36:45 | url | insecure-download.js:39:26:39:28 | url | provenance | | +| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url | provenance | | subpaths #select | insecure-download.js:5:16:5:28 | installer.url | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:5:16:5:28 | installer.url | $@ of sensitive file from $@. | insecure-download.js:5:9:5:44 | nugget( ... => { }) | Download | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | HTTP source | diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected index e9cf5fe90f6d..185775d7dac4 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected @@ -634,700 +634,700 @@ nodes | tests.js:605:40:605:50 | source[key] | semmle.label | source[key] | | tests.js:605:47:605:49 | key | semmle.label | key | edges -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:5:19:5:21 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:5:23:5:25 | key | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:29:5:31 | src | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:5:33:5:35 | key | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:13:29:13:31 | key | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | -| path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:13:22:13:27 | target | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | -| path-assignment.js:13:22:13:27 | target | path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:13:22:13:32 | target[key] | path-assignment.js:13:13:13:32 | target | -| path-assignment.js:13:29:13:31 | key | path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:39:42:41 | key | -| path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:32:42:37 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | -| path-assignment.js:42:32:42:37 | target | path-assignment.js:42:32:42:42 | target[key] | -| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:9:42:48 | target | -| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:39:42:41 | key | path-assignment.js:42:32:42:42 | target[key] | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:39:59:41 | key | -| path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:32:59:37 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | -| path-assignment.js:59:32:59:37 | target | path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:9:59:48 | target | -| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:39:59:41 | key | path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:39:69:41 | key | -| path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:32:69:37 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | -| path-assignment.js:69:32:69:37 | target | path-assignment.js:69:32:69:42 | target[key] | -| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:9:69:48 | target | -| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:39:69:41 | key | path-assignment.js:69:32:69:42 | target[key] | -| tests.js:3:25:3:27 | dst | tests.js:6:28:6:30 | dst | -| tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | -| tests.js:3:30:3:32 | src | tests.js:6:38:6:40 | src | -| tests.js:3:30:3:32 | src | tests.js:8:24:8:26 | src | -| tests.js:4:14:4:16 | key | tests.js:6:32:6:34 | key | -| tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | -| tests.js:6:28:6:30 | dst | tests.js:6:28:6:35 | dst[key] | -| tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | -| tests.js:6:32:6:34 | key | tests.js:6:28:6:35 | dst[key] | -| tests.js:6:38:6:40 | src | tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | -| tests.js:6:42:6:44 | key | tests.js:6:38:6:45 | src[key] | -| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | -| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | -| tests.js:13:24:13:26 | dst | tests.js:16:27:16:29 | dst | -| tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | -| tests.js:13:29:13:31 | src | tests.js:14:17:14:19 | src | -| tests.js:14:17:14:19 | src | tests.js:16:37:16:39 | src | -| tests.js:14:17:14:19 | src | tests.js:18:24:18:26 | src | -| tests.js:14:30:14:32 | key | tests.js:16:31:16:33 | key | -| tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | -| tests.js:16:27:16:29 | dst | tests.js:16:27:16:34 | dst[key] | -| tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | -| tests.js:16:31:16:33 | key | tests.js:16:27:16:34 | dst[key] | -| tests.js:16:37:16:39 | src | tests.js:16:37:16:44 | src[key] | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:41:16:43 | key | tests.js:16:37:16:44 | src[key] | -| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | -| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | -| tests.js:23:19:23:21 | dst | tests.js:26:25:26:27 | dst | -| tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | -| tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | -| tests.js:26:25:26:27 | dst | tests.js:31:22:31:24 | dst | -| tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | -| tests.js:26:37:26:39 | key | tests.js:26:30:26:40 | source[key] | -| tests.js:26:43:26:45 | key | tests.js:31:34:31:36 | key | -| tests.js:31:22:31:24 | dst | tests.js:32:20:32:22 | dst | -| tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | -| tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | -| tests.js:31:34:31:36 | key | tests.js:32:24:32:26 | key | -| tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | -| tests.js:32:9:32:27 | dstValue | tests.js:34:18:34:25 | dstValue | -| tests.js:32:20:32:22 | dst | tests.js:32:20:32:27 | dst[key] | -| tests.js:32:20:32:27 | dst[key] | tests.js:32:9:32:27 | dstValue | -| tests.js:32:24:32:26 | key | tests.js:32:20:32:27 | dst[key] | -| tests.js:34:18:34:25 | dstValue | tests.js:23:19:23:21 | dst | -| tests.js:40:27:40:29 | dst | tests.js:44:30:44:32 | dst | -| tests.js:40:27:40:29 | dst | tests.js:46:13:46:15 | dst | -| tests.js:40:32:40:34 | src | tests.js:44:40:44:42 | src | -| tests.js:40:32:40:34 | src | tests.js:46:24:46:26 | src | -| tests.js:41:14:41:16 | key | tests.js:44:34:44:36 | key | -| tests.js:41:14:41:16 | key | tests.js:44:44:44:46 | key | -| tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | -| tests.js:41:14:41:16 | key | tests.js:46:28:46:30 | key | -| tests.js:44:30:44:32 | dst | tests.js:44:30:44:37 | dst[key] | -| tests.js:44:30:44:37 | dst[key] | tests.js:40:27:40:29 | dst | -| tests.js:44:34:44:36 | key | tests.js:44:30:44:37 | dst[key] | -| tests.js:44:40:44:42 | src | tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | -| tests.js:44:44:44:46 | key | tests.js:44:40:44:47 | src[key] | -| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | -| tests.js:46:28:46:30 | key | tests.js:46:24:46:31 | src[key] | -| tests.js:51:26:51:28 | dst | tests.js:55:29:55:31 | dst | -| tests.js:51:26:51:28 | dst | tests.js:57:13:57:15 | dst | -| tests.js:51:31:51:33 | src | tests.js:55:39:55:41 | src | -| tests.js:51:31:51:33 | src | tests.js:57:24:57:26 | src | -| tests.js:52:14:52:16 | key | tests.js:55:33:55:35 | key | -| tests.js:52:14:52:16 | key | tests.js:55:43:55:45 | key | -| tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | -| tests.js:52:14:52:16 | key | tests.js:57:28:57:30 | key | -| tests.js:55:29:55:31 | dst | tests.js:55:29:55:36 | dst[key] | -| tests.js:55:29:55:36 | dst[key] | tests.js:51:26:51:28 | dst | -| tests.js:55:33:55:35 | key | tests.js:55:29:55:36 | dst[key] | -| tests.js:55:39:55:41 | src | tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | -| tests.js:55:43:55:45 | key | tests.js:55:39:55:46 | src[key] | -| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | -| tests.js:57:28:57:30 | key | tests.js:57:24:57:31 | src[key] | -| tests.js:62:33:62:35 | src | tests.js:66:41:66:43 | src | -| tests.js:62:33:62:35 | src | tests.js:68:24:68:26 | src | -| tests.js:66:41:66:43 | src | tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | -| tests.js:77:27:77:29 | src | tests.js:81:39:81:41 | src | -| tests.js:77:27:77:29 | src | tests.js:83:28:83:30 | src | -| tests.js:81:39:81:41 | src | tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | -| tests.js:89:34:89:36 | src | tests.js:94:42:94:44 | src | -| tests.js:89:34:89:36 | src | tests.js:96:24:96:26 | src | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | -| tests.js:94:42:94:44 | src | tests.js:94:42:94:49 | src[key] | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | -| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | -| tests.js:101:32:101:34 | dst | tests.js:107:35:107:37 | dst | -| tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | -| tests.js:101:37:101:39 | src | tests.js:107:45:107:47 | src | -| tests.js:101:37:101:39 | src | tests.js:109:24:109:26 | src | -| tests.js:102:14:102:16 | key | tests.js:107:39:107:41 | key | -| tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | -| tests.js:107:35:107:37 | dst | tests.js:107:35:107:42 | dst[key] | -| tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | -| tests.js:107:39:107:41 | key | tests.js:107:35:107:42 | dst[key] | -| tests.js:107:45:107:47 | src | tests.js:107:45:107:52 | src[key] | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:49:107:51 | key | tests.js:107:45:107:52 | src[key] | -| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | -| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | -| tests.js:116:41:116:43 | src | tests.js:119:49:119:51 | src | -| tests.js:116:41:116:43 | src | tests.js:121:24:121:26 | src | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | -| tests.js:119:49:119:51 | src | tests.js:119:49:119:56 | src[key] | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | -| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | -| tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | -| tests.js:149:36:149:38 | src | tests.js:154:24:154:26 | src | -| tests.js:150:14:150:16 | key | tests.js:152:32:152:34 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:28:154:30 | key | -| tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | -| tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | -| tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | -| tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | -| tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | -| tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | -| tests.js:160:31:160:33 | src | tests.js:149:36:149:38 | src | -| tests.js:160:37:160:39 | dst | tests.js:161:35:161:37 | dst | -| tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | -| tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | -| tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | -| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | -| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | -| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | -| tests.js:165:37:165:39 | src | tests.js:169:45:169:47 | src | -| tests.js:165:37:165:39 | src | tests.js:171:24:171:26 | src | -| tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | -| tests.js:169:45:169:47 | src | tests.js:169:45:169:52 | src[key] | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:49:169:51 | key | tests.js:169:45:169:52 | src[key] | -| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | -| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | -| tests.js:178:33:178:35 | src | tests.js:182:41:182:43 | src | -| tests.js:178:33:178:35 | src | tests.js:184:24:184:26 | src | -| tests.js:182:41:182:43 | src | tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | -| tests.js:189:32:189:34 | dst | tests.js:194:35:194:37 | dst | -| tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | -| tests.js:189:37:189:39 | src | tests.js:194:45:194:47 | src | -| tests.js:189:37:189:39 | src | tests.js:196:24:196:26 | src | -| tests.js:192:13:192:25 | key | tests.js:194:39:194:41 | key | -| tests.js:192:13:192:25 | key | tests.js:194:49:194:51 | key | -| tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | -| tests.js:192:13:192:25 | key | tests.js:196:28:196:30 | key | -| tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | -| tests.js:194:35:194:37 | dst | tests.js:194:35:194:42 | dst[key] | -| tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | -| tests.js:194:39:194:41 | key | tests.js:194:35:194:42 | dst[key] | -| tests.js:194:45:194:47 | src | tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:49:194:51 | key | tests.js:194:45:194:52 | src[key] | -| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | -| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | -| tests.js:201:39:201:41 | dst | tests.js:206:42:206:44 | dst | -| tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | -| tests.js:201:44:201:46 | src | tests.js:206:56:206:58 | src | -| tests.js:201:44:201:46 | src | tests.js:208:28:208:30 | src | -| tests.js:206:42:206:44 | dst | tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | -| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:56:206:58 | src | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:213:23:213:26 | key1 | tests.js:217:9:217:12 | key1 | -| tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | -| tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | -| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | -| tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | -| tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | -| tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | -| tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | -| tests.js:224:23:224:25 | key | tests.js:213:23:213:26 | key1 | -| tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:224:38:224:40 | key | tests.js:224:33:224:41 | data[key] | -| tests.js:225:28:225:30 | key | tests.js:213:29:213:32 | key2 | -| tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:225:38:225:40 | key | tests.js:225:33:225:41 | data[key] | -| tests.js:229:26:229:29 | key1 | tests.js:233:9:233:12 | key1 | -| tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | -| tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | -| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | -| tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | -| tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | -| tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | -| tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | -| tests.js:239:24:239:26 | key | tests.js:229:26:229:29 | key1 | -| tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:239:39:239:41 | key | tests.js:239:34:239:42 | data[key] | -| tests.js:240:31:240:33 | key | tests.js:229:32:229:35 | key2 | -| tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:240:41:240:43 | key | tests.js:240:36:240:44 | data[key] | -| tests.js:263:27:263:29 | dst | tests.js:268:30:268:32 | dst | -| tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | -| tests.js:265:13:265:26 | key | tests.js:268:34:268:36 | key | -| tests.js:265:13:265:26 | key | tests.js:270:17:270:19 | key | -| tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | -| tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | -| tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | -| tests.js:268:30:268:32 | dst | tests.js:268:30:268:37 | dst[key] | -| tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | -| tests.js:268:34:268:36 | key | tests.js:268:30:268:37 | dst[key] | -| tests.js:275:27:275:29 | dst | tests.js:278:30:278:32 | dst | -| tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | -| tests.js:275:32:275:34 | src | tests.js:276:21:276:23 | src | -| tests.js:276:21:276:23 | src | tests.js:278:40:278:42 | src | -| tests.js:276:21:276:23 | src | tests.js:280:24:280:26 | src | -| tests.js:276:34:276:36 | key | tests.js:278:34:278:36 | key | -| tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | -| tests.js:278:30:278:32 | dst | tests.js:278:30:278:37 | dst[key] | -| tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | -| tests.js:278:34:278:36 | key | tests.js:278:30:278:37 | dst[key] | -| tests.js:278:40:278:42 | src | tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | -| tests.js:278:44:278:46 | key | tests.js:278:40:278:47 | src[key] | -| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | -| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | -| tests.js:301:27:301:29 | dst | tests.js:306:34:306:36 | dst | -| tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | -| tests.js:301:32:301:34 | src | tests.js:304:25:304:27 | src | -| tests.js:302:14:302:16 | key | tests.js:304:29:304:31 | key | -| tests.js:302:14:302:16 | key | tests.js:306:38:306:40 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:304:17:304:32 | value | tests.js:306:44:306:48 | value | -| tests.js:304:17:304:32 | value | tests.js:306:44:306:48 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:25:304:27 | src | tests.js:304:25:304:32 | src[key] | -| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | -| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | -| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | -| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | -| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | -| tests.js:306:34:306:36 | dst | tests.js:306:34:306:41 | dst[key] | -| tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | -| tests.js:306:38:306:40 | key | tests.js:306:34:306:41 | dst[key] | -| tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | -| tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | -| tests.js:314:31:314:33 | dst | tests.js:320:38:320:40 | dst | -| tests.js:314:31:314:33 | dst | tests.js:322:17:322:19 | dst | -| tests.js:314:36:314:38 | src | tests.js:318:25:318:27 | src | -| tests.js:315:14:315:16 | key | tests.js:318:29:318:31 | key | -| tests.js:315:14:315:16 | key | tests.js:320:42:320:44 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:318:17:318:32 | value | tests.js:320:48:320:52 | value | -| tests.js:318:17:318:32 | value | tests.js:320:48:320:52 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:25:318:27 | src | tests.js:318:25:318:32 | src[key] | -| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | -| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | -| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | -| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | -| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | -| tests.js:320:38:320:40 | dst | tests.js:320:38:320:45 | dst[key] | -| tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | -| tests.js:320:42:320:44 | key | tests.js:320:38:320:45 | dst[key] | -| tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | -| tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | -| tests.js:328:25:328:27 | dst | tests.js:336:32:336:34 | dst | -| tests.js:328:25:328:27 | dst | tests.js:338:17:338:19 | dst | -| tests.js:328:30:328:32 | src | tests.js:336:42:336:44 | src | -| tests.js:328:30:328:32 | src | tests.js:338:28:338:30 | src | -| tests.js:329:14:329:16 | key | tests.js:336:36:336:38 | key | -| tests.js:329:14:329:16 | key | tests.js:336:46:336:48 | key | -| tests.js:329:14:329:16 | key | tests.js:338:21:338:23 | key | -| tests.js:329:14:329:16 | key | tests.js:338:32:338:34 | key | -| tests.js:336:32:336:34 | dst | tests.js:336:32:336:39 | dst[key] | -| tests.js:336:32:336:39 | dst[key] | tests.js:328:25:328:27 | dst | -| tests.js:336:36:336:38 | key | tests.js:336:32:336:39 | dst[key] | -| tests.js:336:42:336:44 | src | tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:336:46:336:48 | key | tests.js:336:42:336:49 | src[key] | -| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | -| tests.js:338:32:338:34 | key | tests.js:338:28:338:35 | src[key] | -| tests.js:348:32:348:37 | target | tests.js:349:26:349:31 | target | -| tests.js:348:32:348:37 | target | tests.js:361:12:361:17 | target | -| tests.js:348:40:348:45 | source | tests.js:349:54:349:59 | source | -| tests.js:348:40:348:45 | source | tests.js:350:21:350:26 | source | -| tests.js:349:26:349:31 | target | tests.js:355:17:355:22 | target | -| tests.js:349:26:349:31 | target | tests.js:355:53:355:58 | target | -| tests.js:349:26:349:31 | target | tests.js:357:17:357:22 | target | -| tests.js:349:26:349:31 | target | tests.js:361:12:361:17 | target | -| tests.js:349:54:349:59 | source | tests.js:350:21:350:26 | source | -| tests.js:350:21:350:26 | source | tests.js:355:66:355:71 | source | -| tests.js:350:21:350:26 | source | tests.js:357:31:357:36 | source | -| tests.js:350:37:350:39 | key | tests.js:355:24:355:26 | key | -| tests.js:350:37:350:39 | key | tests.js:355:60:355:62 | key | -| tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | -| tests.js:350:37:350:39 | key | tests.js:357:38:357:40 | key | -| tests.js:355:53:355:58 | target | tests.js:355:53:355:63 | target[key] | -| tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | -| tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:60:355:62 | key | tests.js:355:53:355:63 | target[key] | -| tests.js:355:66:355:71 | source | tests.js:355:66:355:76 | source[key] | -| tests.js:355:66:355:76 | source[key] | tests.js:348:40:348:45 | source | -| tests.js:357:31:357:36 | source | tests.js:357:31:357:41 | source[key] | -| tests.js:357:38:357:40 | key | tests.js:357:31:357:41 | source[key] | -| tests.js:364:41:364:46 | target | tests.js:377:12:377:17 | target | -| tests.js:364:49:364:54 | source | tests.js:371:75:371:80 | source | -| tests.js:364:49:364:54 | source | tests.js:373:31:373:36 | source | -| tests.js:366:18:366:20 | key | tests.js:371:24:371:26 | key | -| tests.js:366:18:366:20 | key | tests.js:371:69:371:71 | key | -| tests.js:366:18:366:20 | key | tests.js:373:24:373:26 | key | -| tests.js:366:18:366:20 | key | tests.js:373:38:373:40 | key | -| tests.js:371:62:371:72 | target[key] | tests.js:364:41:364:46 | target | -| tests.js:371:62:371:72 | target[key] | tests.js:371:31:371:95 | mergePl ... ptions) | -| tests.js:371:69:371:71 | key | tests.js:371:62:371:72 | target[key] | -| tests.js:371:75:371:80 | source | tests.js:371:75:371:85 | source[key] | -| tests.js:371:75:371:85 | source[key] | tests.js:364:49:364:54 | source | -| tests.js:373:31:373:36 | source | tests.js:373:31:373:41 | source[key] | -| tests.js:373:38:373:40 | key | tests.js:373:31:373:41 | source[key] | -| tests.js:380:22:380:24 | obj | tests.js:383:27:383:29 | obj | -| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | -| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | -| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | -| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | -| tests.js:380:27:380:34 | callback [src] | tests.js:383:13:383:20 | callback [src] | -| tests.js:381:14:381:16 | key | tests.js:383:22:383:24 | key | -| tests.js:381:14:381:16 | key | tests.js:383:31:383:33 | key | -| tests.js:383:13:383:20 | callback [dst] | tests.js:391:32:391:34 | dst | -| tests.js:383:13:383:20 | callback [dst] | tests.js:391:32:391:34 | dst | -| tests.js:383:13:383:20 | callback [dst] | tests.js:393:13:393:15 | dst | -| tests.js:383:13:383:20 | callback [dst] | tests.js:393:13:393:15 | dst | -| tests.js:383:13:383:20 | callback [dst] | tests.js:401:33:401:35 | dst | -| tests.js:383:13:383:20 | callback [dst] | tests.js:401:33:401:35 | dst | -| tests.js:383:13:383:20 | callback [dst] | tests.js:403:13:403:15 | dst | -| tests.js:383:13:383:20 | callback [dst] | tests.js:403:13:403:15 | dst | -| tests.js:383:13:383:20 | callback [src] | tests.js:391:42:391:44 | src | -| tests.js:383:13:383:20 | callback [src] | tests.js:393:24:393:26 | src | -| tests.js:383:22:383:24 | key | tests.js:389:22:389:24 | key | -| tests.js:383:22:383:24 | key | tests.js:399:23:399:25 | key | -| tests.js:383:27:383:29 | obj | tests.js:383:27:383:34 | obj[key] | -| tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | -| tests.js:383:31:383:33 | key | tests.js:383:27:383:34 | obj[key] | -| tests.js:388:29:388:31 | dst | tests.js:380:27:380:34 | callback [dst] | -| tests.js:388:29:388:31 | dst | tests.js:380:27:380:34 | callback [dst] | -| tests.js:388:29:388:31 | dst | tests.js:391:32:391:34 | dst | -| tests.js:388:29:388:31 | dst | tests.js:391:32:391:34 | dst | -| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | -| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | -| tests.js:388:34:388:36 | src | tests.js:389:17:389:19 | src | -| tests.js:389:17:389:19 | src | tests.js:380:27:380:34 | callback [src] | -| tests.js:389:17:389:19 | src | tests.js:391:42:391:44 | src | -| tests.js:389:17:389:19 | src | tests.js:393:24:393:26 | src | -| tests.js:389:22:389:24 | key | tests.js:391:36:391:38 | key | -| tests.js:389:22:389:24 | key | tests.js:391:46:391:48 | key | -| tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | -| tests.js:389:22:389:24 | key | tests.js:393:28:393:30 | key | -| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | -| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | -| tests.js:391:32:391:39 | dst[key] | tests.js:388:29:388:31 | dst | -| tests.js:391:32:391:39 | dst[key] | tests.js:388:29:388:31 | dst | -| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | -| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | -| tests.js:391:42:391:44 | src | tests.js:391:42:391:49 | src[key] | -| tests.js:391:42:391:49 | src[key] | tests.js:388:34:388:36 | src | -| tests.js:391:46:391:48 | key | tests.js:391:42:391:49 | src[key] | -| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | -| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | -| tests.js:398:30:398:32 | dst | tests.js:380:27:380:34 | callback [dst] | -| tests.js:398:30:398:32 | dst | tests.js:380:27:380:34 | callback [dst] | -| tests.js:398:30:398:32 | dst | tests.js:401:33:401:35 | dst | -| tests.js:398:30:398:32 | dst | tests.js:401:33:401:35 | dst | -| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | -| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | -| tests.js:398:35:398:37 | src | tests.js:399:17:399:19 | src | -| tests.js:399:17:399:19 | src | tests.js:380:22:380:24 | obj | -| tests.js:399:23:399:25 | key | tests.js:401:37:401:39 | key | -| tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | -| tests.js:399:28:399:32 | value | tests.js:401:43:401:47 | value | -| tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | -| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | -| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | -| tests.js:401:33:401:40 | dst[key] | tests.js:398:30:398:32 | dst | -| tests.js:401:33:401:40 | dst[key] | tests.js:398:30:398:32 | dst | -| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | -| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | -| tests.js:401:43:401:47 | value | tests.js:398:35:398:37 | src | -| tests.js:408:22:408:24 | obj | tests.js:409:12:409:14 | obj | -| tests.js:408:27:408:29 | key | tests.js:409:16:409:18 | key | -| tests.js:409:12:409:14 | obj | tests.js:409:12:409:19 | obj[key] | -| tests.js:409:16:409:18 | key | tests.js:409:12:409:19 | obj[key] | -| tests.js:412:31:412:33 | dst | tests.js:415:34:415:36 | dst | -| tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | -| tests.js:412:36:412:38 | src | tests.js:414:33:414:35 | src | -| tests.js:413:14:413:16 | key | tests.js:414:38:414:40 | key | -| tests.js:413:14:413:16 | key | tests.js:415:39:415:41 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:414:13:414:41 | value | tests.js:417:42:417:46 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:33:414:35 | src | tests.js:408:22:408:24 | obj | -| tests.js:414:33:414:35 | src | tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:38:414:40 | key | tests.js:408:27:408:29 | key | -| tests.js:414:38:414:40 | key | tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | -| tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | -| tests.js:415:34:415:36 | dst | tests.js:408:22:408:24 | obj | -| tests.js:415:34:415:36 | dst | tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:39:415:41 | key | tests.js:408:27:408:29 | key | -| tests.js:415:39:415:41 | key | tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | -| tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | -| tests.js:424:25:424:27 | obj | tests.js:426:12:426:14 | obj | -| tests.js:424:30:424:32 | key | tests.js:426:16:426:18 | key | -| tests.js:426:12:426:14 | obj | tests.js:426:12:426:19 | obj[key] | -| tests.js:426:16:426:18 | key | tests.js:426:12:426:19 | obj[key] | -| tests.js:429:34:429:36 | dst | tests.js:432:37:432:39 | dst | -| tests.js:429:34:429:36 | dst | tests.js:436:13:436:15 | dst | -| tests.js:429:39:429:41 | src | tests.js:431:36:431:38 | src | -| tests.js:430:14:430:16 | key | tests.js:431:41:431:43 | key | -| tests.js:430:14:430:16 | key | tests.js:432:42:432:44 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:431:13:431:44 | value | tests.js:434:45:434:49 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | -| tests.js:431:36:431:38 | src | tests.js:424:25:424:27 | obj | -| tests.js:431:36:431:38 | src | tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:41:431:43 | key | tests.js:424:30:424:32 | key | -| tests.js:431:41:431:43 | key | tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:432:13:432:45 | target | tests.js:434:37:434:42 | target | -| tests.js:432:22:432:45 | almostS ... t, key) | tests.js:432:13:432:45 | target | -| tests.js:432:37:432:39 | dst | tests.js:424:25:424:27 | obj | -| tests.js:432:37:432:39 | dst | tests.js:432:22:432:45 | almostS ... t, key) | -| tests.js:432:42:432:44 | key | tests.js:424:30:424:32 | key | -| tests.js:432:42:432:44 | key | tests.js:432:22:432:45 | almostS ... t, key) | -| tests.js:434:37:434:42 | target | tests.js:429:34:429:36 | dst | -| tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | -| tests.js:441:19:441:21 | obj | tests.js:443:12:443:14 | obj | -| tests.js:443:12:443:14 | obj | tests.js:443:12:443:19 | obj[key] | -| tests.js:446:33:446:35 | src | tests.js:448:30:448:32 | src | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:30:448:32 | src | tests.js:441:19:441:21 | obj | -| tests.js:448:30:448:32 | src | tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | -| tests.js:458:26:458:28 | dst | tests.js:462:29:462:31 | dst | -| tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:466:30:466:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:467:30:467:32 | dst | -| tests.js:458:31:458:33 | src | tests.js:460:12:460:14 | src | -| tests.js:460:12:460:14 | src | tests.js:462:39:462:41 | src | -| tests.js:460:12:460:14 | src | tests.js:465:41:465:43 | src | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:25:460:27 | key | tests.js:462:33:462:35 | key | -| tests.js:460:25:460:27 | key | tests.js:462:43:462:45 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:45:465:47 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:462:29:462:31 | dst | tests.js:462:29:462:36 | dst[key] | -| tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | -| tests.js:462:33:462:35 | key | tests.js:462:29:462:36 | dst[key] | -| tests.js:462:39:462:41 | src | tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | -| tests.js:462:43:462:45 | key | tests.js:462:39:462:46 | src[key] | -| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | -| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | -| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | -| tests.js:472:38:472:40 | dst | tests.js:475:41:475:43 | dst | -| tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:475:41:475:43 | dst | tests.js:475:41:475:48 | dst[key] | -| tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | -| tests.js:475:45:475:47 | key | tests.js:475:41:475:48 | dst[key] | -| tests.js:483:26:483:28 | dst | tests.js:487:29:487:31 | dst | -| tests.js:483:26:483:28 | dst | tests.js:489:13:489:15 | dst | -| tests.js:483:31:483:33 | src | tests.js:487:39:487:41 | src | -| tests.js:483:31:483:33 | src | tests.js:489:24:489:26 | src | -| tests.js:483:31:483:33 | src | tests.js:489:24:489:26 | src | -| tests.js:484:14:484:16 | key | tests.js:487:33:487:35 | key | -| tests.js:484:14:484:16 | key | tests.js:487:43:487:45 | key | -| tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | -| tests.js:484:14:484:16 | key | tests.js:489:28:489:30 | key | -| tests.js:487:29:487:31 | dst | tests.js:487:29:487:36 | dst[key] | -| tests.js:487:29:487:36 | dst[key] | tests.js:483:26:483:28 | dst | -| tests.js:487:33:487:35 | key | tests.js:487:29:487:36 | dst[key] | -| tests.js:487:39:487:41 | src | tests.js:487:39:487:46 | src[key] | -| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | -| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | -| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | -| tests.js:487:43:487:45 | key | tests.js:487:39:487:46 | src[key] | -| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | -| tests.js:489:28:489:30 | key | tests.js:489:24:489:31 | src[key] | -| tests.js:494:32:494:34 | src | tests.js:498:21:498:23 | src | -| tests.js:495:14:495:16 | key | tests.js:498:25:498:27 | key | -| tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | -| tests.js:498:13:498:28 | value | tests.js:500:38:500:42 | value | -| tests.js:498:13:498:28 | value | tests.js:500:38:500:42 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:21:498:23 | src | tests.js:498:21:498:28 | src[key] | -| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | -| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | -| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | -| tests.js:498:25:498:27 | key | tests.js:498:21:498:28 | src[key] | -| tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | -| tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | -| tests.js:508:30:508:32 | dst | tests.js:513:33:513:35 | dst | -| tests.js:508:30:508:32 | dst | tests.js:517:35:517:37 | dst | -| tests.js:508:35:508:37 | src | tests.js:513:43:513:45 | src | -| tests.js:508:35:508:37 | src | tests.js:516:32:516:34 | src | -| tests.js:511:13:511:25 | key | tests.js:513:37:513:39 | key | -| tests.js:511:13:511:25 | key | tests.js:513:47:513:49 | key | -| tests.js:511:13:511:25 | key | tests.js:516:36:516:38 | key | -| tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | -| tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | -| tests.js:513:33:513:35 | dst | tests.js:513:33:513:40 | dst[key] | -| tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | -| tests.js:513:37:513:39 | key | tests.js:513:33:513:40 | dst[key] | -| tests.js:513:43:513:45 | src | tests.js:513:43:513:50 | src[key] | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:47:513:49 | key | tests.js:513:43:513:50 | src[key] | -| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | -| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | -| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | -| tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | -| tests.js:534:36:534:43 | callback [dst] | tests.js:538:9:538:16 | callback [dst] | -| tests.js:538:9:538:16 | callback [dst] | tests.js:545:33:545:35 | dst | -| tests.js:538:9:538:16 | callback [dst] | tests.js:547:13:547:15 | dst | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:542:30:542:32 | dst | tests.js:534:36:534:43 | callback [dst] | -| tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:35:542:37 | src | tests.js:543:26:543:28 | src | -| tests.js:543:26:543:28 | src | tests.js:534:31:534:33 | obj | -| tests.js:543:32:543:34 | key | tests.js:545:37:545:39 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | -| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | -| tests.js:552:35:552:37 | src | tests.js:557:43:557:45 | src | -| tests.js:552:35:552:37 | src | tests.js:559:24:559:26 | src | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | -| tests.js:557:43:557:45 | src | tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | -| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | -| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | -| tests.js:564:35:564:37 | src | tests.js:569:43:569:45 | src | -| tests.js:564:35:564:37 | src | tests.js:571:24:571:26 | src | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | -| tests.js:569:43:569:45 | src | tests.js:569:43:569:50 | src[key] | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | -| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | -| tests.js:576:30:576:32 | src | tests.js:580:38:580:40 | src | -| tests.js:576:30:576:32 | src | tests.js:582:24:582:26 | src | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | -| tests.js:580:38:580:40 | src | tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | -| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | -| tests.js:591:25:591:27 | obj | tests.js:592:7:592:9 | obj | -| tests.js:591:25:591:27 | obj | tests.js:592:21:592:23 | obj | -| tests.js:592:7:592:9 | obj | tests.js:592:21:592:23 | obj | -| tests.js:592:7:592:9 | obj | tests.js:593:10:593:12 | obj | -| tests.js:592:21:592:23 | obj | tests.js:593:10:593:12 | obj | -| tests.js:600:31:600:34 | dest | tests.js:603:34:603:37 | dest | -| tests.js:600:31:600:34 | dest | tests.js:605:13:605:16 | dest | -| tests.js:600:37:600:42 | source | tests.js:603:45:603:50 | source | -| tests.js:600:37:600:42 | source | tests.js:605:40:605:45 | source | -| tests.js:601:16:601:18 | key | tests.js:603:39:603:41 | key | -| tests.js:601:16:601:18 | key | tests.js:603:52:603:54 | key | -| tests.js:601:16:601:18 | key | tests.js:605:18:605:20 | key | -| tests.js:601:16:601:18 | key | tests.js:605:47:605:49 | key | -| tests.js:603:34:603:37 | dest | tests.js:603:34:603:42 | dest[key] | -| tests.js:603:34:603:42 | dest[key] | tests.js:600:31:600:34 | dest | -| tests.js:603:39:603:41 | key | tests.js:603:34:603:42 | dest[key] | -| tests.js:603:45:603:50 | source | tests.js:603:45:603:55 | source[key] | -| tests.js:603:45:603:55 | source[key] | tests.js:600:37:600:42 | source | -| tests.js:603:52:603:54 | key | tests.js:603:45:603:55 | source[key] | -| tests.js:605:40:605:45 | source | tests.js:605:40:605:50 | source[key] | -| tests.js:605:40:605:50 | source[key] | tests.js:591:25:591:27 | obj | -| tests.js:605:40:605:50 | source[key] | tests.js:605:25:605:51 | capture ... e[key]) | -| tests.js:605:47:605:49 | key | tests.js:605:40:605:50 | source[key] | +| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:5:19:5:21 | dst | provenance | | +| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | provenance | | +| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:5:29:5:31 | src | provenance | | +| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:7:24:7:26 | src | provenance | | +| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:23:5:25 | key | provenance | | +| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | provenance | | +| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | provenance | | +| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | provenance | | +| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | provenance | | +| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | provenance | | +| examples/PrototypePollutingFunction.js:5:23:5:25 | key | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | provenance | | +| examples/PrototypePollutingFunction.js:5:29:5:31 | src | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | provenance | | +| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | provenance | | +| examples/PrototypePollutingFunction.js:5:33:5:35 | key | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | provenance | | +| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | provenance | | +| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | provenance | | +| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | provenance | | +| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | provenance | | +| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | provenance | | +| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | provenance | | +| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | provenance | | +| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | provenance | | +| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | provenance | | +| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | provenance | | +| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | provenance | | +| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | provenance | | +| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | provenance | | +| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | provenance | | +| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | provenance | | +| path-assignment.js:8:13:8:25 | key | path-assignment.js:13:29:13:31 | key | provenance | | +| path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | provenance | | +| path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | provenance | | +| path-assignment.js:13:13:13:32 | target | path-assignment.js:13:22:13:27 | target | provenance | | +| path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | provenance | | +| path-assignment.js:13:22:13:27 | target | path-assignment.js:13:22:13:32 | target[key] | provenance | | +| path-assignment.js:13:22:13:32 | target[key] | path-assignment.js:13:13:13:32 | target | provenance | | +| path-assignment.js:13:29:13:31 | key | path-assignment.js:13:22:13:32 | target[key] | provenance | | +| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | provenance | | +| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:39:42:41 | key | provenance | | +| path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | provenance | | +| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | provenance | | +| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:32:42:37 | target | provenance | | +| path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | provenance | | +| path-assignment.js:42:32:42:37 | target | path-assignment.js:42:32:42:42 | target[key] | provenance | | +| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:9:42:48 | target | provenance | | +| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | provenance | | +| path-assignment.js:42:39:42:41 | key | path-assignment.js:42:32:42:42 | target[key] | provenance | | +| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | provenance | | +| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:39:59:41 | key | provenance | | +| path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | provenance | | +| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | provenance | | +| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:32:59:37 | target | provenance | | +| path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | provenance | | +| path-assignment.js:59:32:59:37 | target | path-assignment.js:59:32:59:42 | target[key] | provenance | | +| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:9:59:48 | target | provenance | | +| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | provenance | | +| path-assignment.js:59:39:59:41 | key | path-assignment.js:59:32:59:42 | target[key] | provenance | | +| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | provenance | | +| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:39:69:41 | key | provenance | | +| path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | provenance | | +| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | provenance | | +| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:32:69:37 | target | provenance | | +| path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | provenance | | +| path-assignment.js:69:32:69:37 | target | path-assignment.js:69:32:69:42 | target[key] | provenance | | +| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:9:69:48 | target | provenance | | +| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | provenance | | +| path-assignment.js:69:39:69:41 | key | path-assignment.js:69:32:69:42 | target[key] | provenance | | +| tests.js:3:25:3:27 | dst | tests.js:6:28:6:30 | dst | provenance | | +| tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | provenance | | +| tests.js:3:30:3:32 | src | tests.js:6:38:6:40 | src | provenance | | +| tests.js:3:30:3:32 | src | tests.js:8:24:8:26 | src | provenance | | +| tests.js:4:14:4:16 | key | tests.js:6:32:6:34 | key | provenance | | +| tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | provenance | | +| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | provenance | | +| tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | provenance | | +| tests.js:6:28:6:30 | dst | tests.js:6:28:6:35 | dst[key] | provenance | | +| tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | provenance | | +| tests.js:6:32:6:34 | key | tests.js:6:28:6:35 | dst[key] | provenance | | +| tests.js:6:38:6:40 | src | tests.js:6:38:6:45 | src[key] | provenance | | +| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | provenance | | +| tests.js:6:42:6:44 | key | tests.js:6:38:6:45 | src[key] | provenance | | +| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | provenance | | +| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | provenance | | +| tests.js:13:24:13:26 | dst | tests.js:16:27:16:29 | dst | provenance | | +| tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | provenance | | +| tests.js:13:29:13:31 | src | tests.js:14:17:14:19 | src | provenance | | +| tests.js:14:17:14:19 | src | tests.js:16:37:16:39 | src | provenance | | +| tests.js:14:17:14:19 | src | tests.js:18:24:18:26 | src | provenance | | +| tests.js:14:30:14:32 | key | tests.js:16:31:16:33 | key | provenance | | +| tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | provenance | | +| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | provenance | | +| tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | provenance | | +| tests.js:16:27:16:29 | dst | tests.js:16:27:16:34 | dst[key] | provenance | | +| tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | provenance | | +| tests.js:16:31:16:33 | key | tests.js:16:27:16:34 | dst[key] | provenance | | +| tests.js:16:37:16:39 | src | tests.js:16:37:16:44 | src[key] | provenance | | +| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | provenance | | +| tests.js:16:41:16:43 | key | tests.js:16:37:16:44 | src[key] | provenance | | +| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | provenance | | +| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | provenance | | +| tests.js:23:19:23:21 | dst | tests.js:26:25:26:27 | dst | provenance | | +| tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | provenance | | +| tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | provenance | | +| tests.js:26:25:26:27 | dst | tests.js:31:22:31:24 | dst | provenance | | +| tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | provenance | | +| tests.js:26:37:26:39 | key | tests.js:26:30:26:40 | source[key] | provenance | | +| tests.js:26:43:26:45 | key | tests.js:31:34:31:36 | key | provenance | | +| tests.js:31:22:31:24 | dst | tests.js:32:20:32:22 | dst | provenance | | +| tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | provenance | | +| tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | provenance | | +| tests.js:31:34:31:36 | key | tests.js:32:24:32:26 | key | provenance | | +| tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | provenance | | +| tests.js:32:9:32:27 | dstValue | tests.js:34:18:34:25 | dstValue | provenance | | +| tests.js:32:20:32:22 | dst | tests.js:32:20:32:27 | dst[key] | provenance | | +| tests.js:32:20:32:27 | dst[key] | tests.js:32:9:32:27 | dstValue | provenance | | +| tests.js:32:24:32:26 | key | tests.js:32:20:32:27 | dst[key] | provenance | | +| tests.js:34:18:34:25 | dstValue | tests.js:23:19:23:21 | dst | provenance | | +| tests.js:40:27:40:29 | dst | tests.js:44:30:44:32 | dst | provenance | | +| tests.js:40:27:40:29 | dst | tests.js:46:13:46:15 | dst | provenance | | +| tests.js:40:32:40:34 | src | tests.js:44:40:44:42 | src | provenance | | +| tests.js:40:32:40:34 | src | tests.js:46:24:46:26 | src | provenance | | +| tests.js:41:14:41:16 | key | tests.js:44:34:44:36 | key | provenance | | +| tests.js:41:14:41:16 | key | tests.js:44:44:44:46 | key | provenance | | +| tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | provenance | | +| tests.js:41:14:41:16 | key | tests.js:46:28:46:30 | key | provenance | | +| tests.js:44:30:44:32 | dst | tests.js:44:30:44:37 | dst[key] | provenance | | +| tests.js:44:30:44:37 | dst[key] | tests.js:40:27:40:29 | dst | provenance | | +| tests.js:44:34:44:36 | key | tests.js:44:30:44:37 | dst[key] | provenance | | +| tests.js:44:40:44:42 | src | tests.js:44:40:44:47 | src[key] | provenance | | +| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | provenance | | +| tests.js:44:44:44:46 | key | tests.js:44:40:44:47 | src[key] | provenance | | +| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | provenance | | +| tests.js:46:28:46:30 | key | tests.js:46:24:46:31 | src[key] | provenance | | +| tests.js:51:26:51:28 | dst | tests.js:55:29:55:31 | dst | provenance | | +| tests.js:51:26:51:28 | dst | tests.js:57:13:57:15 | dst | provenance | | +| tests.js:51:31:51:33 | src | tests.js:55:39:55:41 | src | provenance | | +| tests.js:51:31:51:33 | src | tests.js:57:24:57:26 | src | provenance | | +| tests.js:52:14:52:16 | key | tests.js:55:33:55:35 | key | provenance | | +| tests.js:52:14:52:16 | key | tests.js:55:43:55:45 | key | provenance | | +| tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | provenance | | +| tests.js:52:14:52:16 | key | tests.js:57:28:57:30 | key | provenance | | +| tests.js:55:29:55:31 | dst | tests.js:55:29:55:36 | dst[key] | provenance | | +| tests.js:55:29:55:36 | dst[key] | tests.js:51:26:51:28 | dst | provenance | | +| tests.js:55:33:55:35 | key | tests.js:55:29:55:36 | dst[key] | provenance | | +| tests.js:55:39:55:41 | src | tests.js:55:39:55:46 | src[key] | provenance | | +| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | provenance | | +| tests.js:55:43:55:45 | key | tests.js:55:39:55:46 | src[key] | provenance | | +| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | provenance | | +| tests.js:57:28:57:30 | key | tests.js:57:24:57:31 | src[key] | provenance | | +| tests.js:62:33:62:35 | src | tests.js:66:41:66:43 | src | provenance | | +| tests.js:62:33:62:35 | src | tests.js:68:24:68:26 | src | provenance | | +| tests.js:66:41:66:43 | src | tests.js:66:41:66:48 | src[key] | provenance | | +| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | provenance | | +| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | provenance | | +| tests.js:77:27:77:29 | src | tests.js:81:39:81:41 | src | provenance | | +| tests.js:77:27:77:29 | src | tests.js:83:28:83:30 | src | provenance | | +| tests.js:81:39:81:41 | src | tests.js:81:39:81:46 | src[key] | provenance | | +| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | provenance | | +| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | provenance | | +| tests.js:89:34:89:36 | src | tests.js:94:42:94:44 | src | provenance | | +| tests.js:89:34:89:36 | src | tests.js:96:24:96:26 | src | provenance | | +| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | provenance | | +| tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | provenance | | +| tests.js:94:42:94:44 | src | tests.js:94:42:94:49 | src[key] | provenance | | +| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | provenance | | +| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | provenance | | +| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | provenance | | +| tests.js:101:32:101:34 | dst | tests.js:107:35:107:37 | dst | provenance | | +| tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | provenance | | +| tests.js:101:37:101:39 | src | tests.js:107:45:107:47 | src | provenance | | +| tests.js:101:37:101:39 | src | tests.js:109:24:109:26 | src | provenance | | +| tests.js:102:14:102:16 | key | tests.js:107:39:107:41 | key | provenance | | +| tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | provenance | | +| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | provenance | | +| tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | provenance | | +| tests.js:107:35:107:37 | dst | tests.js:107:35:107:42 | dst[key] | provenance | | +| tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | provenance | | +| tests.js:107:39:107:41 | key | tests.js:107:35:107:42 | dst[key] | provenance | | +| tests.js:107:45:107:47 | src | tests.js:107:45:107:52 | src[key] | provenance | | +| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | provenance | | +| tests.js:107:49:107:51 | key | tests.js:107:45:107:52 | src[key] | provenance | | +| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | provenance | | +| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | provenance | | +| tests.js:116:41:116:43 | src | tests.js:119:49:119:51 | src | provenance | | +| tests.js:116:41:116:43 | src | tests.js:121:24:121:26 | src | provenance | | +| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | provenance | | +| tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | provenance | | +| tests.js:119:49:119:51 | src | tests.js:119:49:119:56 | src[key] | provenance | | +| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | provenance | | +| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | provenance | | +| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | provenance | | +| tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | provenance | | +| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | provenance | | +| tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | provenance | | +| tests.js:149:36:149:38 | src | tests.js:154:24:154:26 | src | provenance | | +| tests.js:150:14:150:16 | key | tests.js:152:32:152:34 | key | provenance | | +| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | provenance | | +| tests.js:150:14:150:16 | key | tests.js:154:28:154:30 | key | provenance | | +| tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | provenance | | +| tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | provenance | | +| tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | provenance | | +| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | provenance | | +| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | provenance | | +| tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | provenance | | +| tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | provenance | | +| tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | provenance | | +| tests.js:160:31:160:33 | src | tests.js:149:36:149:38 | src | provenance | | +| tests.js:160:37:160:39 | dst | tests.js:161:35:161:37 | dst | provenance | | +| tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | provenance | | +| tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | provenance | | +| tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | provenance | | +| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | provenance | | +| tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | provenance | | +| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | provenance | | +| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | provenance | | +| tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | provenance | | +| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | provenance | | +| tests.js:165:37:165:39 | src | tests.js:169:45:169:47 | src | provenance | | +| tests.js:165:37:165:39 | src | tests.js:171:24:171:26 | src | provenance | | +| tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | provenance | | +| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | provenance | | +| tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | provenance | | +| tests.js:169:45:169:47 | src | tests.js:169:45:169:52 | src[key] | provenance | | +| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | provenance | | +| tests.js:169:49:169:51 | key | tests.js:169:45:169:52 | src[key] | provenance | | +| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | provenance | | +| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | provenance | | +| tests.js:178:33:178:35 | src | tests.js:182:41:182:43 | src | provenance | | +| tests.js:178:33:178:35 | src | tests.js:184:24:184:26 | src | provenance | | +| tests.js:182:41:182:43 | src | tests.js:182:41:182:48 | src[key] | provenance | | +| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | provenance | | +| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | provenance | | +| tests.js:189:32:189:34 | dst | tests.js:194:35:194:37 | dst | provenance | | +| tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | provenance | | +| tests.js:189:37:189:39 | src | tests.js:194:45:194:47 | src | provenance | | +| tests.js:189:37:189:39 | src | tests.js:196:24:196:26 | src | provenance | | +| tests.js:192:13:192:25 | key | tests.js:194:39:194:41 | key | provenance | | +| tests.js:192:13:192:25 | key | tests.js:194:49:194:51 | key | provenance | | +| tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | provenance | | +| tests.js:192:13:192:25 | key | tests.js:196:28:196:30 | key | provenance | | +| tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | provenance | | +| tests.js:194:35:194:37 | dst | tests.js:194:35:194:42 | dst[key] | provenance | | +| tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | provenance | | +| tests.js:194:39:194:41 | key | tests.js:194:35:194:42 | dst[key] | provenance | | +| tests.js:194:45:194:47 | src | tests.js:194:45:194:52 | src[key] | provenance | | +| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | provenance | | +| tests.js:194:49:194:51 | key | tests.js:194:45:194:52 | src[key] | provenance | | +| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | provenance | | +| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | provenance | | +| tests.js:201:39:201:41 | dst | tests.js:206:42:206:44 | dst | provenance | | +| tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | provenance | | +| tests.js:201:44:201:46 | src | tests.js:206:56:206:58 | src | provenance | | +| tests.js:201:44:201:46 | src | tests.js:208:28:208:30 | src | provenance | | +| tests.js:206:42:206:44 | dst | tests.js:206:42:206:53 | dst[keys[i]] | provenance | | +| tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | provenance | | +| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | provenance | | +| tests.js:206:56:206:58 | src | tests.js:206:56:206:67 | src[keys[i]] | provenance | | +| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | provenance | | +| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | provenance | | +| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | provenance | | +| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | provenance | | +| tests.js:213:23:213:26 | key1 | tests.js:217:9:217:12 | key1 | provenance | | +| tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | provenance | | +| tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | provenance | | +| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | provenance | | +| tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | provenance | | +| tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | provenance | | +| tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | provenance | | +| tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | provenance | | +| tests.js:224:23:224:25 | key | tests.js:213:23:213:26 | key1 | provenance | | +| tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | provenance | | +| tests.js:224:38:224:40 | key | tests.js:224:33:224:41 | data[key] | provenance | | +| tests.js:225:28:225:30 | key | tests.js:213:29:213:32 | key2 | provenance | | +| tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | provenance | | +| tests.js:225:38:225:40 | key | tests.js:225:33:225:41 | data[key] | provenance | | +| tests.js:229:26:229:29 | key1 | tests.js:233:9:233:12 | key1 | provenance | | +| tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | provenance | | +| tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | provenance | | +| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | provenance | | +| tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | provenance | | +| tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | provenance | | +| tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | provenance | | +| tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | provenance | | +| tests.js:239:24:239:26 | key | tests.js:229:26:229:29 | key1 | provenance | | +| tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | provenance | | +| tests.js:239:39:239:41 | key | tests.js:239:34:239:42 | data[key] | provenance | | +| tests.js:240:31:240:33 | key | tests.js:229:32:229:35 | key2 | provenance | | +| tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | provenance | | +| tests.js:240:41:240:43 | key | tests.js:240:36:240:44 | data[key] | provenance | | +| tests.js:263:27:263:29 | dst | tests.js:268:30:268:32 | dst | provenance | | +| tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | provenance | | +| tests.js:265:13:265:26 | key | tests.js:268:34:268:36 | key | provenance | | +| tests.js:265:13:265:26 | key | tests.js:270:17:270:19 | key | provenance | | +| tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | provenance | | +| tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | provenance | | +| tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | provenance | | +| tests.js:268:30:268:32 | dst | tests.js:268:30:268:37 | dst[key] | provenance | | +| tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | provenance | | +| tests.js:268:34:268:36 | key | tests.js:268:30:268:37 | dst[key] | provenance | | +| tests.js:275:27:275:29 | dst | tests.js:278:30:278:32 | dst | provenance | | +| tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | provenance | | +| tests.js:275:32:275:34 | src | tests.js:276:21:276:23 | src | provenance | | +| tests.js:276:21:276:23 | src | tests.js:278:40:278:42 | src | provenance | | +| tests.js:276:21:276:23 | src | tests.js:280:24:280:26 | src | provenance | | +| tests.js:276:34:276:36 | key | tests.js:278:34:278:36 | key | provenance | | +| tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | provenance | | +| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | provenance | | +| tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | provenance | | +| tests.js:278:30:278:32 | dst | tests.js:278:30:278:37 | dst[key] | provenance | | +| tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | provenance | | +| tests.js:278:34:278:36 | key | tests.js:278:30:278:37 | dst[key] | provenance | | +| tests.js:278:40:278:42 | src | tests.js:278:40:278:47 | src[key] | provenance | | +| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | provenance | | +| tests.js:278:44:278:46 | key | tests.js:278:40:278:47 | src[key] | provenance | | +| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | provenance | | +| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | provenance | | +| tests.js:301:27:301:29 | dst | tests.js:306:34:306:36 | dst | provenance | | +| tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | provenance | | +| tests.js:301:32:301:34 | src | tests.js:304:25:304:27 | src | provenance | | +| tests.js:302:14:302:16 | key | tests.js:304:29:304:31 | key | provenance | | +| tests.js:302:14:302:16 | key | tests.js:306:38:306:40 | key | provenance | | +| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | provenance | | +| tests.js:304:17:304:32 | value | tests.js:306:44:306:48 | value | provenance | | +| tests.js:304:17:304:32 | value | tests.js:306:44:306:48 | value | provenance | | +| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | provenance | | +| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | provenance | | +| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | provenance | | +| tests.js:304:25:304:27 | src | tests.js:304:25:304:32 | src[key] | provenance | | +| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | provenance | | +| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | provenance | | +| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | provenance | | +| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | provenance | | +| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | provenance | | +| tests.js:306:34:306:36 | dst | tests.js:306:34:306:41 | dst[key] | provenance | | +| tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | provenance | | +| tests.js:306:38:306:40 | key | tests.js:306:34:306:41 | dst[key] | provenance | | +| tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | provenance | | +| tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | provenance | | +| tests.js:314:31:314:33 | dst | tests.js:320:38:320:40 | dst | provenance | | +| tests.js:314:31:314:33 | dst | tests.js:322:17:322:19 | dst | provenance | | +| tests.js:314:36:314:38 | src | tests.js:318:25:318:27 | src | provenance | | +| tests.js:315:14:315:16 | key | tests.js:318:29:318:31 | key | provenance | | +| tests.js:315:14:315:16 | key | tests.js:320:42:320:44 | key | provenance | | +| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | provenance | | +| tests.js:318:17:318:32 | value | tests.js:320:48:320:52 | value | provenance | | +| tests.js:318:17:318:32 | value | tests.js:320:48:320:52 | value | provenance | | +| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | provenance | | +| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | provenance | | +| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | provenance | | +| tests.js:318:25:318:27 | src | tests.js:318:25:318:32 | src[key] | provenance | | +| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | provenance | | +| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | provenance | | +| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | provenance | | +| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | provenance | | +| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | provenance | | +| tests.js:320:38:320:40 | dst | tests.js:320:38:320:45 | dst[key] | provenance | | +| tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | provenance | | +| tests.js:320:42:320:44 | key | tests.js:320:38:320:45 | dst[key] | provenance | | +| tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | provenance | | +| tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | provenance | | +| tests.js:328:25:328:27 | dst | tests.js:336:32:336:34 | dst | provenance | | +| tests.js:328:25:328:27 | dst | tests.js:338:17:338:19 | dst | provenance | | +| tests.js:328:30:328:32 | src | tests.js:336:42:336:44 | src | provenance | | +| tests.js:328:30:328:32 | src | tests.js:338:28:338:30 | src | provenance | | +| tests.js:329:14:329:16 | key | tests.js:336:36:336:38 | key | provenance | | +| tests.js:329:14:329:16 | key | tests.js:336:46:336:48 | key | provenance | | +| tests.js:329:14:329:16 | key | tests.js:338:21:338:23 | key | provenance | | +| tests.js:329:14:329:16 | key | tests.js:338:32:338:34 | key | provenance | | +| tests.js:336:32:336:34 | dst | tests.js:336:32:336:39 | dst[key] | provenance | | +| tests.js:336:32:336:39 | dst[key] | tests.js:328:25:328:27 | dst | provenance | | +| tests.js:336:36:336:38 | key | tests.js:336:32:336:39 | dst[key] | provenance | | +| tests.js:336:42:336:44 | src | tests.js:336:42:336:49 | src[key] | provenance | | +| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | provenance | | +| tests.js:336:46:336:48 | key | tests.js:336:42:336:49 | src[key] | provenance | | +| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | provenance | | +| tests.js:338:32:338:34 | key | tests.js:338:28:338:35 | src[key] | provenance | | +| tests.js:348:32:348:37 | target | tests.js:349:26:349:31 | target | provenance | | +| tests.js:348:32:348:37 | target | tests.js:361:12:361:17 | target | provenance | | +| tests.js:348:40:348:45 | source | tests.js:349:54:349:59 | source | provenance | | +| tests.js:348:40:348:45 | source | tests.js:350:21:350:26 | source | provenance | | +| tests.js:349:26:349:31 | target | tests.js:355:17:355:22 | target | provenance | | +| tests.js:349:26:349:31 | target | tests.js:355:53:355:58 | target | provenance | | +| tests.js:349:26:349:31 | target | tests.js:357:17:357:22 | target | provenance | | +| tests.js:349:26:349:31 | target | tests.js:361:12:361:17 | target | provenance | | +| tests.js:349:54:349:59 | source | tests.js:350:21:350:26 | source | provenance | | +| tests.js:350:21:350:26 | source | tests.js:355:66:355:71 | source | provenance | | +| tests.js:350:21:350:26 | source | tests.js:357:31:357:36 | source | provenance | | +| tests.js:350:37:350:39 | key | tests.js:355:24:355:26 | key | provenance | | +| tests.js:350:37:350:39 | key | tests.js:355:60:355:62 | key | provenance | | +| tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | provenance | | +| tests.js:350:37:350:39 | key | tests.js:357:38:357:40 | key | provenance | | +| tests.js:355:53:355:58 | target | tests.js:355:53:355:63 | target[key] | provenance | | +| tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | provenance | | +| tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | provenance | | +| tests.js:355:60:355:62 | key | tests.js:355:53:355:63 | target[key] | provenance | | +| tests.js:355:66:355:71 | source | tests.js:355:66:355:76 | source[key] | provenance | | +| tests.js:355:66:355:76 | source[key] | tests.js:348:40:348:45 | source | provenance | | +| tests.js:357:31:357:36 | source | tests.js:357:31:357:41 | source[key] | provenance | | +| tests.js:357:38:357:40 | key | tests.js:357:31:357:41 | source[key] | provenance | | +| tests.js:364:41:364:46 | target | tests.js:377:12:377:17 | target | provenance | | +| tests.js:364:49:364:54 | source | tests.js:371:75:371:80 | source | provenance | | +| tests.js:364:49:364:54 | source | tests.js:373:31:373:36 | source | provenance | | +| tests.js:366:18:366:20 | key | tests.js:371:24:371:26 | key | provenance | | +| tests.js:366:18:366:20 | key | tests.js:371:69:371:71 | key | provenance | | +| tests.js:366:18:366:20 | key | tests.js:373:24:373:26 | key | provenance | | +| tests.js:366:18:366:20 | key | tests.js:373:38:373:40 | key | provenance | | +| tests.js:371:62:371:72 | target[key] | tests.js:364:41:364:46 | target | provenance | | +| tests.js:371:62:371:72 | target[key] | tests.js:371:31:371:95 | mergePl ... ptions) | provenance | | +| tests.js:371:69:371:71 | key | tests.js:371:62:371:72 | target[key] | provenance | | +| tests.js:371:75:371:80 | source | tests.js:371:75:371:85 | source[key] | provenance | | +| tests.js:371:75:371:85 | source[key] | tests.js:364:49:364:54 | source | provenance | | +| tests.js:373:31:373:36 | source | tests.js:373:31:373:41 | source[key] | provenance | | +| tests.js:373:38:373:40 | key | tests.js:373:31:373:41 | source[key] | provenance | | +| tests.js:380:22:380:24 | obj | tests.js:383:27:383:29 | obj | provenance | | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | provenance | | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | provenance | | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | provenance | | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | provenance | | +| tests.js:380:27:380:34 | callback [src] | tests.js:383:13:383:20 | callback [src] | provenance | | +| tests.js:381:14:381:16 | key | tests.js:383:22:383:24 | key | provenance | | +| tests.js:381:14:381:16 | key | tests.js:383:31:383:33 | key | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:391:32:391:34 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:391:32:391:34 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:393:13:393:15 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:393:13:393:15 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:401:33:401:35 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:401:33:401:35 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:403:13:403:15 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:403:13:403:15 | dst | provenance | | +| tests.js:383:13:383:20 | callback [src] | tests.js:391:42:391:44 | src | provenance | | +| tests.js:383:13:383:20 | callback [src] | tests.js:393:24:393:26 | src | provenance | | +| tests.js:383:22:383:24 | key | tests.js:389:22:389:24 | key | provenance | | +| tests.js:383:22:383:24 | key | tests.js:399:23:399:25 | key | provenance | | +| tests.js:383:27:383:29 | obj | tests.js:383:27:383:34 | obj[key] | provenance | | +| tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | provenance | | +| tests.js:383:31:383:33 | key | tests.js:383:27:383:34 | obj[key] | provenance | | +| tests.js:388:29:388:31 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | +| tests.js:388:29:388:31 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | +| tests.js:388:29:388:31 | dst | tests.js:391:32:391:34 | dst | provenance | | +| tests.js:388:29:388:31 | dst | tests.js:391:32:391:34 | dst | provenance | | +| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | provenance | | +| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | provenance | | +| tests.js:388:34:388:36 | src | tests.js:389:17:389:19 | src | provenance | | +| tests.js:389:17:389:19 | src | tests.js:380:27:380:34 | callback [src] | provenance | | +| tests.js:389:17:389:19 | src | tests.js:391:42:391:44 | src | provenance | | +| tests.js:389:17:389:19 | src | tests.js:393:24:393:26 | src | provenance | | +| tests.js:389:22:389:24 | key | tests.js:391:36:391:38 | key | provenance | | +| tests.js:389:22:389:24 | key | tests.js:391:46:391:48 | key | provenance | | +| tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | provenance | | +| tests.js:389:22:389:24 | key | tests.js:393:28:393:30 | key | provenance | | +| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | provenance | | +| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | provenance | | +| tests.js:391:32:391:39 | dst[key] | tests.js:388:29:388:31 | dst | provenance | | +| tests.js:391:32:391:39 | dst[key] | tests.js:388:29:388:31 | dst | provenance | | +| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | provenance | | +| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | provenance | | +| tests.js:391:42:391:44 | src | tests.js:391:42:391:49 | src[key] | provenance | | +| tests.js:391:42:391:49 | src[key] | tests.js:388:34:388:36 | src | provenance | | +| tests.js:391:46:391:48 | key | tests.js:391:42:391:49 | src[key] | provenance | | +| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | provenance | | +| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | provenance | | +| tests.js:398:30:398:32 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | +| tests.js:398:30:398:32 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | +| tests.js:398:30:398:32 | dst | tests.js:401:33:401:35 | dst | provenance | | +| tests.js:398:30:398:32 | dst | tests.js:401:33:401:35 | dst | provenance | | +| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | provenance | | +| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | provenance | | +| tests.js:398:35:398:37 | src | tests.js:399:17:399:19 | src | provenance | | +| tests.js:399:17:399:19 | src | tests.js:380:22:380:24 | obj | provenance | | +| tests.js:399:23:399:25 | key | tests.js:401:37:401:39 | key | provenance | | +| tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | provenance | | +| tests.js:399:28:399:32 | value | tests.js:401:43:401:47 | value | provenance | | +| tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | provenance | | +| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | provenance | | +| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | provenance | | +| tests.js:401:33:401:40 | dst[key] | tests.js:398:30:398:32 | dst | provenance | | +| tests.js:401:33:401:40 | dst[key] | tests.js:398:30:398:32 | dst | provenance | | +| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | provenance | | +| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | provenance | | +| tests.js:401:43:401:47 | value | tests.js:398:35:398:37 | src | provenance | | +| tests.js:408:22:408:24 | obj | tests.js:409:12:409:14 | obj | provenance | | +| tests.js:408:27:408:29 | key | tests.js:409:16:409:18 | key | provenance | | +| tests.js:409:12:409:14 | obj | tests.js:409:12:409:19 | obj[key] | provenance | | +| tests.js:409:16:409:18 | key | tests.js:409:12:409:19 | obj[key] | provenance | | +| tests.js:412:31:412:33 | dst | tests.js:415:34:415:36 | dst | provenance | | +| tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | provenance | | +| tests.js:412:36:412:38 | src | tests.js:414:33:414:35 | src | provenance | | +| tests.js:413:14:413:16 | key | tests.js:414:38:414:40 | key | provenance | | +| tests.js:413:14:413:16 | key | tests.js:415:39:415:41 | key | provenance | | +| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | provenance | | +| tests.js:414:13:414:41 | value | tests.js:417:42:417:46 | value | provenance | | +| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | provenance | | +| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | provenance | | +| tests.js:414:33:414:35 | src | tests.js:408:22:408:24 | obj | provenance | | +| tests.js:414:33:414:35 | src | tests.js:414:21:414:41 | wrapped ... c, key) | provenance | | +| tests.js:414:38:414:40 | key | tests.js:408:27:408:29 | key | provenance | | +| tests.js:414:38:414:40 | key | tests.js:414:21:414:41 | wrapped ... c, key) | provenance | | +| tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | provenance | | +| tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | provenance | | +| tests.js:415:34:415:36 | dst | tests.js:408:22:408:24 | obj | provenance | | +| tests.js:415:34:415:36 | dst | tests.js:415:22:415:42 | wrapped ... t, key) | provenance | | +| tests.js:415:39:415:41 | key | tests.js:408:27:408:29 | key | provenance | | +| tests.js:415:39:415:41 | key | tests.js:415:22:415:42 | wrapped ... t, key) | provenance | | +| tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | provenance | | +| tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | provenance | | +| tests.js:424:25:424:27 | obj | tests.js:426:12:426:14 | obj | provenance | | +| tests.js:424:30:424:32 | key | tests.js:426:16:426:18 | key | provenance | | +| tests.js:426:12:426:14 | obj | tests.js:426:12:426:19 | obj[key] | provenance | | +| tests.js:426:16:426:18 | key | tests.js:426:12:426:19 | obj[key] | provenance | | +| tests.js:429:34:429:36 | dst | tests.js:432:37:432:39 | dst | provenance | | +| tests.js:429:34:429:36 | dst | tests.js:436:13:436:15 | dst | provenance | | +| tests.js:429:39:429:41 | src | tests.js:431:36:431:38 | src | provenance | | +| tests.js:430:14:430:16 | key | tests.js:431:41:431:43 | key | provenance | | +| tests.js:430:14:430:16 | key | tests.js:432:42:432:44 | key | provenance | | +| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | provenance | | +| tests.js:431:13:431:44 | value | tests.js:434:45:434:49 | value | provenance | | +| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | provenance | | +| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | provenance | | +| tests.js:431:36:431:38 | src | tests.js:424:25:424:27 | obj | provenance | | +| tests.js:431:36:431:38 | src | tests.js:431:21:431:44 | almostS ... c, key) | provenance | | +| tests.js:431:41:431:43 | key | tests.js:424:30:424:32 | key | provenance | | +| tests.js:431:41:431:43 | key | tests.js:431:21:431:44 | almostS ... c, key) | provenance | | +| tests.js:432:13:432:45 | target | tests.js:434:37:434:42 | target | provenance | | +| tests.js:432:22:432:45 | almostS ... t, key) | tests.js:432:13:432:45 | target | provenance | | +| tests.js:432:37:432:39 | dst | tests.js:424:25:424:27 | obj | provenance | | +| tests.js:432:37:432:39 | dst | tests.js:432:22:432:45 | almostS ... t, key) | provenance | | +| tests.js:432:42:432:44 | key | tests.js:424:30:424:32 | key | provenance | | +| tests.js:432:42:432:44 | key | tests.js:432:22:432:45 | almostS ... t, key) | provenance | | +| tests.js:434:37:434:42 | target | tests.js:429:34:429:36 | dst | provenance | | +| tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | provenance | | +| tests.js:441:19:441:21 | obj | tests.js:443:12:443:14 | obj | provenance | | +| tests.js:443:12:443:14 | obj | tests.js:443:12:443:19 | obj[key] | provenance | | +| tests.js:446:33:446:35 | src | tests.js:448:30:448:32 | src | provenance | | +| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | provenance | | +| tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | provenance | | +| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | provenance | | +| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | provenance | | +| tests.js:448:30:448:32 | src | tests.js:441:19:441:21 | obj | provenance | | +| tests.js:448:30:448:32 | src | tests.js:448:21:448:38 | safeRead(src, key) | provenance | | +| tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | provenance | | +| tests.js:458:26:458:28 | dst | tests.js:462:29:462:31 | dst | provenance | | +| tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | provenance | | +| tests.js:458:26:458:28 | dst | tests.js:466:30:466:32 | dst | provenance | | +| tests.js:458:26:458:28 | dst | tests.js:467:30:467:32 | dst | provenance | | +| tests.js:458:31:458:33 | src | tests.js:460:12:460:14 | src | provenance | | +| tests.js:460:12:460:14 | src | tests.js:462:39:462:41 | src | provenance | | +| tests.js:460:12:460:14 | src | tests.js:465:41:465:43 | src | provenance | | +| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | provenance | | +| tests.js:460:25:460:27 | key | tests.js:462:33:462:35 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:462:43:462:45 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:465:45:465:47 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | provenance | | +| tests.js:462:29:462:31 | dst | tests.js:462:29:462:36 | dst[key] | provenance | | +| tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | provenance | | +| tests.js:462:33:462:35 | key | tests.js:462:29:462:36 | dst[key] | provenance | | +| tests.js:462:39:462:41 | src | tests.js:462:39:462:46 | src[key] | provenance | | +| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | provenance | | +| tests.js:462:43:462:45 | key | tests.js:462:39:462:46 | src[key] | provenance | | +| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | provenance | | +| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | provenance | | +| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | provenance | | +| tests.js:472:38:472:40 | dst | tests.js:475:41:475:43 | dst | provenance | | +| tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | provenance | | +| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | provenance | | +| tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | provenance | | +| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | provenance | | +| tests.js:475:41:475:43 | dst | tests.js:475:41:475:48 | dst[key] | provenance | | +| tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | provenance | | +| tests.js:475:45:475:47 | key | tests.js:475:41:475:48 | dst[key] | provenance | | +| tests.js:483:26:483:28 | dst | tests.js:487:29:487:31 | dst | provenance | | +| tests.js:483:26:483:28 | dst | tests.js:489:13:489:15 | dst | provenance | | +| tests.js:483:31:483:33 | src | tests.js:487:39:487:41 | src | provenance | | +| tests.js:483:31:483:33 | src | tests.js:489:24:489:26 | src | provenance | | +| tests.js:483:31:483:33 | src | tests.js:489:24:489:26 | src | provenance | | +| tests.js:484:14:484:16 | key | tests.js:487:33:487:35 | key | provenance | | +| tests.js:484:14:484:16 | key | tests.js:487:43:487:45 | key | provenance | | +| tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | provenance | | +| tests.js:484:14:484:16 | key | tests.js:489:28:489:30 | key | provenance | | +| tests.js:487:29:487:31 | dst | tests.js:487:29:487:36 | dst[key] | provenance | | +| tests.js:487:29:487:36 | dst[key] | tests.js:483:26:483:28 | dst | provenance | | +| tests.js:487:33:487:35 | key | tests.js:487:29:487:36 | dst[key] | provenance | | +| tests.js:487:39:487:41 | src | tests.js:487:39:487:46 | src[key] | provenance | | +| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | provenance | | +| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | provenance | | +| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | provenance | | +| tests.js:487:43:487:45 | key | tests.js:487:39:487:46 | src[key] | provenance | | +| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | provenance | | +| tests.js:489:28:489:30 | key | tests.js:489:24:489:31 | src[key] | provenance | | +| tests.js:494:32:494:34 | src | tests.js:498:21:498:23 | src | provenance | | +| tests.js:495:14:495:16 | key | tests.js:498:25:498:27 | key | provenance | | +| tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | provenance | | +| tests.js:498:13:498:28 | value | tests.js:500:38:500:42 | value | provenance | | +| tests.js:498:13:498:28 | value | tests.js:500:38:500:42 | value | provenance | | +| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | provenance | | +| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | provenance | | +| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | provenance | | +| tests.js:498:21:498:23 | src | tests.js:498:21:498:28 | src[key] | provenance | | +| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | provenance | | +| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | provenance | | +| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | provenance | | +| tests.js:498:25:498:27 | key | tests.js:498:21:498:28 | src[key] | provenance | | +| tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | provenance | | +| tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | provenance | | +| tests.js:508:30:508:32 | dst | tests.js:513:33:513:35 | dst | provenance | | +| tests.js:508:30:508:32 | dst | tests.js:517:35:517:37 | dst | provenance | | +| tests.js:508:35:508:37 | src | tests.js:513:43:513:45 | src | provenance | | +| tests.js:508:35:508:37 | src | tests.js:516:32:516:34 | src | provenance | | +| tests.js:511:13:511:25 | key | tests.js:513:37:513:39 | key | provenance | | +| tests.js:511:13:511:25 | key | tests.js:513:47:513:49 | key | provenance | | +| tests.js:511:13:511:25 | key | tests.js:516:36:516:38 | key | provenance | | +| tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | provenance | | +| tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | provenance | | +| tests.js:513:33:513:35 | dst | tests.js:513:33:513:40 | dst[key] | provenance | | +| tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | provenance | | +| tests.js:513:37:513:39 | key | tests.js:513:33:513:40 | dst[key] | provenance | | +| tests.js:513:43:513:45 | src | tests.js:513:43:513:50 | src[key] | provenance | | +| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | provenance | | +| tests.js:513:47:513:49 | key | tests.js:513:43:513:50 | src[key] | provenance | | +| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | provenance | | +| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | provenance | | +| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | provenance | | +| tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | provenance | | +| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | provenance | | +| tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | provenance | | +| tests.js:534:36:534:43 | callback [dst] | tests.js:538:9:538:16 | callback [dst] | provenance | | +| tests.js:538:9:538:16 | callback [dst] | tests.js:545:33:545:35 | dst | provenance | | +| tests.js:538:9:538:16 | callback [dst] | tests.js:547:13:547:15 | dst | provenance | | +| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | provenance | | +| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | provenance | | +| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | provenance | | +| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | provenance | | +| tests.js:542:30:542:32 | dst | tests.js:534:36:534:43 | callback [dst] | provenance | | +| tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | provenance | | +| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | provenance | | +| tests.js:542:35:542:37 | src | tests.js:543:26:543:28 | src | provenance | | +| tests.js:543:26:543:28 | src | tests.js:534:31:534:33 | obj | provenance | | +| tests.js:543:32:543:34 | key | tests.js:545:37:545:39 | key | provenance | | +| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | provenance | | +| tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | provenance | | +| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | provenance | | +| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | provenance | | +| tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | provenance | | +| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | provenance | | +| tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | provenance | | +| tests.js:552:35:552:37 | src | tests.js:557:43:557:45 | src | provenance | | +| tests.js:552:35:552:37 | src | tests.js:559:24:559:26 | src | provenance | | +| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | provenance | | +| tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | provenance | | +| tests.js:557:43:557:45 | src | tests.js:557:43:557:50 | src[key] | provenance | | +| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | provenance | | +| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | provenance | | +| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | provenance | | +| tests.js:564:35:564:37 | src | tests.js:569:43:569:45 | src | provenance | | +| tests.js:564:35:564:37 | src | tests.js:571:24:571:26 | src | provenance | | +| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | provenance | | +| tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | provenance | | +| tests.js:569:43:569:45 | src | tests.js:569:43:569:50 | src[key] | provenance | | +| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | provenance | | +| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | provenance | | +| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | provenance | | +| tests.js:576:30:576:32 | src | tests.js:580:38:580:40 | src | provenance | | +| tests.js:576:30:576:32 | src | tests.js:582:24:582:26 | src | provenance | | +| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | provenance | | +| tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | provenance | | +| tests.js:580:38:580:40 | src | tests.js:580:38:580:45 | src[key] | provenance | | +| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | provenance | | +| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | provenance | | +| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | provenance | | +| tests.js:591:25:591:27 | obj | tests.js:592:7:592:9 | obj | provenance | | +| tests.js:591:25:591:27 | obj | tests.js:592:21:592:23 | obj | provenance | | +| tests.js:592:7:592:9 | obj | tests.js:592:21:592:23 | obj | provenance | | +| tests.js:592:7:592:9 | obj | tests.js:593:10:593:12 | obj | provenance | | +| tests.js:592:21:592:23 | obj | tests.js:593:10:593:12 | obj | provenance | | +| tests.js:600:31:600:34 | dest | tests.js:603:34:603:37 | dest | provenance | | +| tests.js:600:31:600:34 | dest | tests.js:605:13:605:16 | dest | provenance | | +| tests.js:600:37:600:42 | source | tests.js:603:45:603:50 | source | provenance | | +| tests.js:600:37:600:42 | source | tests.js:605:40:605:45 | source | provenance | | +| tests.js:601:16:601:18 | key | tests.js:603:39:603:41 | key | provenance | | +| tests.js:601:16:601:18 | key | tests.js:603:52:603:54 | key | provenance | | +| tests.js:601:16:601:18 | key | tests.js:605:18:605:20 | key | provenance | | +| tests.js:601:16:601:18 | key | tests.js:605:47:605:49 | key | provenance | | +| tests.js:603:34:603:37 | dest | tests.js:603:34:603:42 | dest[key] | provenance | | +| tests.js:603:34:603:42 | dest[key] | tests.js:600:31:600:34 | dest | provenance | | +| tests.js:603:39:603:41 | key | tests.js:603:34:603:42 | dest[key] | provenance | | +| tests.js:603:45:603:50 | source | tests.js:603:45:603:55 | source[key] | provenance | | +| tests.js:603:45:603:55 | source[key] | tests.js:600:37:600:42 | source | provenance | | +| tests.js:603:52:603:54 | key | tests.js:603:45:603:55 | source[key] | provenance | | +| tests.js:605:40:605:45 | source | tests.js:605:40:605:50 | source[key] | provenance | | +| tests.js:605:40:605:50 | source[key] | tests.js:591:25:591:27 | obj | provenance | | +| tests.js:605:40:605:50 | source[key] | tests.js:605:25:605:51 | capture ... e[key]) | provenance | | +| tests.js:605:47:605:49 | key | tests.js:605:40:605:50 | source[key] | provenance | | subpaths | tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | tests.js:361:12:361:17 | target | tests.js:355:31:355:86 | mergePl ... ptions) | | tests.js:371:62:371:72 | target[key] | tests.js:364:41:364:46 | target | tests.js:377:12:377:17 | target | tests.js:371:31:371:95 | mergePl ... ptions) | From 102ca77acfa2afe84446abcb1e3214f7c5a98f11 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 25 Jun 2024 11:49:19 +0200 Subject: [PATCH 195/223] Switch to getLocation() in DataFlowCall --- .../dataflow/internal/DataFlowPrivate.qll | 36 ++++--------------- 1 file changed, 6 insertions(+), 30 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 330b0a59038e..1e7e917695a0 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -478,11 +478,7 @@ class DataFlowCall extends TDataFlowCall { this = MkSummaryCall(enclosingCallable, receiver) } - predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - none() // Overridden in subclass - } + Location getLocation() { none() } // Overridden in subclass } private class OrdinaryCall extends DataFlowCall, MkOrdinaryCall { @@ -498,11 +494,7 @@ private class OrdinaryCall extends DataFlowCall, MkOrdinaryCall { override string toString() { result = node.toString() } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - node.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Location getLocation() { result = node.getLocation() } } private class PartialCall extends DataFlowCall, MkPartialCall { @@ -521,11 +513,7 @@ private class PartialCall extends DataFlowCall, MkPartialCall { override string toString() { result = node.toString() + " (as partial invocation)" } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - node.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Location getLocation() { result = node.getLocation() } } private class BoundCall extends DataFlowCall, MkBoundCall { @@ -542,11 +530,7 @@ private class BoundCall extends DataFlowCall, MkBoundCall { result = node.toString() + " (as call with " + boundArgs + " bound arguments)" } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - node.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Location getLocation() { result = node.getLocation() } } private class AccessorCall extends DataFlowCall, MkAccessorCall { @@ -560,11 +544,7 @@ private class AccessorCall extends DataFlowCall, MkAccessorCall { override string toString() { result = ref.toString() + " (as accessor call)" } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - ref.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Location getLocation() { result = ref.getLocation() } } class SummaryCall extends DataFlowCall, MkSummaryCall { @@ -598,11 +578,7 @@ private class ImpliedLambdaCall extends DataFlowCall, MkImpliedLambdaCall { override string toString() { result = "[implied lambda call] " + function } - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - function.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + override Location getLocation() { result = function.getLocation() } override DataFlowCallable getEnclosingCallable() { result.asSourceCallable() = function.getEnclosingContainer() From 505c532af706433a4c598799eb6538b4b26368ea Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 25 Jun 2024 12:58:35 +0200 Subject: [PATCH 196/223] JS: Implement totalorder() --- .../dataflow/internal/DataFlowPrivate.qll | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 1e7e917695a0..3d49e74a44e0 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -196,6 +196,12 @@ class DataFlowCallable extends TDataFlowCallable { /** Gets the corresponding `LibraryCallable` if this is a library callable. */ LibraryCallable asLibraryCallable() { this = MkLibraryCallable(result) } + + int totalorder() { + result = TotalOrdering::astNodeId(this.asSourceCallable()).bitShiftLeft(1) + or + result = TotalOrdering::libraryCallableId(this.asLibraryCallable()).bitShiftLeft(1) + 1 + } } /** A callable defined in library code, identified by a unique string. */ @@ -456,6 +462,47 @@ private newtype TDataFlowCall = FlowSummaryImpl::Private::summaryCallbackRange(c, receiver) } +private module TotalOrdering { + private predicate astNodeRefl(AstNode x, AstNode y) { x = y } + + int astNodeId(AstNode n) = equivalenceRelation(astNodeRefl/2)(n, result) + + predicate dataFlowNodeId(DataFlow::Node node, int cls, int content) { + exists(AstNode n | + node = TValueNode(n) and cls = 1 and content = astNodeId(n) + or + node = TReflectiveCallNode(n, _) and cls = 2 and content = astNodeId(n) + ) + } + + predicate callId(DataFlowCall call, int cls, int child, int extra) { + exists(DataFlow::Node node | + call = MkOrdinaryCall(node) and dataFlowNodeId(node, cls - 1000, child) and extra = 0 + or + call = MkPartialCall(node, _) and dataFlowNodeId(node, cls - 2000, child) and extra = 0 + or + call = MkBoundCall(node, extra) and dataFlowNodeId(node, cls - 3000, child) + or + call = MkAccessorCall(node) and dataFlowNodeId(node, cls - 4000, child) and extra = 0 + ) + or + exists(Function f | + call = MkImpliedLambdaCall(f) and cls = 5000 and child = astNodeId(f) and extra = 0 + ) + or + exists( + FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver + | + call = MkSummaryCall(c, receiver) and + cls = 6000 and + c = rank[child](FlowSummaryImpl::Public::SummarizedCallable cs) and + extra = 0 + ) + } + + int libraryCallableId(LibraryCallable callable) { callable = rank[result](LibraryCallable c) } +} + class DataFlowCall extends TDataFlowCall { DataFlowCallable getEnclosingCallable() { none() } // Overridden in subclass @@ -479,6 +526,15 @@ class DataFlowCall extends TDataFlowCall { } Location getLocation() { none() } // Overridden in subclass + + int totalorder() { + this = + rank[result](DataFlowCall call, int x, int y, int z | + TotalOrdering::callId(call, x, y, z) + | + call order by x, y, z + ) + } } private class OrdinaryCall extends DataFlowCall, MkOrdinaryCall { From 64a9598b8934948e9b6ea9092a891c0a379a2cee Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 25 Jun 2024 13:00:47 +0200 Subject: [PATCH 197/223] JS: Update interface for isUnreachableInCall --- .../javascript/dataflow/internal/DataFlowPrivate.qll | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 3d49e74a44e0..0a477ebcdbc8 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -1009,10 +1009,19 @@ predicate expectsContent(Node n, ContentSet c) { any(AdditionalFlowInternal flow).expectsContent(n, c) } +abstract class NodeRegion extends Unit { + NodeRegion() { none() } + + /** Holds if this region contains `n`. */ + predicate contains(Node n) { none() } + + int totalOrder() { none() } +} + /** * Holds if the node `n` is unreachable when the call context is `call`. */ -predicate isUnreachableInCall(Node n, DataFlowCall call) { +predicate isUnreachableInCall(NodeRegion n, DataFlowCall call) { none() // TODO: could be useful, but not currently implemented for JS } From 6c8fb61f60bf142f3a67a5b35d44bcb011bf6e99 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 25 Jun 2024 13:10:24 +0200 Subject: [PATCH 198/223] Js: Update FlowSummaryImpl.qll to make things compile --- .../dataflow/internal/sharedlib/FlowSummaryImpl.qll | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll index 6671fc229bc8..4d4c0bad4b04 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll @@ -1276,10 +1276,12 @@ module Private { c = "Argument" or parseArg(c, ppos) ) or - exists(ReturnNodeExt ret | + exists( + ReturnNode ret // TODO: hacked to make this compile; need to switch to module in qlpack + | c = "ReturnValue" and ret = node.asNode() and - ret.getKind().(ValueReturnKind).getKind() = getReturnValueKind() and + ret.getKind() = getReturnValueKind() and mid.asCallable() = getNodeEnclosingCallable(ret) ) or From 6e32f27652013d52ff55e3545063aa7eccdc864d Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 25 Jun 2024 13:30:33 +0200 Subject: [PATCH 199/223] Rename predicates to be consistent with qlpack In preparation for migrating to the FlowSummary module in the qlpack, rename predicates to be consistent with the qlpack. --- .../ql/lib/semmle/javascript/dataflow/FlowSummary.qll | 2 +- .../javascript/dataflow/internal/FlowSummaryPrivate.qll | 8 ++++++-- .../dataflow/internal/sharedlib/FlowSummaryImpl.qll | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll index 426f8b758514..8c5c6479c107 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll @@ -84,7 +84,7 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari DataFlow::ParameterNode getParameter(string s) { exists(ParameterPosition pos | DataFlowImplCommon::parameterNode(result, MkLibraryCallable(this), pos) and - s = getParameterPosition(pos) + s = encodeParameterPosition(pos) ) } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index 58ab67ec8a7d..ef4766c6f2b4 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -286,11 +286,15 @@ string getMadRepresentationSpecific(SummaryComponent sc) { /** Gets the textual representation of a parameter position in the format used for flow summaries. */ bindingset[pos] -string getParameterPosition(ParameterPosition pos) { positionName(pos, result) and result != "any" } +string encodeParameterPosition(ParameterPosition pos) { + positionName(pos, result) and result != "any" +} /** Gets the textual representation of an argument position in the format used for flow summaries. */ bindingset[pos] -string getArgumentPosition(ArgumentPosition pos) { positionName(pos, result) and result != "any" } +string encodeArgumentPosition(ArgumentPosition pos) { + positionName(pos, result) and result != "any" +} /** Holds if input specification component `c` needs a reference. */ predicate inputNeedsReferenceSpecific(string c) { none() } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll index 4d4c0bad4b04..afcf7bb37a80 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll @@ -30,12 +30,12 @@ module Public { or exists(ArgumentPosition pos | this = TParameterSummaryComponent(pos) and - result = "Parameter[" + getArgumentPosition(pos) + "]" + result = "Parameter[" + encodeArgumentPosition(pos) + "]" ) or exists(ParameterPosition pos | this = TArgumentSummaryComponent(pos) and - result = "Argument[" + getParameterPosition(pos) + "]" + result = "Argument[" + encodeParameterPosition(pos) + "]" ) or exists(string synthetic | From f0d7c3a7f03ee9814ba66c5593c6392392418179 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 25 Jun 2024 13:33:06 +0200 Subject: [PATCH 200/223] Remove bindingsets --- .../semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll | 2 -- 1 file changed, 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index ef4766c6f2b4..3ed037148d08 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -285,13 +285,11 @@ string getMadRepresentationSpecific(SummaryComponent sc) { } /** Gets the textual representation of a parameter position in the format used for flow summaries. */ -bindingset[pos] string encodeParameterPosition(ParameterPosition pos) { positionName(pos, result) and result != "any" } /** Gets the textual representation of an argument position in the format used for flow summaries. */ -bindingset[pos] string encodeArgumentPosition(ArgumentPosition pos) { positionName(pos, result) and result != "any" } From dd7aff555de18279c26212855fd5b09898c501ad Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 25 Jun 2024 13:35:49 +0200 Subject: [PATCH 201/223] Instantiate shared FlowSummary library --- .../javascript/dataflow/internal/FlowSummaryPrivate.qll | 3 +++ .../dataflow/internal/sharedlib/DataFlowArg.qll | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index 3ed037148d08..1d6c38b51e20 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -294,6 +294,9 @@ string encodeArgumentPosition(ArgumentPosition pos) { positionName(pos, result) and result != "any" } +/** Gets the return kind corresponding to specification `"ReturnValue"`. */ +ReturnKind getStandardReturnValueKind() { result = MkNormalReturnKind() } + /** Holds if input specification component `c` needs a reference. */ predicate inputNeedsReferenceSpecific(string c) { none() } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll index e3a855063071..fae8bb76fca4 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll @@ -2,6 +2,7 @@ private import semmle.javascript.Locations private import DataFlowImplSpecific private import codeql.dataflow.DataFlow as SharedDataFlow private import codeql.dataflow.TaintTracking as SharedTaintTracking +private import codeql.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl module JSDataFlow implements SharedDataFlow::InputSig { import Private @@ -22,3 +23,11 @@ module JSDataFlow implements SharedDataFlow::InputSig { module JSTaintFlow implements SharedTaintTracking::InputSig { import semmle.javascript.dataflow.internal.TaintTrackingPrivate } + +module JSFlowSummary implements FlowSummaryImpl::InputSig { + private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate + import FlowSummaryPrivate + + // Explicitly implement signature members that have a default + predicate callbackSelfParameterPosition = FlowSummaryPrivate::callbackSelfParameterPosition/0; +} From 6b35a766a64c1c3187d458d5dbd3acef60f054ce Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 25 Jun 2024 14:20:56 +0200 Subject: [PATCH 202/223] Migrate to shared FlowSummary library --- .../javascript/dataflow/FlowSummary.qll | 74 +- .../dataflow/internal/DataFlowNode.qll | 6 +- .../dataflow/internal/DataFlowPrivate.qll | 43 +- .../dataflow/internal/FlowSummaryPrivate.qll | 46 +- .../internal/TaintTrackingPrivate.qll | 9 +- .../internal/sharedlib/FlowSummaryImpl.qll | 1496 +---------------- .../sharedlib/FlowSummaryImplSpecific.qll | 1 - 7 files changed, 72 insertions(+), 1603 deletions(-) delete mode 100644 javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImplSpecific.qll diff --git a/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll index 8c5c6479c107..51005bf44ca4 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll @@ -2,81 +2,25 @@ private import javascript private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as Impl -private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImplSpecific +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon private import semmle.javascript.dataflow.internal.DataFlowPrivate -class SummaryComponent = Impl::Public::SummaryComponent; - -/** Provides predicates for constructing summary components. */ -module SummaryComponent { - private import Impl::Public::SummaryComponent as SC - - predicate parameter = SC::parameter/1; - - predicate argument = SC::argument/1; - - predicate content = SC::content/1; - - predicate withoutContent = SC::withoutContent/1; - - predicate withContent = SC::withContent/1; - - class SyntheticGlobal = SC::SyntheticGlobal; - - /** Gets a summary component that represents a receiver. */ - SummaryComponent receiver() { result = argument(MkThisParameter()) } - - /** Gets a summary component that represents the return value of a call. */ - SummaryComponent return() { result = SC::return(MkNormalReturnKind()) } - - /** Gets a summary component that represents the exception thrown from a call. */ - SummaryComponent exceptionalReturn() { result = SC::return(MkExceptionalReturnKind()) } -} - -class SummaryComponentStack = Impl::Public::SummaryComponentStack; - -/** Provides predicates for constructing stacks of summary components. */ -module SummaryComponentStack { - private import Impl::Public::SummaryComponentStack as SCS - - predicate singleton = SCS::singleton/1; - - predicate push = SCS::push/2; - - predicate argument = SCS::argument/1; - - /** Gets a singleton stack representing a receiver. */ - SummaryComponentStack receiver() { result = singleton(SummaryComponent::receiver()) } - - /** Gets a singleton stack representing the return value of a call. */ - SummaryComponentStack return() { result = singleton(SummaryComponent::return()) } - - /** Gets a singleton stack representing the exception thrown from a call. */ - SummaryComponentStack exceptionalReturn() { - result = singleton(SummaryComponent::exceptionalReturn()) - } -} - /** A callable with a flow summary, identified by a unique string. */ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable { bindingset[this] SummarizedCallable() { any() } - /** - * Same as - * - * ```ql - * propagatesFlow( - * SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue - * ) - * ``` - * - * but uses an external (string) representation of the input and output stacks. - */ + // TODO: rename 'propagatesFlowExt' and/or override 'propagatesFlow' directly pragma[nomagic] predicate propagatesFlowExt(string input, string output, boolean preservesValue) { none() } + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { + this.propagatesFlowExt(input, output, preservesValue) and model = this + } + /** * Gets the synthesized parameter that results from an input specification * that starts with `Argument[s]` for this library callable. @@ -88,5 +32,3 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari ) } } - -class RequiredSummaryComponentStack = Impl::Public::RequiredSummaryComponentStack; diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index c82c2cfdac50..5f80355f0009 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -10,6 +10,7 @@ private import semmle.javascript.dataflow.internal.Contents::Private private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon private import semmle.javascript.dataflow.internal.DataFlowPrivate as DataFlowPrivate private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate private import semmle.javascript.dataflow.internal.VariableCapture as VariableCapture cached @@ -58,7 +59,10 @@ private module Cached { TConstructorThisPostUpdate(Constructor ctor) or TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or TFlowSummaryIntermediateAwaitStoreNode(FlowSummaryImpl::Private::SummaryNode sn) { - FlowSummaryImpl::Private::Steps::summaryStoreStep(sn, MkAwaited(), _) + // NOTE: This dependency goes through the 'Steps' module whose instantiation depends on the call graph, + // but the specific predicate we're referering to does not use that information. + // So it doesn't cause negative recursion but it might look a bit surprising. + FlowSummaryPrivate::Steps::summaryStoreStep(sn, MkAwaited(), _) } or TSynthCaptureNode(VariableCapture::VariableCaptureOutput::SynthesizedCaptureNode node) or TGenericSynthesizedNode(AstNode node, string tag, DataFlowPrivate::DataFlowCallable container) { diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index 0a477ebcdbc8..d768b6995b3b 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -8,6 +8,8 @@ private import semmle.javascript.dataflow.internal.VariableCapture private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon private import semmle.javascript.internal.flow_summaries.AllFlowSummaries private import sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate +private import semmle.javascript.dataflow.FlowSummary as FlowSummary private import semmle.javascript.dataflow.internal.BarrierGuards class DataFlowSecondLevelScope = Unit; @@ -117,7 +119,8 @@ private DataFlow::Node getAnOutNodeImpl(DataFlowCall call, ReturnKind kind) { or kind = MkNormalReturnKind() and result = call.asAccessorCall().(DataFlow::PropRead) or - FlowSummaryImpl::Private::summaryOutNode(call, result.(FlowSummaryNode).getSummaryNode(), kind) + FlowSummaryImpl::Private::summaryOutNode(call.(SummaryCall).getReceiver(), + result.(FlowSummaryNode).getSummaryNode(), kind) } class ReturnNode extends DataFlow::Node { @@ -275,7 +278,8 @@ private predicate isArgumentNodeImpl(Node n, DataFlowCall call, ArgumentPosition // argument to setter (TODO: this has no post-update node) pos.asPositional() = 0 and n = call.asAccessorCall().(DataFlow::PropWrite).getRhs() or - FlowSummaryImpl::Private::summaryArgumentNode(call, n.(FlowSummaryNode).getSummaryNode(), pos) + FlowSummaryImpl::Private::summaryArgumentNode(call.(SummaryCall).getReceiver(), + n.(FlowSummaryNode).getSummaryNode(), pos) } predicate isArgumentNode(ArgumentNode n, DataFlowCall call, ArgumentPosition pos) { @@ -802,8 +806,8 @@ private predicate valuePreservingStep(Node node1, Node node2) { or node2 = FlowSteps::getThrowTarget(node1) or - FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), - node2.(FlowSummaryNode).getSummaryNode(), true) + FlowSummaryPrivate::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), + node2.(FlowSummaryNode).getSummaryNode(), true, _) // TODO: preserve 'model' or // Step from post-update nodes to local sources of the pre-update node. This emulates how JS usually tracks side effects. exists(PostUpdateNode postUpdate | @@ -828,7 +832,7 @@ predicate simpleLocalFlowStep(Node node1, Node node2) { nodeGetEnclosingCallable(pragma[only_bind_out](node2)) or exists(FlowSummaryImpl::Private::SummaryNode input, FlowSummaryImpl::Private::SummaryNode output | - FlowSummaryImpl::Private::Steps::summaryStoreStep(input, MkAwaited(), output) and + FlowSummaryPrivate::Steps::summaryStoreStep(input, MkAwaited(), output) and node1 = TFlowSummaryNode(input) and ( node2 = TFlowSummaryNode(output) and @@ -837,7 +841,7 @@ predicate simpleLocalFlowStep(Node node1, Node node2) { node2 = TFlowSummaryIntermediateAwaitStoreNode(input) ) or - FlowSummaryImpl::Private::Steps::summaryReadStep(input, MkAwaited(), output) and + FlowSummaryPrivate::Steps::summaryReadStep(input, MkAwaited(), output) and node1 = TFlowSummaryNode(input) and node2 = TFlowSummaryNode(output) ) @@ -859,7 +863,7 @@ predicate jumpStep(Node node1, Node node2) { valuePreservingStep(node1, node2) and node1.getContainer() != node2.getContainer() or - FlowSummaryImpl::Private::Steps::summaryJumpStep(node1.(FlowSummaryNode).getSummaryNode(), + FlowSummaryPrivate::Steps::summaryJumpStep(node1.(FlowSummaryNode).getSummaryNode(), node2.(FlowSummaryNode).getSummaryNode()) or DataFlow::AdditionalFlowStep::jumpStep(node1, node2) @@ -882,8 +886,8 @@ predicate readStep(Node node1, ContentSet c, Node node2) { ) or exists(ContentSet contentSet | - FlowSummaryImpl::Private::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), - contentSet, node2.(FlowSummaryNode).getSummaryNode()) + FlowSummaryPrivate::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), contentSet, + node2.(FlowSummaryNode).getSummaryNode()) | not isSpecialContentSet(contentSet) and c = contentSet @@ -894,7 +898,7 @@ predicate readStep(Node node1, ContentSet c, Node node2) { or // For deep reads, generate read edges with a self-loop exists(Node origin, ContentSet contentSet | - FlowSummaryImpl::Private::Steps::summaryReadStep(origin.(FlowSummaryNode).getSummaryNode(), + FlowSummaryPrivate::Steps::summaryReadStep(origin.(FlowSummaryNode).getSummaryNode(), contentSet, node2.(FlowSummaryNode).getSummaryNode()) and node1 = [origin, node2] | @@ -938,13 +942,13 @@ predicate storeStep(Node node1, ContentSet c, Node node2) { node2 = tryGetPostUpdate(write.getBase()) ) or - FlowSummaryImpl::Private::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), c, + FlowSummaryPrivate::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), c, node2.(FlowSummaryNode).getSummaryNode()) and not isSpecialContentSet(c) or // Store into Awaited exists(FlowSummaryImpl::Private::SummaryNode input, FlowSummaryImpl::Private::SummaryNode output | - FlowSummaryImpl::Private::Steps::summaryStoreStep(input, MkAwaited(), output) and + FlowSummaryPrivate::Steps::summaryStoreStep(input, MkAwaited(), output) and node1 = TFlowSummaryIntermediateAwaitStoreNode(input) and node2 = TFlowSummaryNode(output) and c = ContentSet::promiseValue() @@ -964,15 +968,14 @@ predicate storeStep(Node node1, ContentSet c, Node node2) { * in `x.f = newValue`. */ predicate clearsContent(Node n, ContentSet c) { - FlowSummaryImpl::Private::Steps::summaryClearsContent(n.(FlowSummaryNode).getSummaryNode(), c) + FlowSummaryPrivate::Steps::summaryClearsContent(n.(FlowSummaryNode).getSummaryNode(), c) or // Clear promise content before storing into promise value, to avoid creating nested promises n = TFlowSummaryIntermediateAwaitStoreNode(_) and c = MkPromiseFilter() or // After reading from Awaited, the output must not be stored in a promise content - FlowSummaryImpl::Private::Steps::summaryReadStep(_, MkAwaited(), - n.(FlowSummaryNode).getSummaryNode()) and + FlowSummaryPrivate::Steps::summaryReadStep(_, MkAwaited(), n.(FlowSummaryNode).getSummaryNode()) and c = MkPromiseFilter() or any(AdditionalFlowInternal flow).clearsContent(n, c) @@ -998,12 +1001,11 @@ predicate clearsContent(Node n, ContentSet c) { * at node `n`. */ predicate expectsContent(Node n, ContentSet c) { - FlowSummaryImpl::Private::Steps::summaryExpectsContent(n.(FlowSummaryNode).getSummaryNode(), c) + FlowSummaryPrivate::Steps::summaryExpectsContent(n.(FlowSummaryNode).getSummaryNode(), c) or // After storing into Awaited, the result must be stored in a promise-content. // There is a value step from the input directly to this node, hence the need for expectsContent. - FlowSummaryImpl::Private::Steps::summaryStoreStep(_, MkAwaited(), - n.(FlowSummaryNode).getSummaryNode()) and + FlowSummaryPrivate::Steps::summaryStoreStep(_, MkAwaited(), n.(FlowSummaryNode).getSummaryNode()) and c = MkPromiseFilter() or any(AdditionalFlowInternal flow).expectsContent(n, c) @@ -1035,7 +1037,10 @@ int accessPathLimit() { result = 2 } * by default as a heuristic. */ predicate allowParameterReturnInSelf(ParameterNode p) { - FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(p) + exists(DataFlowCallable callable, ParameterPosition pos | + isParameterNodeImpl(p, callable, pos) and + FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(callable.asLibraryCallable(), pos) + ) or exists(Function f | VariableCaptureOutput::heuristicAllowInstanceParameterReturnInSelf(f) and diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index 1d6c38b51e20..d68773087867 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -70,11 +70,6 @@ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { result = TAnyType() and exists(t) and exists(rk) } -/** Gets the type of synthetic global `sg`. */ -DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { - result = TAnyType() and exists(sg) -} - /** * Holds if an external flow summary exists for `c` with input specification * `input`, output specification `output`, kind `kind`, and provenance `provenance`. @@ -97,21 +92,21 @@ predicate summaryElement( predicate neutralSummaryElement(FlowSummary::SummarizedCallable c, string provenance) { none() } pragma[inline] -private SummaryComponent makeContentComponents( +private Private::SummaryComponent makeContentComponents( Private::AccessPathToken token, string name, ContentSet contents ) { token.getName() = name and - result = FlowSummary::SummaryComponent::content(contents) + result = Private::SummaryComponent::content(contents) or token.getName() = "With" + name and - result = FlowSummary::SummaryComponent::withContent(contents) + result = Private::SummaryComponent::withContent(contents) or token.getName() = "Without" + name and - result = FlowSummary::SummaryComponent::withoutContent(contents) + result = Private::SummaryComponent::withoutContent(contents) } pragma[inline] -private SummaryComponent makePropertyContentComponents( +private Private::SummaryComponent makePropertyContentComponents( Private::AccessPathToken token, string name, PropertyName content ) { result = makeContentComponents(token, name, ContentSet::property(content)) @@ -160,12 +155,12 @@ private ParameterPosition parsePosition(string operand) { * * This covers all the JS-specific components of a flow summary. */ -SummaryComponent interpretComponentSpecific(Private::AccessPathToken c) { +Private::SummaryComponent interpretComponentSpecific(Private::AccessPathToken c) { c.getName() = "Argument" and - result = FlowSummary::SummaryComponent::argument(parsePosition(c.getAnArgument())) + result = Private::SummaryComponent::argument(parsePosition(c.getAnArgument())) or c.getName() = "Parameter" and - result = FlowSummary::SummaryComponent::parameter(parsePosition(c.getAnArgument())) + result = Private::SummaryComponent::parameter(parsePosition(c.getAnArgument())) or result = makePropertyContentComponents(c, "Member", c.getAnArgument()) or @@ -210,20 +205,20 @@ SummaryComponent interpretComponentSpecific(Private::AccessPathToken c) { or c.getName() = "ReturnValue" and c.getAnArgument() = "exception" and - result = SummaryComponent::return(MkExceptionalReturnKind()) + result = Private::SummaryComponent::return(MkExceptionalReturnKind()) or // Awaited is mapped down to a combination steps that handle coercion and promise-flattening. c.getName() = "Awaited" and c.getNumArgument() = 0 and - result = SummaryComponent::content(MkAwaited()) + result = Private::SummaryComponent::content(MkAwaited()) or c.getName() = "AnyMemberDeep" and c.getNumArgument() = 0 and - result = SummaryComponent::content(MkAnyPropertyDeep()) + result = Private::SummaryComponent::content(MkAnyPropertyDeep()) or c.getName() = "ArrayElementDeep" and c.getNumArgument() = 0 and - result = SummaryComponent::content(MkArrayElementDeep()) + result = Private::SummaryComponent::content(MkArrayElementDeep()) } private string getMadStringFromContentSetAux(ContentSet cs) { @@ -272,13 +267,14 @@ private string getMadStringFromContentSet(ContentSet cs) { } /** Gets the textual representation of a summary component in the format used for MaD models. */ -string getMadRepresentationSpecific(SummaryComponent sc) { +string getMadRepresentationSpecific(Private::SummaryComponent sc) { exists(ContentSet cs | - sc = Private::TContentSummaryComponent(cs) and result = getMadStringFromContentSet(cs) + sc = Private::SummaryComponent::content(cs) and + result = getMadStringFromContentSet(cs) ) or exists(ReturnKind rk | - sc = Private::TReturnSummaryComponent(rk) and + sc = Private::SummaryComponent::return(rk) and not rk = getReturnValueKind() and result = "ReturnValue[" + rk + "]" ) @@ -368,3 +364,13 @@ bindingset[s] ParameterPosition parseArgBody(string s) { result = parseParamBody(s) // Currently these are identical } + +private module FlowSummaryStepInput implements Private::StepsInputSig { + DataFlowCall getACall(SummarizedCallable sc) { + exists(LibraryCallable callable | callable = sc | + result.asOrdinaryCall() = [callable.getACall(), callable.getACallSimple()] + ) + } +} + +module Steps = Private::Steps; diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll index f60c4e0f5dbd..7b4d8a8e94b4 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll @@ -2,20 +2,21 @@ private import javascript private import semmle.javascript.dataflow.internal.DataFlowPrivate private import semmle.javascript.dataflow.internal.Contents::Public private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate private import semmle.javascript.dataflow.internal.BarrierGuards cached predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { TaintTracking::AdditionalTaintStep::step(node1, node2) or - FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), - node2.(FlowSummaryNode).getSummaryNode(), false) + FlowSummaryPrivate::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), + node2.(FlowSummaryNode).getSummaryNode(), false, _) // TODO: preserve 'model' parameter or // Convert steps into and out of array elements to plain taint steps - FlowSummaryImpl::Private::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), + FlowSummaryPrivate::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), ContentSet::arrayElement(), node2.(FlowSummaryNode).getSummaryNode()) or - FlowSummaryImpl::Private::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), + FlowSummaryPrivate::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), ContentSet::arrayElement(), node2.(FlowSummaryNode).getSummaryNode()) } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll index afcf7bb37a80..bf370eb9a271 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll @@ -1,1492 +1,4 @@ -/** - * Provides classes and predicates for defining flow summaries. - * - * The definitions in this file are language-independent, and language-specific - * definitions are passed in via the `DataFlowImplSpecific` and - * `FlowSummaryImplSpecific` modules. - */ - -private import FlowSummaryImplSpecific -private import DataFlowImplSpecific::Private -private import DataFlowImplSpecific::Public -private import DataFlowImplCommon -private import codeql.util.Unit - -// TODO: switch to the shared implementation of FlowSummaryImpl.qll -/** Provides classes and predicates for defining flow summaries. */ -module Public { - private import Private - - /** - * A component used in a flow summary. - * - * Either a parameter or an argument at a given position, a specific - * content type, or a return kind. - */ - class SummaryComponent extends TSummaryComponent { - /** Gets a textual representation of this component used for MaD models. */ - string getMadRepresentation() { - result = getMadRepresentationSpecific(this) - or - exists(ArgumentPosition pos | - this = TParameterSummaryComponent(pos) and - result = "Parameter[" + encodeArgumentPosition(pos) + "]" - ) - or - exists(ParameterPosition pos | - this = TArgumentSummaryComponent(pos) and - result = "Argument[" + encodeParameterPosition(pos) + "]" - ) - or - exists(string synthetic | - this = TSyntheticGlobalSummaryComponent(synthetic) and - result = "SyntheticGlobal[" + synthetic + "]" - ) - or - this = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" - } - - /** Gets a textual representation of this summary component. */ - string toString() { result = this.getMadRepresentation() } - } - - /** Provides predicates for constructing summary components. */ - module SummaryComponent { - /** Gets a summary component for content `c`. */ - SummaryComponent content(ContentSet c) { result = TContentSummaryComponent(c) } - - /** Gets a summary component where data is not allowed to be stored in `c`. */ - SummaryComponent withoutContent(ContentSet c) { result = TWithoutContentSummaryComponent(c) } - - /** Gets a summary component where data must be stored in `c`. */ - SummaryComponent withContent(ContentSet c) { result = TWithContentSummaryComponent(c) } - - /** Gets a summary component for a parameter at position `pos`. */ - SummaryComponent parameter(ArgumentPosition pos) { result = TParameterSummaryComponent(pos) } - - /** Gets a summary component for an argument at position `pos`. */ - SummaryComponent argument(ParameterPosition pos) { result = TArgumentSummaryComponent(pos) } - - /** Gets a summary component for a return of kind `rk`. */ - SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) } - - /** Gets a summary component for synthetic global `sg`. */ - SummaryComponent syntheticGlobal(SyntheticGlobal sg) { - result = TSyntheticGlobalSummaryComponent(sg) - } - - /** - * A synthetic global. This represents some form of global state, which - * summaries can read and write individually. - */ - abstract class SyntheticGlobal extends string { - bindingset[this] - SyntheticGlobal() { any() } - } - } - - /** - * A (non-empty) stack of summary components. - * - * A stack is used to represent where data is read from (input) or where it - * is written to (output). For example, an input stack `[Field f, Argument 0]` - * means that data is read from field `f` from the `0`th argument, while an - * output stack `[Field g, Return]` means that data is written to the field - * `g` of the returned object. - */ - class SummaryComponentStack extends TSummaryComponentStack { - /** Gets the head of this stack. */ - SummaryComponent head() { - this = TSingletonSummaryComponentStack(result) or - this = TConsSummaryComponentStack(result, _) - } - - /** Gets the tail of this stack, if any. */ - SummaryComponentStack tail() { this = TConsSummaryComponentStack(_, result) } - - /** Gets the length of this stack. */ - int length() { - this = TSingletonSummaryComponentStack(_) and result = 1 - or - result = 1 + this.tail().length() - } - - /** Gets the stack obtained by dropping the first `i` elements, if any. */ - SummaryComponentStack drop(int i) { - i = 0 and result = this - or - result = this.tail().drop(i - 1) - } - - /** Holds if this stack contains summary component `c`. */ - predicate contains(SummaryComponent c) { c = this.drop(_).head() } - - /** Gets the bottom element of this stack. */ - SummaryComponent bottom() { - this = TSingletonSummaryComponentStack(result) or result = this.tail().bottom() - } - - /** Gets a textual representation of this stack used for MaD models. */ - string getMadRepresentation() { - exists(SummaryComponent head, SummaryComponentStack tail | - head = this.head() and - tail = this.tail() and - result = tail.getMadRepresentation() + "." + head.getMadRepresentation() - ) - or - exists(SummaryComponent c | - this = TSingletonSummaryComponentStack(c) and - result = c.getMadRepresentation() - ) - } - - /** Gets a textual representation of this stack. */ - string toString() { result = this.getMadRepresentation() } - } - - /** Provides predicates for constructing stacks of summary components. */ - module SummaryComponentStack { - /** Gets a singleton stack containing `c`. */ - SummaryComponentStack singleton(SummaryComponent c) { - result = TSingletonSummaryComponentStack(c) - } - - /** - * Gets the stack obtained by pushing `head` onto `tail`. - * - * Make sure to override `RequiredSummaryComponentStack::required()` in order - * to ensure that the constructed stack exists. - */ - SummaryComponentStack push(SummaryComponent head, SummaryComponentStack tail) { - result = TConsSummaryComponentStack(head, tail) - } - - /** Gets a singleton stack for an argument at position `pos`. */ - SummaryComponentStack argument(ParameterPosition pos) { - result = singleton(SummaryComponent::argument(pos)) - } - - /** Gets a singleton stack representing a return of kind `rk`. */ - SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) } - } - - /** - * A class that exists for QL technical reasons only (the IPA type used - * to represent component stacks needs to be bounded). - */ - class RequiredSummaryComponentStack extends Unit { - /** - * Holds if the stack obtained by pushing `head` onto `tail` is required. - */ - abstract predicate required(SummaryComponent head, SummaryComponentStack tail); - } - - /** - * Gets the valid model origin values. - */ - private string getValidModelOrigin() { - result = - [ - "ai", // AI (machine learning) - "df", // Dataflow (model generator) - "tb", // Type based (model generator) - "hq", // Heuristic query - ] - } - - /** - * A class used to represent provenance values for MaD models. - * - * The provenance value is a string of the form `origin-verification` - * (or just `manual`), where `origin` is a value indicating the - * origin of the model, and `verification` is a value indicating, how - * the model was verified. - * - * Examples could be: - * - `df-generated`: A model produced by the model generator, but not verified by a human. - * - `ai-manual`: A model produced by AI, but verified by a human. - */ - class Provenance extends string { - private string verification; - - Provenance() { - exists(string origin | origin = getValidModelOrigin() | - this = origin + "-" + verification and - verification = ["manual", "generated"] - ) - or - this = verification and verification = "manual" - } - - /** - * Holds if this is a valid generated provenance value. - */ - predicate isGenerated() { verification = "generated" } - - /** - * Holds if this is a valid manual provenance value. - */ - predicate isManual() { verification = "manual" } - } - - /** A callable with a flow summary. */ - abstract class SummarizedCallable extends SummarizedCallableBase { - bindingset[this] - SummarizedCallable() { any() } - - /** - * Holds if data may flow from `input` to `output` through this callable. - * - * `preservesValue` indicates whether this is a value-preserving step - * or a taint-step. - * - * Input specifications are restricted to stacks that end with - * `SummaryComponent::argument(_)`, preceded by zero or more - * `SummaryComponent::return(_)` or `SummaryComponent::content(_)` components. - * - * Output specifications are restricted to stacks that end with - * `SummaryComponent::return(_)` or `SummaryComponent::argument(_)`. - * - * Output stacks ending with `SummaryComponent::return(_)` can be preceded by zero - * or more `SummaryComponent::content(_)` components. - * - * Output stacks ending with `SummaryComponent::argument(_)` can be preceded by an - * optional `SummaryComponent::parameter(_)` component, which in turn can be preceded - * by zero or more `SummaryComponent::content(_)` components. - */ - pragma[nomagic] - predicate propagatesFlow( - SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue - ) { - none() - } - - /** - * Holds if there exists a generated summary that applies to this callable. - */ - final predicate hasGeneratedModel() { - exists(Provenance p | p.isGenerated() and this.hasProvenance(p)) - } - - /** - * Holds if all the summaries that apply to this callable are auto generated and not manually created. - * That is, only apply generated models, when there are no manual models. - */ - final predicate applyGeneratedModel() { - this.hasGeneratedModel() and - not this.hasManualModel() - } - - /** - * Holds if there exists a manual summary that applies to this callable. - */ - final predicate hasManualModel() { - exists(Provenance p | p.isManual() and this.hasProvenance(p)) - } - - /** - * Holds if there exists a manual summary that applies to this callable. - * Always apply manual models if they exist. - */ - final predicate applyManualModel() { this.hasManualModel() } - - /** - * Holds if there exists a summary that applies to this callable - * that has provenance `provenance`. - */ - predicate hasProvenance(Provenance provenance) { provenance = "manual" } - } - - /** - * A callable where there is no flow via the callable. - */ - class NeutralSummaryCallable extends NeutralCallable { - NeutralSummaryCallable() { this.getKind() = "summary" } - } - - /** - * A callable that has a neutral model. - */ - class NeutralCallable extends NeutralCallableBase { - private string kind; - private Provenance provenance; - - NeutralCallable() { neutralElement(this, kind, provenance) } - - /** - * Holds if the neutral is auto generated. - */ - final predicate hasGeneratedModel() { provenance.isGenerated() } - - /** - * Holds if there exists a manual neutral that applies to this callable. - */ - final predicate hasManualModel() { provenance.isManual() } - - /** - * Holds if the neutral has provenance `p`. - */ - predicate hasProvenance(Provenance p) { p = provenance } - - /** - * Gets the kind of the neutral. - */ - string getKind() { result = kind } - } -} - -/** - * Provides predicates for compiling flow summaries down to atomic local steps, - * read steps, and store steps. - */ -module Private { - private import Public - private import codeql.dataflow.internal.AccessPathSyntax - - newtype TSummaryComponent = - TContentSummaryComponent(ContentSet c) or - TParameterSummaryComponent(ArgumentPosition pos) or - TArgumentSummaryComponent(ParameterPosition pos) or - TReturnSummaryComponent(ReturnKind rk) or - TSyntheticGlobalSummaryComponent(SummaryComponent::SyntheticGlobal sg) or - TWithoutContentSummaryComponent(ContentSet c) or - TWithContentSummaryComponent(ContentSet c) - - private TParameterSummaryComponent callbackSelfParam() { - result = TParameterSummaryComponent(callbackSelfParameterPosition()) - } - - newtype TSummaryComponentStack = - TSingletonSummaryComponentStack(SummaryComponent c) or - TConsSummaryComponentStack(SummaryComponent head, SummaryComponentStack tail) { - any(RequiredSummaryComponentStack x).required(head, tail) - or - any(RequiredSummaryComponentStack x).required(TParameterSummaryComponent(_), tail) and - head = callbackSelfParam() - or - derivedFluentFlowPush(_, _, _, head, tail, _) - } - - pragma[nomagic] - private predicate summary( - SummarizedCallable c, SummaryComponentStack input, SummaryComponentStack output, - boolean preservesValue - ) { - c.propagatesFlow(input, output, preservesValue) - or - // observe side effects of callbacks on input arguments - c.propagatesFlow(output, input, preservesValue) and - preservesValue = true and - isCallbackParameter(input) and - isContentOfArgument(output, _) - or - // flow from the receiver of a callback into the instance-parameter - exists(SummaryComponentStack s, SummaryComponentStack callbackRef | - c.propagatesFlow(s, _, _) or c.propagatesFlow(_, s, _) - | - callbackRef = s.drop(_) and - (isCallbackParameter(callbackRef) or callbackRef.head() = TReturnSummaryComponent(_)) and - input = callbackRef.tail() and - output = TConsSummaryComponentStack(callbackSelfParam(), input) and - preservesValue = true - ) - or - exists(SummaryComponentStack arg, SummaryComponentStack return | - derivedFluentFlow(c, input, arg, return, preservesValue) - | - arg.length() = 1 and - output = return - or - exists(SummaryComponent head, SummaryComponentStack tail | - derivedFluentFlowPush(c, input, arg, head, tail, 0) and - output = SummaryComponentStack::push(head, tail) - ) - ) - or - // Chain together summaries where values get passed into callbacks along the way - exists(SummaryComponentStack mid, boolean preservesValue1, boolean preservesValue2 | - c.propagatesFlow(input, mid, preservesValue1) and - c.propagatesFlow(mid, output, preservesValue2) and - mid.drop(mid.length() - 2) = - SummaryComponentStack::push(TParameterSummaryComponent(_), - SummaryComponentStack::singleton(TArgumentSummaryComponent(_))) and - preservesValue = preservesValue1.booleanAnd(preservesValue2) - ) - } - - /** - * Holds if `c` has a flow summary from `input` to `arg`, where `arg` - * writes to (contents of) arguments at position `pos`, and `c` has a - * value-preserving flow summary from the arguments at position `pos` - * to a return value (`return`). - * - * In such a case, we derive flow from `input` to (contents of) the return - * value. - * - * As an example, this simplifies modeling of fluent methods: - * for `StringBuilder.append(x)` with a specified value flow from qualifier to - * return value and taint flow from argument 0 to the qualifier, then this - * allows us to infer taint flow from argument 0 to the return value. - */ - pragma[nomagic] - private predicate derivedFluentFlow( - SummarizedCallable c, SummaryComponentStack input, SummaryComponentStack arg, - SummaryComponentStack return, boolean preservesValue - ) { - exists(ParameterPosition pos | - summary(c, input, arg, preservesValue) and - isContentOfArgument(arg, pos) and - summary(c, SummaryComponentStack::argument(pos), return, true) and - return.bottom() = TReturnSummaryComponent(_) - ) - } - - pragma[nomagic] - private predicate derivedFluentFlowPush( - SummarizedCallable c, SummaryComponentStack input, SummaryComponentStack arg, - SummaryComponent head, SummaryComponentStack tail, int i - ) { - derivedFluentFlow(c, input, arg, tail, _) and - head = arg.drop(i).head() and - i = arg.length() - 2 - or - exists(SummaryComponent head0, SummaryComponentStack tail0 | - derivedFluentFlowPush(c, input, arg, head0, tail0, i + 1) and - head = arg.drop(i).head() and - tail = SummaryComponentStack::push(head0, tail0) - ) - } - - private predicate isCallbackParameter(SummaryComponentStack s) { - s.head() = TParameterSummaryComponent(_) and exists(s.tail()) - } - - private predicate isContentOfArgument(SummaryComponentStack s, ParameterPosition pos) { - s.head() = TContentSummaryComponent(_) and isContentOfArgument(s.tail(), pos) - or - s = SummaryComponentStack::argument(pos) - } - - private predicate outputState(SummarizedCallable c, SummaryComponentStack s) { - summary(c, _, s, _) - or - exists(SummaryComponentStack out | - outputState(c, out) and - out.head() = TContentSummaryComponent(_) and - s = out.tail() - ) - or - // Add the argument node corresponding to the requested post-update node - inputState(c, s) and isCallbackParameter(s) - } - - private predicate inputState(SummarizedCallable c, SummaryComponentStack s) { - summary(c, s, _, _) - or - exists(SummaryComponentStack inp | inputState(c, inp) and s = inp.tail()) - or - exists(SummaryComponentStack out | - outputState(c, out) and - out.head() = TParameterSummaryComponent(_) and - s = out.tail() - ) - or - // Add the post-update node corresponding to the requested argument node - outputState(c, s) and isCallbackParameter(s) - or - // Add the parameter node for parameter side-effects - outputState(c, s) and s = SummaryComponentStack::argument(_) - } - - private newtype TSummaryNodeState = - TSummaryNodeInputState(SummaryComponentStack s) { inputState(_, s) } or - TSummaryNodeOutputState(SummaryComponentStack s) { outputState(_, s) } - - /** - * A state used to break up (complex) flow summaries into atomic flow steps. - * For a flow summary - * - * ```ql - * propagatesFlow( - * SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue - * ) - * ``` - * - * the following states are used: - * - * - `TSummaryNodeInputState(SummaryComponentStack s)`: - * this state represents that the components in `s` _have been read_ from the - * input. - * - `TSummaryNodeOutputState(SummaryComponentStack s)`: - * this state represents that the components in `s` _remain to be written_ to - * the output. - */ - private class SummaryNodeState extends TSummaryNodeState { - /** Holds if this state is a valid input state for `c`. */ - pragma[nomagic] - predicate isInputState(SummarizedCallable c, SummaryComponentStack s) { - this = TSummaryNodeInputState(s) and - inputState(c, s) - } - - /** Holds if this state is a valid output state for `c`. */ - pragma[nomagic] - predicate isOutputState(SummarizedCallable c, SummaryComponentStack s) { - this = TSummaryNodeOutputState(s) and - outputState(c, s) - } - - /** Gets a textual representation of this state. */ - string toString() { - exists(SummaryComponentStack s | - this = TSummaryNodeInputState(s) and - result = "read: " + s - ) - or - exists(SummaryComponentStack s | - this = TSummaryNodeOutputState(s) and - result = "to write: " + s - ) - } - } - - private newtype TSummaryNode = - TSummaryInternalNode(SummarizedCallable c, SummaryNodeState state) { - summaryNodeRange(c, state) - } or - TSummaryParameterNode(SummarizedCallable c, ParameterPosition pos) { - summaryParameterNodeRange(c, pos) - } - - abstract class SummaryNode extends TSummaryNode { - abstract string toString(); - - abstract SummarizedCallable getSummarizedCallable(); - } - - private class SummaryInternalNode extends SummaryNode, TSummaryInternalNode { - private SummarizedCallable c; - private SummaryNodeState state; - - SummaryInternalNode() { this = TSummaryInternalNode(c, state) } - - override string toString() { result = "[summary] " + state + " in " + c } - - override SummarizedCallable getSummarizedCallable() { result = c } - } - - private class SummaryParamNode extends SummaryNode, TSummaryParameterNode { - private SummarizedCallable c; - private ParameterPosition pos; - - SummaryParamNode() { this = TSummaryParameterNode(c, pos) } - - override string toString() { result = "[summary param] " + pos + " in " + c } - - override SummarizedCallable getSummarizedCallable() { result = c } - } - - /** - * Holds if `state` represents having read from a parameter at position - * `pos` in `c`. In this case we are not synthesizing a data-flow node, - * but instead assume that a relevant parameter node already exists. - */ - private predicate parameterReadState( - SummarizedCallable c, SummaryNodeState state, ParameterPosition pos - ) { - state.isInputState(c, SummaryComponentStack::argument(pos)) - } - - /** - * Holds if a synthesized summary node is needed for the state `state` in summarized - * callable `c`. - */ - private predicate summaryNodeRange(SummarizedCallable c, SummaryNodeState state) { - state.isInputState(c, _) and - not parameterReadState(c, state, _) - or - state.isOutputState(c, _) - } - - pragma[noinline] - private SummaryNode summaryNodeInputState(SummarizedCallable c, SummaryComponentStack s) { - exists(SummaryNodeState state | state.isInputState(c, s) | - result = TSummaryInternalNode(c, state) - or - exists(ParameterPosition pos | - parameterReadState(c, state, pos) and - result = TSummaryParameterNode(c, pos) - ) - ) - } - - pragma[noinline] - private SummaryNode summaryNodeOutputState(SummarizedCallable c, SummaryComponentStack s) { - exists(SummaryNodeState state | - state.isOutputState(c, s) and - result = TSummaryInternalNode(c, state) - ) - } - - /** - * Holds if a write targets `post`, which is a post-update node for a - * parameter at position `pos` in `c`. - */ - private predicate isParameterPostUpdate( - SummaryNode post, SummarizedCallable c, ParameterPosition pos - ) { - post = summaryNodeOutputState(c, SummaryComponentStack::argument(pos)) - } - - /** Holds if a parameter node at position `pos` is required for `c`. */ - private predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) { - parameterReadState(c, _, pos) - or - // Same as `isParameterPostUpdate(_, c, pos)`, but can be used in a negative context - any(SummaryNodeState state).isOutputState(c, SummaryComponentStack::argument(pos)) - } - - private predicate callbackOutput( - SummarizedCallable c, SummaryComponentStack s, SummaryNode receiver, ReturnKind rk - ) { - any(SummaryNodeState state).isInputState(c, s) and - s.head() = TReturnSummaryComponent(rk) and - receiver = summaryNodeInputState(c, s.tail()) - } - - private predicate callbackInput( - SummarizedCallable c, SummaryComponentStack s, SummaryNode receiver, ArgumentPosition pos - ) { - any(SummaryNodeState state).isOutputState(c, s) and - s.head() = TParameterSummaryComponent(pos) and - receiver = summaryNodeInputState(c, s.tail()) - } - - /** Holds if a call targeting `receiver` should be synthesized inside `c`. */ - predicate summaryCallbackRange(SummarizedCallable c, SummaryNode receiver) { - callbackOutput(c, _, receiver, _) - or - callbackInput(c, _, receiver, _) - } - - /** - * Gets the type of synthesized summary node `n`. - * - * The type is computed based on the language-specific predicates - * `getContentType()`, `getReturnType()`, `getCallbackParameterType()`, and - * `getCallbackReturnType()`. - */ - DataFlowType summaryNodeType(SummaryNode n) { - exists(SummaryNode pre | - summaryPostUpdateNode(n, pre) and - result = summaryNodeType(pre) - ) - or - exists(SummarizedCallable c, SummaryComponentStack s, SummaryComponent head | head = s.head() | - n = summaryNodeInputState(c, s) and - ( - exists(ContentSet cont | result = getContentType(cont) | - head = TContentSummaryComponent(cont) or - head = TWithContentSummaryComponent(cont) - ) - or - head = TWithoutContentSummaryComponent(_) and - result = summaryNodeType(summaryNodeInputState(c, s.tail())) - or - exists(ReturnKind rk | - head = TReturnSummaryComponent(rk) and - result = - getCallbackReturnType(summaryNodeType(summaryNodeInputState(pragma[only_bind_out](c), - s.tail())), rk) - ) - or - exists(SummaryComponent::SyntheticGlobal sg | - head = TSyntheticGlobalSummaryComponent(sg) and - result = getSyntheticGlobalType(sg) - ) - or - exists(ParameterPosition pos | - head = TArgumentSummaryComponent(pos) and - result = getParameterType(c, pos) - ) - ) - or - n = summaryNodeOutputState(c, s) and - ( - exists(ContentSet cont | - head = TContentSummaryComponent(cont) and result = getContentType(cont) - ) - or - s.length() = 1 and - exists(ReturnKind rk | - head = TReturnSummaryComponent(rk) and - result = getReturnType(c, rk) - ) - or - exists(ArgumentPosition pos | head = TParameterSummaryComponent(pos) | - result = - getCallbackParameterType(summaryNodeType(summaryNodeInputState(pragma[only_bind_out](c), - s.tail())), pos) - ) - or - exists(SummaryComponent::SyntheticGlobal sg | - head = TSyntheticGlobalSummaryComponent(sg) and - result = getSyntheticGlobalType(sg) - ) - ) - ) - } - - /** Holds if summary node `p` is a parameter with position `pos`. */ - predicate summaryParameterNode(SummaryNode p, ParameterPosition pos) { - p = TSummaryParameterNode(_, pos) - } - - /** Holds if summary node `out` contains output of kind `rk` from call `c`. */ - predicate summaryOutNode(DataFlowCall c, SummaryNode out, ReturnKind rk) { - exists(SummarizedCallable callable, SummaryComponentStack s, SummaryNode receiver | - callbackOutput(callable, s, receiver, rk) and - out = summaryNodeInputState(callable, s) and - c = summaryDataFlowCall(receiver) - ) - } - - /** Holds if summary node `arg` is at position `pos` in the call `c`. */ - predicate summaryArgumentNode(DataFlowCall c, SummaryNode arg, ArgumentPosition pos) { - exists(SummarizedCallable callable, SummaryComponentStack s, SummaryNode receiver | - callbackInput(callable, s, receiver, pos) and - arg = summaryNodeOutputState(callable, s) and - c = summaryDataFlowCall(receiver) - ) - } - - /** Holds if summary node `post` is a post-update node with pre-update node `pre`. */ - predicate summaryPostUpdateNode(SummaryNode post, SummaryNode pre) { - exists(SummarizedCallable c, ParameterPosition pos | - isParameterPostUpdate(post, c, pos) and - pre = TSummaryParameterNode(c, pos) - ) - or - exists(SummarizedCallable callable, SummaryComponentStack s | - callbackInput(callable, s, _, _) and - pre = summaryNodeOutputState(callable, s) and - post = summaryNodeInputState(callable, s) - ) - } - - /** Holds if summary node `ret` is a return node of kind `rk`. */ - predicate summaryReturnNode(SummaryNode ret, ReturnKind rk) { - exists(SummaryComponentStack s | - ret = summaryNodeOutputState(_, s) and - s = TSingletonSummaryComponentStack(TReturnSummaryComponent(rk)) - ) - } - - /** - * Holds if flow is allowed to pass from parameter `p`, to a return - * node, and back out to `p`. - */ - predicate summaryAllowParameterReturnInSelf(ParamNode p) { - exists(SummarizedCallable c, ParameterPosition ppos | - p.isParameterOf(inject(c), pragma[only_bind_into](ppos)) - | - exists(SummaryComponentStack inputContents, SummaryComponentStack outputContents | - summary(c, inputContents, outputContents, _) and - inputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos)) and - outputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos)) - ) - ) - } - - /** Provides a compilation of flow summaries to atomic data-flow steps. */ - module Steps { - /** - * Holds if there is a local step from `pred` to `succ`, which is synthesized - * from a flow summary. - */ - predicate summaryLocalStep(SummaryNode pred, SummaryNode succ, boolean preservesValue) { - exists( - SummarizedCallable c, SummaryComponentStack inputContents, - SummaryComponentStack outputContents - | - summary(c, inputContents, outputContents, preservesValue) and - pred = summaryNodeInputState(c, inputContents) and - succ = summaryNodeOutputState(c, outputContents) - | - preservesValue = true - or - preservesValue = false and not summary(c, inputContents, outputContents, true) - ) - or - exists(SummarizedCallable c, SummaryComponentStack s | - pred = summaryNodeInputState(c, s.tail()) and - succ = summaryNodeInputState(c, s) and - s.head() = [SummaryComponent::withContent(_), SummaryComponent::withoutContent(_)] and - preservesValue = true - ) - } - - /** - * Holds if there is a read step of content `c` from `pred` to `succ`, which - * is synthesized from a flow summary. - */ - predicate summaryReadStep(SummaryNode pred, ContentSet c, SummaryNode succ) { - exists(SummarizedCallable sc, SummaryComponentStack s | - pred = summaryNodeInputState(sc, s.tail()) and - succ = summaryNodeInputState(sc, s) and - SummaryComponent::content(c) = s.head() - ) - } - - /** - * Holds if there is a store step of content `c` from `pred` to `succ`, which - * is synthesized from a flow summary. - */ - predicate summaryStoreStep(SummaryNode pred, ContentSet c, SummaryNode succ) { - exists(SummarizedCallable sc, SummaryComponentStack s | - pred = summaryNodeOutputState(sc, s) and - succ = summaryNodeOutputState(sc, s.tail()) and - SummaryComponent::content(c) = s.head() - ) - } - - /** - * Holds if there is a jump step from `pred` to `succ`, which is synthesized - * from a flow summary. - */ - predicate summaryJumpStep(SummaryNode pred, SummaryNode succ) { - exists(SummaryComponentStack s | - s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and - pred = summaryNodeOutputState(_, s) and - succ = summaryNodeInputState(_, s) - ) - } - - /** - * Holds if values stored inside content `c` are cleared at `n`. `n` is a - * synthesized summary node, so in order for values to be cleared at calls - * to the relevant method, it is important that flow does not pass over - * the argument, either via use-use flow or def-use flow. - * - * Example: - * - * ``` - * a.b = taint; - * a.clearB(); // assume we have a flow summary for `clearB` that clears `b` on the qualifier - * sink(a.b); - * ``` - * - * In the above, flow should not pass from `a` on the first line (or the second - * line) to `a` on the third line. Instead, there will be synthesized flow from - * `a` on line 2 to the post-update node for `a` on that line (via an intermediate - * node where field `b` is cleared). - */ - predicate summaryClearsContent(SummaryNode n, ContentSet c) { - exists(SummarizedCallable sc, SummaryNodeState state, SummaryComponentStack stack | - n = TSummaryInternalNode(sc, state) and - state.isInputState(sc, stack) and - stack.head() = SummaryComponent::withoutContent(c) - ) - } - - /** - * Holds if the value that is being tracked is expected to be stored inside - * content `c` at `n`. - */ - predicate summaryExpectsContent(SummaryNode n, ContentSet c) { - exists(SummarizedCallable sc, SummaryNodeState state, SummaryComponentStack stack | - n = TSummaryInternalNode(sc, state) and - state.isInputState(sc, stack) and - stack.head() = SummaryComponent::withContent(c) - ) - } - - pragma[noinline] - private predicate viableParam( - DataFlowCall call, SummarizedCallable sc, ParameterPosition ppos, SummaryParamNode p - ) { - exists(DataFlowCallable c | - c = inject(sc) and - p = TSummaryParameterNode(sc, ppos) and - c = viableCallable(call) - ) - } - - pragma[nomagic] - private SummaryParamNode summaryArgParam(DataFlowCall call, ArgNode arg, SummarizedCallable sc) { - exists(ParameterPosition ppos | - argumentPositionMatch(call, arg, ppos) and - viableParam(call, sc, ppos, result) - ) - } - - /** - * Holds if `p` can reach `n` in a summarized callable, using only value-preserving - * local steps. `clearsOrExpects` records whether any node on the path from `p` to - * `n` either clears or expects contents. - */ - private predicate paramReachesLocal(SummaryParamNode p, SummaryNode n, boolean clearsOrExpects) { - viableParam(_, _, _, p) and - n = p and - clearsOrExpects = false - or - exists(SummaryNode mid, boolean clearsOrExpectsMid | - paramReachesLocal(p, mid, clearsOrExpectsMid) and - summaryLocalStep(mid, n, true) and - if - summaryClearsContent(n, _) or - summaryExpectsContent(n, _) - then clearsOrExpects = true - else clearsOrExpects = clearsOrExpectsMid - ) - } - - /** - * Holds if use-use flow starting from `arg` should be prohibited. - * - * This is the case when `arg` is the argument of a call that targets a - * flow summary where the corresponding parameter either clears contents - * or expects contents. - */ - pragma[nomagic] - predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) { - exists(SummaryParamNode p, ParameterPosition ppos, SummaryNode ret | - paramReachesLocal(p, ret, true) and - p = summaryArgParam(_, arg, sc) and - p = TSummaryParameterNode(_, pragma[only_bind_into](ppos)) and - isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos)) - ) - } - - pragma[nomagic] - private predicate summaryReturnNodeExt(SummaryNode ret, ReturnKindExt rk) { - summaryReturnNode(ret, rk.(ValueReturnKind).getKind()) - or - exists(SummaryParamNode p, SummaryNode pre, ParameterPosition pos | - paramReachesLocal(p, pre, _) and - summaryPostUpdateNode(ret, pre) and - p = TSummaryParameterNode(_, pos) and - rk.(ParamUpdateReturnKind).getPosition() = pos - ) - } - - bindingset[ret] - private SummaryParamNode summaryArgParamRetOut( - ArgNode arg, SummaryNode ret, OutNodeExt out, SummarizedCallable sc - ) { - exists(DataFlowCall call, ReturnKindExt rk | - result = summaryArgParam(call, arg, sc) and - summaryReturnNodeExt(ret, pragma[only_bind_into](rk)) and - out = pragma[only_bind_into](rk).getAnOutNode(call) - ) - } - - /** - * Holds if `arg` flows to `out` using a simple value-preserving flow - * summary, that is, a flow summary without reads and stores. - * - * NOTE: This step should not be used in global data-flow/taint-tracking, but may - * be useful to include in the exposed local data-flow/taint-tracking relations. - */ - predicate summaryThroughStepValue(ArgNode arg, Node out, SummarizedCallable sc) { - exists(ReturnKind rk, SummaryNode ret, DataFlowCall call | - summaryLocalStep(summaryArgParam(call, arg, sc), ret, true) and - summaryReturnNode(ret, pragma[only_bind_into](rk)) and - out = getAnOutNode(call, pragma[only_bind_into](rk)) - ) - } - - /** - * Holds if `arg` flows to `out` using a simple flow summary involving taint - * step, that is, a flow summary without reads and stores. - * - * NOTE: This step should not be used in global data-flow/taint-tracking, but may - * be useful to include in the exposed local data-flow/taint-tracking relations. - */ - predicate summaryThroughStepTaint(ArgNode arg, Node out, SummarizedCallable sc) { - exists(SummaryNode ret | - summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), ret, false) - ) - } - - /** - * Holds if there is a read(+taint) of `c` from `arg` to `out` using a - * flow summary. - * - * NOTE: This step should not be used in global data-flow/taint-tracking, but may - * be useful to include in the exposed local data-flow/taint-tracking relations. - */ - predicate summaryGetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) { - exists(SummaryNode mid, SummaryNode ret | - summaryReadStep(summaryArgParamRetOut(arg, ret, out, sc), c, mid) and - summaryLocalStep(mid, ret, _) - ) - } - - /** - * Holds if there is a (taint+)store of `arg` into content `c` of `out` using a - * flow summary. - * - * NOTE: This step should not be used in global data-flow/taint-tracking, but may - * be useful to include in the exposed local data-flow/taint-tracking relations. - */ - predicate summarySetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) { - exists(SummaryNode mid, SummaryNode ret | - summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), mid, _) and - summaryStoreStep(mid, c, ret) - ) - } - } - - /** Holds if `spec` is a relevant external specification. */ - private predicate relevantSpec(string spec) { - summaryElement(_, spec, _, _, _) or - summaryElement(_, _, spec, _, _) or - sourceElement(_, spec, _, _) or - sinkElement(_, spec, _, _) - } - - import AccessPath - - /** - * Provides a means of translating externally (e.g., MaD) defined flow - * summaries into a `SummarizedCallable`s. - */ - module External { - /** Holds if specification component `token` parses as parameter `pos`. */ - predicate parseParam(AccessPathToken token, ArgumentPosition pos) { - token.getName() = "Parameter" and - pos = parseParamBody(token.getAnArgument()) - } - - /** Holds if specification component `token` parses as argument `pos`. */ - predicate parseArg(AccessPathToken token, ParameterPosition pos) { - token.getName() = "Argument" and - pos = parseArgBody(token.getAnArgument()) - } - - /** Holds if specification component `token` parses as synthetic global `sg`. */ - predicate parseSynthGlobal(AccessPathToken token, string sg) { - token.getName() = "SyntheticGlobal" and - sg = token.getAnArgument() - } - - private class SyntheticGlobalFromAccessPath extends SummaryComponent::SyntheticGlobal { - SyntheticGlobalFromAccessPath() { parseSynthGlobal(_, this) } - } - - private SummaryComponent interpretComponent(AccessPathToken token) { - exists(ParameterPosition pos | - parseArg(token, pos) and result = SummaryComponent::argument(pos) - ) - or - exists(ArgumentPosition pos | - parseParam(token, pos) and result = SummaryComponent::parameter(pos) - ) - or - token = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind()) - or - exists(string sg | - parseSynthGlobal(token, sg) and result = SummaryComponent::syntheticGlobal(sg) - ) - or - result = interpretComponentSpecific(token) - } - - /** - * Holds if `spec` specifies summary component stack `stack`. - */ - predicate interpretSpec(AccessPath spec, SummaryComponentStack stack) { - interpretSpec(spec, spec.getNumToken(), stack) - } - - /** Holds if the first `n` tokens of `spec` resolves to `stack`. */ - private predicate interpretSpec(AccessPath spec, int n, SummaryComponentStack stack) { - n = 1 and - stack = SummaryComponentStack::singleton(interpretComponent(spec.getToken(0))) - or - exists(SummaryComponent head, SummaryComponentStack tail | - interpretSpec(spec, n, head, tail) and - stack = SummaryComponentStack::push(head, tail) - ) - } - - /** Holds if the first `n` tokens of `spec` resolves to `head` followed by `tail` */ - private predicate interpretSpec( - AccessPath spec, int n, SummaryComponent head, SummaryComponentStack tail - ) { - interpretSpec(spec, n - 1, tail) and - head = interpretComponent(spec.getToken(n - 1)) - } - - private class MkStack extends RequiredSummaryComponentStack { - override predicate required(SummaryComponent head, SummaryComponentStack tail) { - interpretSpec(_, _, head, tail) - } - } - - private class SummarizedCallableExternal extends SummarizedCallable { - SummarizedCallableExternal() { summaryElement(this, _, _, _, _) } - - private predicate relevantSummaryElementGenerated( - AccessPath inSpec, AccessPath outSpec, string kind - ) { - exists(Provenance provenance | - provenance.isGenerated() and - summaryElement(this, inSpec, outSpec, kind, provenance) - ) and - not this.applyManualModel() - } - - private predicate relevantSummaryElement(AccessPath inSpec, AccessPath outSpec, string kind) { - exists(Provenance provenance | - provenance.isManual() and - summaryElement(this, inSpec, outSpec, kind, provenance) - ) - or - this.relevantSummaryElementGenerated(inSpec, outSpec, kind) - } - - override predicate propagatesFlow( - SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue - ) { - exists(AccessPath inSpec, AccessPath outSpec, string kind | - this.relevantSummaryElement(inSpec, outSpec, kind) and - interpretSpec(inSpec, input) and - interpretSpec(outSpec, output) - | - kind = "value" and preservesValue = true - or - kind = "taint" and preservesValue = false - ) - } - - override predicate hasProvenance(Provenance provenance) { - summaryElement(this, _, _, _, provenance) - } - } - - /** Holds if component `c` of specification `spec` cannot be parsed. */ - predicate invalidSpecComponent(AccessPath spec, string c) { - c = spec.getToken(_) and - not exists(interpretComponent(c)) - } - - /** Holds if `provenance` is not a valid provenance value. */ - bindingset[provenance] - predicate invalidProvenance(string provenance) { not provenance instanceof Provenance } - - /** - * Holds if token `part` of specification `spec` has an invalid index. - * E.g., `Argument[-1]`. - */ - predicate invalidIndexComponent(AccessPath spec, AccessPathToken part) { - part = spec.getToken(_) and - part.getName() = ["Parameter", "Argument"] and - parseInt(part.getArgumentList()) < 0 - } - - private predicate inputNeedsReference(AccessPathToken c) { - c.getName() = "Argument" or - inputNeedsReferenceSpecific(c) - } - - private predicate outputNeedsReference(AccessPathToken c) { - c.getName() = ["Argument", "ReturnValue"] or - outputNeedsReferenceSpecific(c) - } - - private predicate sourceElementRef(InterpretNode ref, AccessPath output, string kind) { - exists(SourceOrSinkElement e | - sourceElement(e, output, kind, _) and - if outputNeedsReference(output.getToken(0)) - then e = ref.getCallTarget() - else e = ref.asElement() - ) - } - - private predicate sinkElementRef(InterpretNode ref, AccessPath input, string kind) { - exists(SourceOrSinkElement e | - sinkElement(e, input, kind, _) and - if inputNeedsReference(input.getToken(0)) - then e = ref.getCallTarget() - else e = ref.asElement() - ) - } - - /** Holds if the first `n` tokens of `output` resolve to the given interpretation. */ - private predicate interpretOutput( - AccessPath output, int n, InterpretNode ref, InterpretNode node - ) { - sourceElementRef(ref, output, _) and - n = 0 and - ( - if output = "" - then - // Allow language-specific interpretation of the empty access path - interpretOutputSpecific("", ref, node) - else node = ref - ) - or - exists(InterpretNode mid, AccessPathToken c | - interpretOutput(output, n - 1, ref, mid) and - c = output.getToken(n - 1) - | - exists(ArgumentPosition apos, ParameterPosition ppos | - node.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(mid.asCall(), apos) and - parameterMatch(ppos, apos) - | - c = "Argument" or parseArg(c, ppos) - ) - or - exists(ArgumentPosition apos, ParameterPosition ppos | - node.asNode().(ParamNode).isParameterOf(mid.asCallable(), ppos) and - parameterMatch(ppos, apos) - | - c = "Parameter" or parseParam(c, apos) - ) - or - c = "ReturnValue" and - node.asNode() = getAnOutNodeExt(mid.asCall(), TValueReturn(getReturnValueKind())) - or - interpretOutputSpecific(c, mid, node) - ) - } - - /** Holds if the first `n` tokens of `input` resolve to the given interpretation. */ - private predicate interpretInput(AccessPath input, int n, InterpretNode ref, InterpretNode node) { - sinkElementRef(ref, input, _) and - n = 0 and - ( - if input = "" - then - // Allow language-specific interpretation of the empty access path - interpretInputSpecific("", ref, node) - else node = ref - ) - or - exists(InterpretNode mid, AccessPathToken c | - interpretInput(input, n - 1, ref, mid) and - c = input.getToken(n - 1) - | - exists(ArgumentPosition apos, ParameterPosition ppos | - node.asNode().(ArgNode).argumentOf(mid.asCall(), apos) and - parameterMatch(ppos, apos) - | - c = "Argument" or parseArg(c, ppos) - ) - or - exists( - ReturnNode ret // TODO: hacked to make this compile; need to switch to module in qlpack - | - c = "ReturnValue" and - ret = node.asNode() and - ret.getKind() = getReturnValueKind() and - mid.asCallable() = getNodeEnclosingCallable(ret) - ) - or - interpretInputSpecific(c, mid, node) - ) - } - - /** - * Holds if `node` is specified as a source with the given kind in a MaD flow - * model. - */ - predicate isSourceNode(InterpretNode node, string kind) { - exists(InterpretNode ref, AccessPath output | - sourceElementRef(ref, output, kind) and - interpretOutput(output, output.getNumToken(), ref, node) - ) - } - - /** - * Holds if `node` is specified as a sink with the given kind in a MaD flow - * model. - */ - predicate isSinkNode(InterpretNode node, string kind) { - exists(InterpretNode ref, AccessPath input | - sinkElementRef(ref, input, kind) and - interpretInput(input, input.getNumToken(), ref, node) - ) - } - } - - /** Provides a query predicate for outputting a set of relevant flow summaries. */ - module TestOutput { - /** A flow summary to include in the `summary/1` query predicate. */ - abstract class RelevantSummarizedCallable instanceof SummarizedCallable { - /** Gets the string representation of this callable used by `summary/1`. */ - abstract string getCallableCsv(); - - /** Holds if flow is propagated between `input` and `output`. */ - predicate relevantSummary( - SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue - ) { - super.propagatesFlow(input, output, preservesValue) - } - - string toString() { result = super.toString() } - } - - /** A model to include in the `neutral/1` query predicate. */ - abstract class RelevantNeutralCallable instanceof NeutralCallable { - /** Gets the string representation of this callable used by `neutral/1`. */ - abstract string getCallableCsv(); - - /** - * Gets the kind of the neutral. - */ - string getKind() { result = super.getKind() } - - string toString() { result = super.toString() } - } - - /** Render the kind in the format used in flow summaries. */ - private string renderKind(boolean preservesValue) { - preservesValue = true and result = "value" - or - preservesValue = false and result = "taint" - } - - private string renderProvenance(SummarizedCallable c) { - if c.applyManualModel() then result = "manual" else c.hasProvenance(result) - } - - private string renderProvenanceNeutral(NeutralCallable c) { - if c.hasManualModel() then result = "manual" else c.hasProvenance(result) - } - - /** - * A query predicate for outputting flow summaries in semi-colon separated format in QL tests. - * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance", - * ext is hardcoded to empty. - */ - query predicate summary(string csv) { - exists( - RelevantSummarizedCallable c, SummaryComponentStack input, SummaryComponentStack output, - boolean preservesValue - | - c.relevantSummary(input, output, preservesValue) and - csv = - c.getCallableCsv() // Callable information - + input.getMadRepresentation() + ";" // input - + output.getMadRepresentation() + ";" // output - + renderKind(preservesValue) + ";" // kind - + renderProvenance(c) // provenance - ) - } - - /** - * Holds if a neutral model `csv` exists (semi-colon separated format). Used for testing purposes. - * The syntax is: "namespace;type;name;signature;kind;provenance"", - */ - query predicate neutral(string csv) { - exists(RelevantNeutralCallable c | - csv = - c.getCallableCsv() // Callable information - + c.getKind() + ";" // kind - + renderProvenanceNeutral(c) // provenance - ) - } - } - - /** - * Provides query predicates for rendering the generated data flow graph for - * a summarized callable. - * - * Import this module into a `.ql` file of `@kind graph` to render the graph. - * The graph is restricted to callables from `RelevantSummarizedCallable`. - */ - module RenderSummarizedCallable { - /** A summarized callable to include in the graph. */ - abstract class RelevantSummarizedCallable instanceof SummarizedCallable { - string toString() { result = super.toString() } - } - - private newtype TNodeOrCall = - MkNode(SummaryNode n) { - exists(RelevantSummarizedCallable c | - n = TSummaryInternalNode(c, _) - or - n = TSummaryParameterNode(c, _) - ) - } or - MkCall(DataFlowCall call) { - call = summaryDataFlowCall(_) and - call.getEnclosingCallable() = inject(any(RelevantSummarizedCallable c)) - } - - private class NodeOrCall extends TNodeOrCall { - SummaryNode asNode() { this = MkNode(result) } - - DataFlowCall asCall() { this = MkCall(result) } - - string toString() { - result = this.asNode().toString() - or - result = this.asCall().toString() - } - - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - filepath = "" and - startline = 0 and - startcolumn = 0 and - endline = 0 and - endcolumn = 0 - } - } - - query predicate nodes(NodeOrCall n, string key, string val) { - key = "semmle.label" and val = n.toString() - } - - private predicate edgesComponent(NodeOrCall a, NodeOrCall b, string value) { - exists(boolean preservesValue | - Private::Steps::summaryLocalStep(a.asNode(), b.asNode(), preservesValue) and - if preservesValue = true then value = "value" else value = "taint" - ) - or - exists(ContentSet c | - Private::Steps::summaryReadStep(a.asNode(), c, b.asNode()) and - value = "read (" + c + ")" - or - Private::Steps::summaryStoreStep(a.asNode(), c, b.asNode()) and - value = "store (" + c + ")" - or - Private::Steps::summaryClearsContent(a.asNode(), c) and - b = a and - value = "clear (" + c + ")" - or - Private::Steps::summaryExpectsContent(a.asNode(), c) and - b = a and - value = "expect (" + c + ")" - ) - or - summaryPostUpdateNode(b.asNode(), a.asNode()) and - value = "post-update" - or - b.asCall() = summaryDataFlowCall(a.asNode()) and - value = "receiver" - or - exists(ArgumentPosition pos | - summaryArgumentNode(b.asCall(), a.asNode(), pos) and - value = "argument (" + pos + ")" - ) - } - - query predicate edges(NodeOrCall a, NodeOrCall b, string key, string value) { - key = "semmle.label" and - value = strictconcat(string s | edgesComponent(a, b, s) | s, " / ") - } - } -} +private import semmle.javascript.Locations +private import codeql.dataflow.internal.FlowSummaryImpl +private import DataFlowArg +import Make diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImplSpecific.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImplSpecific.qll deleted file mode 100644 index 71b4db2f016e..000000000000 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImplSpecific.qll +++ /dev/null @@ -1 +0,0 @@ -import semmle.javascript.dataflow.internal.FlowSummaryPrivate From 8c4e5e8876f6a3a3834a19552691d1dd2a69ee20 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 26 Jun 2024 13:16:10 +0200 Subject: [PATCH 203/223] Boilerplate implementation of default predicates from FlowSummaryImpl.qll --- .../dataflow/internal/FlowSummaryPrivate.qll | 94 +++++++++++++++++++ .../internal/sharedlib/DataFlowArg.qll | 20 ++++ 2 files changed, 114 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index d68773087867..f329057f72cf 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -374,3 +374,97 @@ private module FlowSummaryStepInput implements Private::StepsInputSig { } module Steps = Private::Steps; + +/** + * Gets the textual representation of content `c` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeContent(ContentSet c, string arg) { none() } + +/** + * Gets the textual representation of return kind `rk` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeReturn(ReturnKind rk, string arg) { none() } + +/** + * Gets the textual representation of without-content `c` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeWithoutContent(ContentSet c, string arg) { none() } + +/** + * Gets the textual representation of with-content `c` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeWithContent(ContentSet c, string arg) { none() } + +/** + * Gets a parameter position corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeParameterPosition` predicate. This is useful for example when a + * single token gives rise to multiple parameter positions, such as ranges + * `0..n`. + */ +bindingset[token] +ParameterPosition decodeUnknownParameterPosition(AccessPathSyntax::AccessPathTokenBase token) { + none() +} + +/** + * Gets an argument position corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeArgumentPosition` predicate. This is useful for example when a + * single token gives rise to multiple argument positions, such as ranges + * `0..n`. + */ +bindingset[token] +ArgumentPosition decodeUnknownArgumentPosition(AccessPathSyntax::AccessPathTokenBase token) { + none() +} + +/** + * Gets a content corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeContent` predicate. + */ +bindingset[token] +ContentSet decodeUnknownContent(AccessPathSyntax::AccessPathTokenBase token) { none() } + +/** + * Gets a return kind corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeReturn` predicate. + */ +bindingset[token] +ReturnKind decodeUnknownReturn(AccessPathSyntax::AccessPathTokenBase token) { none() } + +/** + * Gets a without-content corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeWithoutContent` predicate. + */ +bindingset[token] +ContentSet decodeUnknownWithoutContent(AccessPathSyntax::AccessPathTokenBase token) { none() } + +/** + * Gets a with-content corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeWithContent` predicate. + */ +bindingset[token] +ContentSet decodeUnknownWithContent(AccessPathSyntax::AccessPathTokenBase token) { none() } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll index fae8bb76fca4..c911461788dc 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll @@ -30,4 +30,24 @@ module JSFlowSummary implements FlowSummaryImpl::InputSig // Explicitly implement signature members that have a default predicate callbackSelfParameterPosition = FlowSummaryPrivate::callbackSelfParameterPosition/0; + + predicate encodeContent = FlowSummaryPrivate::encodeContent/2; + + predicate encodeReturn = FlowSummaryPrivate::encodeReturn/2; + + predicate encodeWithoutContent = FlowSummaryPrivate::encodeWithoutContent/2; + + predicate encodeWithContent = FlowSummaryPrivate::encodeWithContent/2; + + predicate decodeUnknownParameterPosition = FlowSummaryPrivate::decodeUnknownParameterPosition/1; + + predicate decodeUnknownArgumentPosition = FlowSummaryPrivate::decodeUnknownArgumentPosition/1; + + predicate decodeUnknownContent = FlowSummaryPrivate::decodeUnknownContent/1; + + predicate decodeUnknownReturn = FlowSummaryPrivate::decodeUnknownReturn/1; + + predicate decodeUnknownWithoutContent = FlowSummaryPrivate::decodeUnknownWithoutContent/1; + + predicate decodeUnknownWithContent = FlowSummaryPrivate::decodeUnknownWithContent/1; } From 5811a3c5a6767fbf403a9770d3553098e0741ab1 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 26 Jun 2024 13:24:27 +0200 Subject: [PATCH 204/223] Port getMadStringFromContentSet -> encodeContent --- .../dataflow/internal/FlowSummaryPrivate.qll | 81 +++++++++---------- 1 file changed, 36 insertions(+), 45 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index f329057f72cf..b2cbe31f90b9 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -221,63 +221,62 @@ Private::SummaryComponent interpretComponentSpecific(Private::AccessPathToken c) result = Private::SummaryComponent::content(MkArrayElementDeep()) } -private string getMadStringFromContentSetAux(ContentSet cs) { +private string encodeContentAux(ContentSet cs, string arg) { cs = ContentSet::arrayElement() and - result = "ArrayElement" + result = "ArrayElement" and + arg = "" or cs = ContentSet::arrayElementUnknown() and - result = "ArrayElement[?]" + result = "ArrayElement" and + arg = "?" or exists(int n | cs = ContentSet::arrayElementLowerBound(n) and - result = "ArrayElement[" + n + "..]" and + result = "ArrayElement" and + arg = n + ".." and n > 0 // n=0 is just 'ArrayElement' or cs = ContentSet::arrayElementKnown(n) and - result = "ArrayElement[" + n + "]" + result = "ArrayElement" and + arg = n.toString() or n = cs.asPropertyName().toInt() and n >= 0 and - result = "ArrayElement[" + n + "!]" + result = "ArrayElement" and + arg = n + "!" ) or - cs = ContentSet::mapValueAll() and result = "MapValue" - or - cs = ContentSet::mapKey() and result = "MapKey" - or - cs = ContentSet::setElement() and result = "SetElement" - or - cs = ContentSet::iteratorElement() and result = "IteratorElement" - or - cs = ContentSet::iteratorError() and result = "IteratorError" - or - exists(string awaitedArg | - cs = getPromiseContent(awaitedArg) and - result = "Awaited[" + awaitedArg + "]" + arg = "" and + ( + cs = ContentSet::mapValueAll() and result = "MapValue" + or + cs = ContentSet::mapKey() and result = "MapKey" + or + cs = ContentSet::setElement() and result = "SetElement" + or + cs = ContentSet::iteratorElement() and result = "IteratorElement" + or + cs = ContentSet::iteratorError() and result = "IteratorError" ) or - cs = MkAwaited() and result = "Awaited" -} - -private string getMadStringFromContentSet(ContentSet cs) { - result = getMadStringFromContentSetAux(cs) + cs = getPromiseContent(arg) and + result = "Awaited" or - not exists(getMadStringFromContentSetAux(cs)) and - result = "Member[" + cs.asSingleton() + "]" + cs = MkAwaited() and result = "Awaited" and arg = "" } -/** Gets the textual representation of a summary component in the format used for MaD models. */ -string getMadRepresentationSpecific(Private::SummaryComponent sc) { - exists(ContentSet cs | - sc = Private::SummaryComponent::content(cs) and - result = getMadStringFromContentSet(cs) - ) +/** + * Gets the textual representation of content `cs` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeContent(ContentSet cs, string arg) { + result = encodeContentAux(cs, arg) or - exists(ReturnKind rk | - sc = Private::SummaryComponent::return(rk) and - not rk = getReturnValueKind() and - result = "ReturnValue[" + rk + "]" - ) + not exists(encodeContentAux(cs, _)) and + result = "Member" and + arg = cs.asSingleton().toString() } /** Gets the textual representation of a parameter position in the format used for flow summaries. */ @@ -375,14 +374,6 @@ private module FlowSummaryStepInput implements Private::StepsInputSig { module Steps = Private::Steps; -/** - * Gets the textual representation of content `c` used in MaD. - * - * `arg` will be printed in square brackets (`[]`) after the result, unless - * `arg` is the empty string. - */ -string encodeContent(ContentSet c, string arg) { none() } - /** * Gets the textual representation of return kind `rk` used in MaD. * From b0ea81276b7bfad799757c65a5617b1fa284bebf Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 26 Jun 2024 13:27:18 +0200 Subject: [PATCH 205/223] Implement encodeReturn --- .../javascript/dataflow/internal/FlowSummaryPrivate.qll | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index b2cbe31f90b9..6886672049ef 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -380,7 +380,14 @@ module Steps = Private::Steps; * `arg` will be printed in square brackets (`[]`) after the result, unless * `arg` is the empty string. */ -string encodeReturn(ReturnKind rk, string arg) { none() } +string encodeReturn(ReturnKind rk, string arg) { + result = "ReturnValue" and + ( + rk = MkNormalReturnKind() and arg = "" + or + rk = MkExceptionalReturnKind() and arg = "exception" + ) +} /** * Gets the textual representation of without-content `c` used in MaD. From 6c0c67dce47a07b55042d546dc7ed350513fff49 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 26 Jun 2024 13:28:48 +0200 Subject: [PATCH 206/223] Implement encodeWith/WithoutContent --- .../javascript/dataflow/internal/FlowSummaryPrivate.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index 6886672049ef..89c282384d49 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -395,7 +395,7 @@ string encodeReturn(ReturnKind rk, string arg) { * `arg` will be printed in square brackets (`[]`) after the result, unless * `arg` is the empty string. */ -string encodeWithoutContent(ContentSet c, string arg) { none() } +string encodeWithoutContent(ContentSet c, string arg) { result = "Without" + encodeContent(c, arg) } /** * Gets the textual representation of with-content `c` used in MaD. @@ -403,7 +403,7 @@ string encodeWithoutContent(ContentSet c, string arg) { none() } * `arg` will be printed in square brackets (`[]`) after the result, unless * `arg` is the empty string. */ -string encodeWithContent(ContentSet c, string arg) { none() } +string encodeWithContent(ContentSet c, string arg) { result = "With" + encodeContent(c, arg) } /** * Gets a parameter position corresponding to the unknown token `token`. From 3bebd709b34731aa92966a49e97f7053b92ef476 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 26 Jun 2024 13:38:28 +0200 Subject: [PATCH 207/223] Handle AnyMemberDeep and ArrayElementDeep in encodeContent --- .../javascript/dataflow/internal/FlowSummaryPrivate.qll | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index 89c282384d49..dc0821b74b62 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -263,6 +263,10 @@ private string encodeContentAux(ContentSet cs, string arg) { result = "Awaited" or cs = MkAwaited() and result = "Awaited" and arg = "" + or + cs = MkAnyPropertyDeep() and result = "AnyMemberDeep" and arg = "" + or + cs = MkArrayElementDeep() and result = "ArrayElementDeep" and arg = "" } /** From e67e89dd70b246bb9f7bff86a3c854b570f5889f Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 26 Jun 2024 13:39:04 +0200 Subject: [PATCH 208/223] Implement decodeUnknownArgument/ParameterPosition --- .../javascript/dataflow/internal/FlowSummaryPrivate.qll | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index dc0821b74b62..54fae7d8a6d2 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -419,7 +419,8 @@ string encodeWithContent(ContentSet c, string arg) { result = "With" + encodeCon */ bindingset[token] ParameterPosition decodeUnknownParameterPosition(AccessPathSyntax::AccessPathTokenBase token) { - none() + token.getName() = "Parameter" and + desugaredPositionName(result, token.getAnArgument()) } /** @@ -432,7 +433,8 @@ ParameterPosition decodeUnknownParameterPosition(AccessPathSyntax::AccessPathTok */ bindingset[token] ArgumentPosition decodeUnknownArgumentPosition(AccessPathSyntax::AccessPathTokenBase token) { - none() + token.getName() = "Argument" and + desugaredPositionName(result, token.getAnArgument()) } /** From fc7c2c5b1705ee256ae0ae842bfab47b29be909a Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 26 Jun 2024 13:48:51 +0200 Subject: [PATCH 209/223] Remove unused code --- .../dataflow/internal/FlowSummaryPrivate.qll | 239 ------------------ 1 file changed, 239 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index 54fae7d8a6d2..1186c713e9af 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -5,113 +5,19 @@ private import javascript private import semmle.javascript.dataflow.internal.DataFlowPrivate private import semmle.javascript.dataflow.internal.Contents::Private -private import semmle.javascript.dataflow.FlowSummary as FlowSummary private import sharedlib.DataFlowImplCommon private import sharedlib.FlowSummaryImpl::Private as Private private import sharedlib.FlowSummaryImpl::Public private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax -private class Node = DataFlow::Node; - /** * A class of callables that are candidates for flow summary modeling. */ class SummarizedCallableBase = string; -/** - * A class of callables that are candidates for neutral modeling. - */ -class NeutralCallableBase = string; - -/** - * Holds if a neutral model exists for `c` of kind `kind` and with provenance `provenance`. - * Note: Neutral models have not been implemented for Javascript. - */ -predicate neutralElement(NeutralCallableBase c, string kind, string provenance) { none() } - -DataFlowCallable inject(SummarizedCallable c) { result.asLibraryCallable() = c } - /** Gets the parameter position representing a callback itself, if any. */ ArgumentPosition callbackSelfParameterPosition() { result.isFunctionSelfReference() } -/** Gets the synthesized data-flow call for `receiver`. */ -SummaryCall summaryDataFlowCall(Private::SummaryNode receiver) { receiver = result.getReceiver() } - -/** Gets the type of content `c`. */ -DataFlowType getContentType(ContentSet c) { result = TAnyType() and exists(c) } - -/** Gets the type of the parameter at the given position. */ -bindingset[c, pos] -DataFlowType getParameterType(SummarizedCallable c, ParameterPosition pos) { - // TODO: we could assign a more precise type to the function self-reference parameter - result = TAnyType() and exists(c) and exists(pos) -} - -/** Gets the return type of kind `rk` for callable `c`. */ -bindingset[c, rk] -DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) { - result = TAnyType() and exists(c) and exists(rk) -} - -/** - * Gets the type of the `i`th parameter in a synthesized call that targets a - * callback of type `t`. - */ -bindingset[t, pos] -DataFlowType getCallbackParameterType(DataFlowType t, ArgumentPosition pos) { - result = TAnyType() and exists(t) and exists(pos) -} - -/** - * Gets the return type of kind `rk` in a synthesized call that targets a - * callback of type `t`. - */ -DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { - result = TAnyType() and exists(t) and exists(rk) -} - -/** - * Holds if an external flow summary exists for `c` with input specification - * `input`, output specification `output`, kind `kind`, and provenance `provenance`. - */ -predicate summaryElement( - FlowSummary::SummarizedCallable c, string input, string output, string kind, string provenance -) { - exists(boolean preservesValue | - c.propagatesFlowExt(input, output, preservesValue) and - (if preservesValue = true then kind = "value" else kind = "taint") and - provenance = "manual" - ) -} - -/** - * Holds if a neutral summary model exists for `c` with provenance `provenance`, - * which means that there is no flow through `c`. - * Note. Neutral models have not been implemented for JS. - */ -predicate neutralSummaryElement(FlowSummary::SummarizedCallable c, string provenance) { none() } - -pragma[inline] -private Private::SummaryComponent makeContentComponents( - Private::AccessPathToken token, string name, ContentSet contents -) { - token.getName() = name and - result = Private::SummaryComponent::content(contents) - or - token.getName() = "With" + name and - result = Private::SummaryComponent::withContent(contents) - or - token.getName() = "Without" + name and - result = Private::SummaryComponent::withoutContent(contents) -} - -pragma[inline] -private Private::SummaryComponent makePropertyContentComponents( - Private::AccessPathToken token, string name, PropertyName content -) { - result = makeContentComponents(token, name, ContentSet::property(content)) -} - /** * Gets the content set corresponding to `Awaited[arg]`. */ @@ -145,82 +51,6 @@ private predicate desugaredPositionName(ParameterPosition pos, string operand) { pos.asPositional() = AccessPathSyntax::parseInt(operand) // parse closed intervals } -bindingset[operand] -private ParameterPosition parsePosition(string operand) { - positionName(result, operand) or desugaredPositionName(result, operand) -} - -/** - * Gets the summary component for specification component `c`, if any. - * - * This covers all the JS-specific components of a flow summary. - */ -Private::SummaryComponent interpretComponentSpecific(Private::AccessPathToken c) { - c.getName() = "Argument" and - result = Private::SummaryComponent::argument(parsePosition(c.getAnArgument())) - or - c.getName() = "Parameter" and - result = Private::SummaryComponent::parameter(parsePosition(c.getAnArgument())) - or - result = makePropertyContentComponents(c, "Member", c.getAnArgument()) - or - result = makeContentComponents(c, "Awaited", getPromiseContent(c.getAnArgument())) - or - c.getNumArgument() = 0 and - result = makeContentComponents(c, "ArrayElement", ContentSet::arrayElement()) - or - c.getAnArgument() = "?" and - result = makeContentComponents(c, "ArrayElement", ContentSet::arrayElementUnknown()) - or - exists(int n | - n = c.getAnArgument().toInt() and - result = makeContentComponents(c, "ArrayElement", ContentSet::arrayElementKnown(n)) - or - // ArrayElement[n!] refers to index n, and never the unknown content - c.getAnArgument().regexpCapture("(\\d+)!", 1).toInt() = n and - result = makePropertyContentComponents(c, "ArrayElement", n.toString()) - or - // ArrayElement[n..] refers to index n or greater - n = AccessPathSyntax::parseLowerBound(c.getAnArgument()) and - result = makeContentComponents(c, "ArrayElement", ContentSet::arrayElementLowerBoundFromInt(n)) - ) - or - c.getNumArgument() = 0 and - result = makeContentComponents(c, "SetElement", ContentSet::setElement()) - or - c.getNumArgument() = 0 and - result = makeContentComponents(c, "IteratorElement", ContentSet::iteratorElement()) - or - c.getNumArgument() = 0 and - result = makeContentComponents(c, "IteratorError", ContentSet::iteratorError()) - or - c.getNumArgument() = 0 and - result = makeContentComponents(c, "MapKey", ContentSet::mapKey()) - or - // - // Note: although it is supported internally, we currently do not expose a syntax for MapValue with a known key - // - c.getNumArgument() = 0 and - result = makeContentComponents(c, "MapValue", ContentSet::mapValueAll()) - or - c.getName() = "ReturnValue" and - c.getAnArgument() = "exception" and - result = Private::SummaryComponent::return(MkExceptionalReturnKind()) - or - // Awaited is mapped down to a combination steps that handle coercion and promise-flattening. - c.getName() = "Awaited" and - c.getNumArgument() = 0 and - result = Private::SummaryComponent::content(MkAwaited()) - or - c.getName() = "AnyMemberDeep" and - c.getNumArgument() = 0 and - result = Private::SummaryComponent::content(MkAnyPropertyDeep()) - or - c.getName() = "ArrayElementDeep" and - c.getNumArgument() = 0 and - result = Private::SummaryComponent::content(MkArrayElementDeep()) -} - private string encodeContentAux(ContentSet cs, string arg) { cs = ContentSet::arrayElement() and result = "ArrayElement" and @@ -296,78 +126,9 @@ string encodeArgumentPosition(ArgumentPosition pos) { /** Gets the return kind corresponding to specification `"ReturnValue"`. */ ReturnKind getStandardReturnValueKind() { result = MkNormalReturnKind() } -/** Holds if input specification component `c` needs a reference. */ -predicate inputNeedsReferenceSpecific(string c) { none() } - -/** Holds if output specification component `c` needs a reference. */ -predicate outputNeedsReferenceSpecific(string c) { none() } - /** Gets the return kind corresponding to specification `"ReturnValue"`. */ MkNormalReturnKind getReturnValueKind() { any() } -/** - * All definitions in this module are required by the shared implementation - * (for source/sink interpretation), but they are unused for JS, where - * we rely on API graphs instead. - */ -private module UnusedSourceSinkInterpretation { - /** - * Holds if an external source specification exists for `n` with output specification - * `output`, kind `kind`, and provenance `provenance`. - */ - predicate sourceElement(AstNode n, string output, string kind, string provenance) { none() } - - /** - * Holds if an external sink specification exists for `n` with input specification - * `input`, kind `kind` and provenance `provenance`. - */ - predicate sinkElement(AstNode n, string input, string kind, string provenance) { none() } - - class SourceOrSinkElement = AstNode; - - /** An entity used to interpret a source/sink specification. */ - class InterpretNode extends AstNode { - /** Gets the element that this node corresponds to, if any. */ - SourceOrSinkElement asElement() { none() } - - /** Gets the data-flow node that this node corresponds to, if any. */ - Node asNode() { none() } - - /** Gets the call that this node corresponds to, if any. */ - DataFlowCall asCall() { none() } - - /** Gets the callable that this node corresponds to, if any. */ - DataFlowCallable asCallable() { none() } - - /** Gets the target of this call, if any. */ - StmtContainer getCallTarget() { none() } - } - - /** Provides additional sink specification logic. */ - predicate interpretOutputSpecific(string c, InterpretNode mid, InterpretNode node) { none() } - - /** Provides additional source specification logic. */ - predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode node) { none() } -} - -import UnusedSourceSinkInterpretation - -/** Gets the argument position obtained by parsing `X` in `Parameter[X]`. */ -bindingset[s] -ArgumentPosition parseParamBody(string s) { - s = "this" and result.isThis() - or - s = "function" and result.isFunctionSelfReference() - or - result.asPositional() = AccessPathSyntax::parseInt(s) -} - -/** Gets the parameter position obtained by parsing `X` in `Argument[X]`. */ -bindingset[s] -ParameterPosition parseArgBody(string s) { - result = parseParamBody(s) // Currently these are identical -} - private module FlowSummaryStepInput implements Private::StepsInputSig { DataFlowCall getACall(SummarizedCallable sc) { exists(LibraryCallable callable | callable = sc | From 88edc06517aa6e4031d9c0ce8a092bf38a595bac Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 25 Jun 2024 15:27:30 +0200 Subject: [PATCH 210/223] Avoid bad join in compatibleTypesCached This is identical to the code in Ruby and seems to prevent a bad join ordering in a cached version of this predicate in DataFlowCommon --- .../javascript/dataflow/internal/DataFlowPrivate.qll | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll index d768b6995b3b..941ce88f3d9f 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -373,13 +373,19 @@ predicate neverSkipInPathGraph(Node node) { string ppReprType(DataFlowType t) { none() } +pragma[inline] +private predicate compatibleTypesNonSymRefl(DataFlowType t1, DataFlowType t2) { + t1 != TAnyType() and + t2 = TAnyType() +} + pragma[inline] predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { t1 = t2 or - t1 instanceof TAnyType and exists(t2) + compatibleTypesNonSymRefl(t1, t2) or - t2 instanceof TAnyType and exists(t1) + compatibleTypesNonSymRefl(t2, t1) } predicate forceHighPrecision(Content c) { none() } From 53efb5837bf686aa9e265346dcaffa6aa79081d4 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 26 Jun 2024 11:34:01 +0200 Subject: [PATCH 211/223] JS: Update some tests with provenance columns Only includes the changes that purely contain the new provenance columns --- .../Security/CWE-918/SSRF.expected | 42 +- .../InterProceduralFlow/tests.expected | 21 - .../Templating/CodeInjection.expected | 64 +- .../UntrustedDataToExternalAPI.expected | 58 +- .../Security/CWE-022/ZipSlip/ZipSlip.expected | 26 +- .../CWE-073/TemplateObjectInjection.expected | 56 +- .../SecondOrderCommandInjection.expected | 14 +- .../UnsafeJQueryPlugin.expected | 116 +-- .../XssThroughDom/XssThroughDom.expected | 84 +-- .../CWE-089/typed/SqlInjection.expected | 24 +- .../CodeInjection/CodeInjection.expected | 80 +- .../HeuristicSourceCodeInjection.expected | 82 +- .../UnsafeCodeConstruction.expected | 8 +- .../UnsafeDynamicMethodAccess.expected | 32 +- ...completeHtmlAttributeSanitization.expected | 6 +- .../Security/CWE-117/LogInjection.expected | 130 ++-- .../CWE-200/FileAccessToHttp.expected | 94 +-- .../CWE-209/StackTraceExposure.expected | 14 +- .../CWE-312/CleartextLogging.expected | 132 ++-- .../CWE-312/CleartextStorage.expected | 10 +- .../CWE-338/InsecureRandomness.expected | 44 +- ...orsMisconfigurationForCredentials.expected | 6 +- .../CWE-377/InsecureTemporaryFile.expected | 24 +- .../CWE-400/ReDoS/PolynomialReDoS.expected | 702 +++++++++--------- .../RemotePropertyInjection.expected | 26 +- .../HardcodedDataInterpretedAsCode.expected | 34 +- .../ClientSideUrlRedirect.expected | 168 ++--- .../ServerSideUrlRedirect.expected | 86 +-- .../query-tests/Security/CWE-611/Xxe.expected | 8 +- ...tHeaderPoisoningInEmailGeneration.expected | 4 +- .../Security/CWE-643/XpathInjection.expected | 22 +- .../Security/CWE-730/RegExpInjection.expected | 88 +-- .../UnvalidatedDynamicMethodCall.expected | 108 +-- .../ResourceExhaustion.expected | 58 +- .../Security/CWE-776/XmlBomb.expected | 16 +- .../CWE-807/ConditionalBypass.expected | 30 +- .../CWE-834/LoopBoundInjection.expected | 36 +- ...onfusionThroughParameterTampering.expected | 74 +- .../CWE-912/HttpToFileAccess.expected | 16 +- .../PrototypePollutingAssignment.expected | 204 ++--- .../PrototypePollutingFunction.expected | 392 +++++----- .../PrototypePollutingMergeCall.expected | 50 +- .../CWE-918/ClientSideRequestForgery.expected | 24 +- .../Security/CWE-918/RequestForgery.expected | 96 +-- 44 files changed, 1694 insertions(+), 1715 deletions(-) diff --git a/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected b/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected index 6546ece25682..b2b293a6ca9a 100644 --- a/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected +++ b/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected @@ -1,25 +1,25 @@ edges -| check-domain.js:16:9:16:27 | url | check-domain.js:17:13:17:15 | url | -| check-domain.js:16:15:16:27 | req.query.url | check-domain.js:16:9:16:27 | url | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:54:9:54:37 | numberURL | check-validator.js:62:29:62:37 | numberURL | -| check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:54:9:54:37 | numberURL | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:62:29:62:37 | numberURL | check-validator.js:62:15:62:37 | "test.c ... mberURL | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | +| check-domain.js:16:9:16:27 | url | check-domain.js:17:13:17:15 | url | provenance | | +| check-domain.js:16:15:16:27 | req.query.url | check-domain.js:16:9:16:27 | url | provenance | | +| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | provenance | | +| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | provenance | | +| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | provenance | | +| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | provenance | | +| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | provenance | | +| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | provenance | | +| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | provenance | | +| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | provenance | | +| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | provenance | | +| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | provenance | | +| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | provenance | | +| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | provenance | | +| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | provenance | | +| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | provenance | | +| check-validator.js:54:9:54:37 | numberURL | check-validator.js:62:29:62:37 | numberURL | provenance | | +| check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:54:9:54:37 | numberURL | provenance | | +| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | provenance | | +| check-validator.js:62:29:62:37 | numberURL | check-validator.js:62:15:62:37 | "test.c ... mberURL | provenance | | +| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | provenance | | nodes | check-domain.js:16:9:16:27 | url | semmle.label | url | | check-domain.js:16:15:16:27 | req.query.url | semmle.label | req.query.url | diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected index aab7951f4804..81321780859c 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected +++ b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected @@ -48,12 +48,6 @@ dataFlow | partial.js:6:15:6:24 | "tainted2" | partial.js:42:15:42:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:48:15:48:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:54:15:54:15 | y | -| promises.js:2:16:2:24 | "tainted" | promises.js:7:16:7:18 | val | -| promises.js:2:16:2:24 | "tainted" | promises.js:38:32:38:32 | v | -| promises.js:11:22:11:31 | "resolved" | promises.js:19:20:19:20 | v | -| promises.js:12:22:12:31 | "rejected" | promises.js:21:20:21:20 | v | -| promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | -| promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | | properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | @@ -67,7 +61,6 @@ dataFlow | tst2.js:6:24:6:37 | "also tainted" | tst2.js:11:15:11:24 | g(source2) | | tst6.mjs:12:14:12:21 | "source" | tst6.mjs:14:12:14:16 | a.m() | | tst6.mjs:16:15:16:23 | "source2" | tst6.mjs:18:13:18:24 | a.m.call(a2) | -| tst.js:2:17:2:22 | "src1" | tst.js:28:20:28:22 | elt | | tst.js:2:17:2:22 | "src1" | tst.js:39:17:39:17 | x | | tst.js:2:17:2:22 | "src1" | tst.js:41:19:41:19 | x | | tst.js:2:17:2:22 | "src1" | tst.js:45:17:45:17 | x | @@ -133,12 +126,6 @@ taintTracking | partial.js:6:15:6:24 | "tainted2" | partial.js:42:15:42:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:48:15:48:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:54:15:54:15 | y | -| promises.js:2:16:2:24 | "tainted" | promises.js:7:16:7:18 | val | -| promises.js:2:16:2:24 | "tainted" | promises.js:38:32:38:32 | v | -| promises.js:11:22:11:31 | "resolved" | promises.js:19:20:19:20 | v | -| promises.js:12:22:12:31 | "rejected" | promises.js:21:20:21:20 | v | -| promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | -| promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | | properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | @@ -167,7 +154,6 @@ taintTracking | tst.js:2:17:2:22 | "src1" | tst.js:19:16:19:34 | JSON.parse(source1) | | tst.js:2:17:2:22 | "src1" | tst.js:20:16:20:37 | JSON.st ... sink10) | | tst.js:2:17:2:22 | "src1" | tst.js:24:16:24:18 | foo | -| tst.js:2:17:2:22 | "src1" | tst.js:28:20:28:22 | elt | | tst.js:2:17:2:22 | "src1" | tst.js:30:20:30:22 | ary | | tst.js:2:17:2:22 | "src1" | tst.js:36:16:36:24 | dict[key] | | tst.js:2:17:2:22 | "src1" | tst.js:39:17:39:17 | x | @@ -237,12 +223,6 @@ germanFlow | partial.js:6:15:6:24 | "tainted2" | partial.js:42:15:42:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:48:15:48:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:54:15:54:15 | y | -| promises.js:2:16:2:24 | "tainted" | promises.js:7:16:7:18 | val | -| promises.js:2:16:2:24 | "tainted" | promises.js:38:32:38:32 | v | -| promises.js:11:22:11:31 | "resolved" | promises.js:19:20:19:20 | v | -| promises.js:12:22:12:31 | "rejected" | promises.js:21:20:21:20 | v | -| promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | -| promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | | properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | @@ -256,7 +236,6 @@ germanFlow | tst2.js:6:24:6:37 | "also tainted" | tst2.js:11:15:11:24 | g(source2) | | tst6.mjs:12:14:12:21 | "source" | tst6.mjs:14:12:14:16 | a.m() | | tst6.mjs:16:15:16:23 | "source2" | tst6.mjs:18:13:18:24 | a.m.call(a2) | -| tst.js:2:17:2:22 | "src1" | tst.js:28:20:28:22 | elt | | tst.js:2:17:2:22 | "src1" | tst.js:39:17:39:17 | x | | tst.js:2:17:2:22 | "src1" | tst.js:41:19:41:19 | x | | tst.js:2:17:2:22 | "src1" | tst.js:45:17:45:17 | x | diff --git a/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected b/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected index de308fdabdfc..c84c79bbc83e 100644 --- a/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected +++ b/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected @@ -1,36 +1,36 @@ edges -| app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | -| app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | -| app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | -| app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | -| app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | -| app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | -| app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:22:17:35 | backslashSink1 | -| app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:9:2:19 | escapedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | -| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | -| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | -| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | -| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | +| app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | provenance | | +| app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | provenance | | +| app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | provenance | | +| app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | provenance | | +| app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | provenance | | +| app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | provenance | | +| app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | provenance | | +| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | provenance | | +| app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:22:17:35 | backslashSink1 | provenance | | +| app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | provenance | | +| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | provenance | | +| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:9:2:19 | escapedHtml | provenance | | +| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | provenance | | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | provenance | | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | provenance | | +| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | provenance | | +| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | provenance | | +| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | provenance | | +| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | provenance | | +| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | provenance | | +| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | provenance | | +| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | provenance | | +| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | provenance | | +| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | provenance | | +| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | provenance | | +| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | provenance | | +| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | provenance | | +| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | provenance | | +| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | provenance | | +| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | provenance | | +| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | provenance | | +| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | provenance | | nodes | app.js:15:30:15:58 | req.que ... tedCode | semmle.label | req.que ... tedCode | | app.js:17:25:17:48 | req.que ... shSink1 | semmle.label | req.que ... shSink1 | diff --git a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected index c523b2dabd0c..d7e0636b5548 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected +++ b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected @@ -1,33 +1,33 @@ edges -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | -| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | -| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | | +| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | | +| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | provenance | | +| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | provenance | | +| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | provenance | | +| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | provenance | | +| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | provenance | | +| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | provenance | | nodes | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | semmle.label | untrusted | | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | semmle.label | window.name | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected index 9b147acdd885..67e38f937ba0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected @@ -23,19 +23,19 @@ nodes | ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | semmle.label | entry.path | | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | semmle.label | fileName | edges -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | +| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | provenance | | +| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | provenance | | +| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | provenance | Config | +| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | provenance | | +| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | provenance | | +| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | provenance | | +| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | provenance | | +| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | provenance | | +| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | provenance | | +| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | provenance | | +| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | provenance | | +| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | provenance | | +| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | provenance | | subpaths #select | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | Unsanitized archive entry, which may contain '..', is used in a $@. | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | file system operation | diff --git a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected index 3ba1cc1d2d9b..8be388d5ad97 100644 --- a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected @@ -36,34 +36,34 @@ nodes | tst.js:29:28:29:42 | JSON.parse(str) | semmle.label | JSON.parse(str) | | tst.js:29:39:29:41 | str | semmle.label | str | edges -| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | -| tst2.js:6:25:6:46 | req.bod ... rameter | tst2.js:6:9:6:46 | bodyParameter | -| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | -| tst2.js:26:25:26:46 | req.bod ... rameter | tst2.js:26:9:26:46 | bodyParameter | -| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | -| tst2.js:34:25:34:46 | req.bod ... rameter | tst2.js:34:9:34:46 | bodyParameter | -| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | -| tst2.js:42:25:42:46 | req.bod ... rameter | tst2.js:42:9:42:46 | bodyParameter | -| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | -| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | -| tst2.js:51:25:51:46 | req.bod ... rameter | tst2.js:51:9:51:46 | bodyParameter | -| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | -| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | -| tst.js:7:25:7:46 | req.bod ... rameter | tst.js:7:9:7:46 | bodyParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | -| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | -| tst.js:23:24:23:26 | obj | tst.js:26:17:26:19 | obj | -| tst.js:26:11:26:24 | str | tst.js:29:39:29:41 | str | -| tst.js:26:17:26:19 | obj | tst.js:26:17:26:24 | obj + "" | -| tst.js:26:17:26:24 | obj + "" | tst.js:26:11:26:24 | str | -| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | +| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | provenance | | +| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | provenance | Config | +| tst2.js:6:25:6:46 | req.bod ... rameter | tst2.js:6:9:6:46 | bodyParameter | provenance | | +| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | provenance | | +| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | provenance | Config | +| tst2.js:26:25:26:46 | req.bod ... rameter | tst2.js:26:9:26:46 | bodyParameter | provenance | | +| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | provenance | | +| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | provenance | Config | +| tst2.js:34:25:34:46 | req.bod ... rameter | tst2.js:34:9:34:46 | bodyParameter | provenance | | +| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | provenance | | +| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | provenance | Config | +| tst2.js:42:25:42:46 | req.bod ... rameter | tst2.js:42:9:42:46 | bodyParameter | provenance | | +| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | provenance | | +| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | provenance | Config | +| tst2.js:51:25:51:46 | req.bod ... rameter | tst2.js:51:9:51:46 | bodyParameter | provenance | | +| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | provenance | | +| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | provenance | Config | +| tst.js:7:25:7:46 | req.bod ... rameter | tst.js:7:9:7:46 | bodyParameter | provenance | | +| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | provenance | | +| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | provenance | | +| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | provenance | | +| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | provenance | | +| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | provenance | | +| tst.js:23:24:23:26 | obj | tst.js:26:17:26:19 | obj | provenance | | +| tst.js:26:11:26:24 | str | tst.js:29:39:29:41 | str | provenance | | +| tst.js:26:17:26:19 | obj | tst.js:26:17:26:24 | obj + "" | provenance | Config | +| tst.js:26:17:26:24 | obj + "" | tst.js:26:11:26:24 | str | provenance | | +| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | provenance | Config | subpaths #select | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | Template object depends on a $@. | routes.js:2:23:2:30 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected index 8f18ce1aa09d..e449f163d463 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected @@ -13,13 +13,13 @@ nodes | second-order.js:42:31:42:46 | req.query.remote | semmle.label | req.query.remote | | second-order.js:44:18:44:31 | req.query.args | semmle.label | req.query.args | edges -| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | -| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | -| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | -| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | +| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | provenance | | +| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | provenance | | +| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | provenance | | +| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | provenance | | subpaths #select | second-order.js:7:33:7:38 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:7:33:7:38 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected index 296f89e05afe..cf7af63c1224 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected @@ -1,62 +1,62 @@ edges -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options | -| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:7:17:7:23 | options | unsafe-jquery-plugin.js:7:17:7:30 | options.target | -| unsafe-jquery-plugin.js:7:17:7:30 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target | -| unsafe-jquery-plugin.js:11:16:11:22 | options | unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:11:16:11:29 | options.target | unsafe-jquery-plugin.js:11:7:11:29 | target | -| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options | -| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options | -| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options | -| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:107:5:107:11 | options | -| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | unsafe-jquery-plugin.js:102:3:105:13 | options | -| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options | -| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:117:5:117:11 | options | -| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | unsafe-jquery-plugin.js:115:3:115:58 | options | -| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options | -| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options | -| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | -| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options | -| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | -| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options | -| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options | -| unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target | -| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:156:3:156:16 | options.target | -| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:156:3:156:9 | options | unsafe-jquery-plugin.js:156:3:156:16 | options.target | -| unsafe-jquery-plugin.js:156:3:156:16 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options | -| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:165:16:165:22 | options | unsafe-jquery-plugin.js:165:7:165:29 | target | -| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options | -| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options | -| unsafe-jquery-plugin.js:186:21:186:27 | options | unsafe-jquery-plugin.js:186:21:186:30 | options.of | -| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | provenance | | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options | provenance | | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options | provenance | | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options | provenance | | +| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:7:17:7:23 | options | unsafe-jquery-plugin.js:7:17:7:30 | options.target | provenance | | +| unsafe-jquery-plugin.js:7:17:7:30 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:16:11:22 | options | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | | +| unsafe-jquery-plugin.js:11:16:11:29 | options.target | unsafe-jquery-plugin.js:11:7:11:29 | target | provenance | | +| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options | provenance | | +| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | provenance | | +| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options | provenance | | +| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | provenance | | +| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options | provenance | | +| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:107:5:107:11 | options | provenance | | +| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | unsafe-jquery-plugin.js:102:3:105:13 | options | provenance | | +| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | provenance | | +| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options | provenance | | +| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:117:5:117:11 | options | provenance | | +| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | unsafe-jquery-plugin.js:115:3:115:58 | options | provenance | | +| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | provenance | | +| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options | provenance | | +| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options | provenance | | +| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | provenance | | +| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options | provenance | | +| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options | provenance | | +| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | provenance | | +| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options | provenance | | +| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options | provenance | | +| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options | provenance | | +| unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target | provenance | | +| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:156:3:156:16 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:156:3:156:9 | options | unsafe-jquery-plugin.js:156:3:156:16 | options.target | provenance | | +| unsafe-jquery-plugin.js:156:3:156:16 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | | +| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | provenance | | +| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options | provenance | | +| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target | provenance | | +| unsafe-jquery-plugin.js:165:16:165:22 | options | unsafe-jquery-plugin.js:165:7:165:29 | target | provenance | | +| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options | provenance | | +| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options | provenance | | +| unsafe-jquery-plugin.js:186:21:186:27 | options | unsafe-jquery-plugin.js:186:21:186:30 | options.of | provenance | | +| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of | provenance | Config | nodes | unsafe-jquery-plugin.js:2:38:2:44 | options | semmle.label | options | | unsafe-jquery-plugin.js:3:5:3:11 | options | semmle.label | options | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected index 156b4b7e2f20..5880071e4e0f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected @@ -1,46 +1,46 @@ edges -| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values | -| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo | -| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values | -| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar | -| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values | -| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email | -| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values | -| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email | -| forms.js:34:11:34:53 | values | forms.js:35:19:35:24 | values | -| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values | -| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email | -| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values | -| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge | -| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data | -| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name | -| forms.js:92:17:92:36 | values | forms.js:93:25:93:30 | values | -| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values | -| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name | -| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector | -| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:86:33:86:36 | text | -| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:87:36:87:39 | text | -| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text | -| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src | -| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | -| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src | -| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg | +| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values | provenance | | +| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo | provenance | | +| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values | provenance | | +| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar | provenance | | +| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values | provenance | | +| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email | provenance | | +| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values | provenance | | +| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email | provenance | | +| forms.js:34:11:34:53 | values | forms.js:35:19:35:24 | values | provenance | | +| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values | provenance | | +| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email | provenance | | +| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values | provenance | | +| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge | provenance | | +| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data | provenance | | +| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name | provenance | | +| forms.js:92:17:92:36 | values | forms.js:93:25:93:30 | values | provenance | | +| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values | provenance | | +| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name | provenance | | +| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector | provenance | | +| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector | provenance | | +| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:86:33:86:36 | text | provenance | | +| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:87:36:87:39 | text | provenance | | +| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text | provenance | | +| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | provenance | | +| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | provenance | | +| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | provenance | | +| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src | provenance | | +| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src | provenance | | +| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src | provenance | | +| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | provenance | | +| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | provenance | | +| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | provenance | Config | +| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText | provenance | | +| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText | provenance | | +| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | provenance | | +| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | provenance | | +| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src | provenance | | +| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src | provenance | | +| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src | provenance | | +| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src | provenance | | +| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg | provenance | | +| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg | provenance | | nodes | forms.js:8:23:8:28 | values | semmle.label | values | | forms.js:9:31:9:36 | values | semmle.label | values | diff --git a/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected b/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected index 174dcaf344a1..5446a4da85a5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected @@ -14,18 +14,18 @@ nodes | typedClient.ts:23:27:23:35 | { id: v } | semmle.label | { id: v } | | typedClient.ts:23:33:23:33 | v | semmle.label | v | edges -| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v | -| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v | -| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x | -| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | -| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:21:7:21:32 | v | typedClient.ts:22:33:22:33 | v | -| typedClient.ts:21:7:21:32 | v | typedClient.ts:23:33:23:33 | v | -| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | typedClient.ts:21:7:21:32 | v | -| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x | -| typedClient.ts:21:22:21:31 | req.body.x | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | -| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | +| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v | provenance | | +| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v | provenance | | +| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x | provenance | Config | +| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | provenance | Config | +| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } | provenance | Config | +| typedClient.ts:21:7:21:32 | v | typedClient.ts:22:33:22:33 | v | provenance | | +| typedClient.ts:21:7:21:32 | v | typedClient.ts:23:33:23:33 | v | provenance | | +| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | typedClient.ts:21:7:21:32 | v | provenance | | +| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x | provenance | Config | +| typedClient.ts:21:22:21:31 | req.body.x | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | provenance | Config | +| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } | provenance | Config | +| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | provenance | Config | subpaths #select | typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query object depends on a $@. | typedClient.ts:13:22:13:29 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected index 10d2e8e6f186..e536c54dbd2f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected @@ -1,44 +1,44 @@ edges -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | +| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | provenance | | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | provenance | | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | provenance | | +| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | provenance | | +| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | provenance | | +| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | provenance | | +| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | provenance | | +| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | provenance | | +| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | provenance | | +| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | provenance | | +| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | provenance | | +| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | provenance | | +| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | provenance | | +| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | provenance | | +| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | provenance | | +| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | provenance | | +| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | provenance | | +| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | provenance | | +| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | provenance | | +| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | provenance | | nodes | NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body | | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected index cdeea504be42..2be7dc659f29 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected @@ -1,45 +1,45 @@ edges -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | +| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | provenance | | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | provenance | | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | provenance | | +| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | provenance | | +| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | provenance | | +| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | provenance | | +| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | provenance | | +| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | provenance | | +| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | provenance | | +| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | provenance | | +| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | provenance | | +| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | provenance | | +| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | provenance | | +| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | provenance | | +| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | provenance | | +| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | provenance | | +| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | provenance | | +| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | provenance | | +| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | provenance | | +| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | provenance | | +| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | provenance | | nodes | NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body | | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected index a54acabbb642..868f2a287441 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected @@ -1,8 +1,8 @@ edges -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | +| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | provenance | | +| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | provenance | | +| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | provenance | | +| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | provenance | | nodes | lib/index.js:1:35:1:38 | data | semmle.label | data | | lib/index.js:2:21:2:24 | data | semmle.label | data | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected b/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected index f5bbd2e9a7ba..8511b6bcaf69 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected @@ -2,10 +2,10 @@ edges | example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | provenance | | | example.js:10:9:10:37 | message | example.js:13:12:13:18 | message | provenance | | | example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message | provenance | | -| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data | provenance | | -| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) | provenance | | -| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name | provenance | | -| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | provenance | | +| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data | provenance | Config | +| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) | provenance | Config | +| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name | provenance | Config | +| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | provenance | Config | | tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | provenance | | | tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | provenance | | | tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message | provenance | | @@ -13,18 +13,18 @@ edges | tst.js:4:9:4:37 | message | tst.js:11:7:11:13 | message | provenance | | | tst.js:4:9:4:37 | message | tst.js:21:17:21:23 | message | provenance | | | tst.js:4:19:4:37 | JSON.parse(ev.data) | tst.js:4:9:4:37 | message | provenance | | -| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data | provenance | | -| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) | provenance | | -| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name | provenance | | -| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | provenance | | -| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name | provenance | | -| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | provenance | | -| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name | provenance | | -| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | provenance | | -| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | provenance | | -| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | provenance | | -| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name | provenance | | -| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name | provenance | | +| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data | provenance | Config | +| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) | provenance | Config | +| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name | provenance | Config | +| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | provenance | Config | +| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name | provenance | Config | +| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | provenance | Config | +| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name | provenance | Config | +| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | provenance | Config | +| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | provenance | Config | +| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | provenance | Config | +| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name | provenance | Config | +| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name | provenance | Config | nodes | example.js:9:37:9:38 | ev | semmle.label | ev | | example.js:10:9:10:37 | message | semmle.label | message | diff --git a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected index 326e6ea74362..7af957d720a1 100644 --- a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected +++ b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected @@ -16,9 +16,9 @@ nodes | tst.js:303:10:303:34 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | | tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | semmle.label | s().rep ... ;";\\n\\t}) | edges -| tst.js:274:6:274:94 | arr | tst.js:275:9:275:11 | arr | -| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr | -| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") | +| tst.js:274:6:274:94 | arr | tst.js:275:9:275:11 | arr | provenance | | +| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr | provenance | | +| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") | provenance | | subpaths #select | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:243:9:243:31 | s().rep ... ]/g,'') | this final HTML sanitizer step | diff --git a/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected b/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected index 0e4ce448c75a..12bbd7feea99 100644 --- a/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected @@ -1,69 +1,69 @@ edges -| logInjectionBad.js:7:25:7:32 | username | logInjectionBad.js:8:38:8:45 | username | -| logInjectionBad.js:19:9:19:36 | q | logInjectionBad.js:20:20:20:20 | q | -| logInjectionBad.js:19:13:19:36 | url.par ... , true) | logInjectionBad.js:19:9:19:36 | q | -| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:22:34:22:41 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:28:24:28:31 | username | -| logInjectionBad.js:20:20:20:20 | q | logInjectionBad.js:20:9:20:35 | username | -| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | -| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | logInjectionBad.js:29:14:29:18 | error | -| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:7:25:7:32 | username | -| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | -| logInjectionBad.js:29:14:29:18 | error | logInjectionBad.js:30:42:30:46 | error | -| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:46:9:46:36 | q | logInjectionBad.js:47:20:47:20 | q | -| logInjectionBad.js:46:13:46:36 | url.par ... , true) | logInjectionBad.js:46:9:46:36 | q | -| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:49:46:49:53 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:50:39:50:46 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:51:48:51:55 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:52:37:52:44 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:53:27:53:34 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:54:43:54:50 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:55:48:55:55 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:56:47:56:54 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:57:40:57:47 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:58:50:58:57 | username | -| logInjectionBad.js:47:20:47:20 | q | logInjectionBad.js:47:9:47:35 | username | -| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | -| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | -| logInjectionBad.js:51:48:51:55 | username | logInjectionBad.js:51:27:51:56 | colors. ... ername) | -| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:32:52:45 | blue(username) | logInjectionBad.js:52:27:52:46 | bold(blue(username)) | -| logInjectionBad.js:52:37:52:44 | username | logInjectionBad.js:52:32:52:45 | blue(username) | -| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | -| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:48:55:55 | username | logInjectionBad.js:55:27:55:56 | colors. ... ername) | -| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | -| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:50:58:57 | username | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | -| logInjectionBad.js:63:9:63:36 | q | logInjectionBad.js:64:20:64:20 | q | -| logInjectionBad.js:63:13:63:36 | url.par ... , true) | logInjectionBad.js:63:9:63:36 | q | -| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) | -| logInjectionBad.js:64:9:64:35 | username | logInjectionBad.js:66:35:66:42 | username | -| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:9:64:35 | username | -| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | -| logInjectionBad.js:72:9:72:36 | q | logInjectionBad.js:73:20:73:20 | q | -| logInjectionBad.js:72:13:72:36 | url.par ... , true) | logInjectionBad.js:72:9:72:36 | q | -| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:9:73:35 | username | -| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | -| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | -| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | -| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | -| logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | logInjectionBad.js:113:37:113:44 | username | +| logInjectionBad.js:7:25:7:32 | username | logInjectionBad.js:8:38:8:45 | username | provenance | | +| logInjectionBad.js:19:9:19:36 | q | logInjectionBad.js:20:20:20:20 | q | provenance | | +| logInjectionBad.js:19:13:19:36 | url.par ... , true) | logInjectionBad.js:19:9:19:36 | q | provenance | | +| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:22:34:22:41 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:28:24:28:31 | username | provenance | | +| logInjectionBad.js:20:20:20:20 | q | logInjectionBad.js:20:9:20:35 | username | provenance | | +| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | provenance | | +| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | logInjectionBad.js:29:14:29:18 | error | provenance | | +| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:7:25:7:32 | username | provenance | | +| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | provenance | | +| logInjectionBad.js:29:14:29:18 | error | logInjectionBad.js:30:42:30:46 | error | provenance | | +| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | provenance | | +| logInjectionBad.js:46:9:46:36 | q | logInjectionBad.js:47:20:47:20 | q | provenance | | +| logInjectionBad.js:46:13:46:36 | url.par ... , true) | logInjectionBad.js:46:9:46:36 | q | provenance | | +| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:49:46:49:53 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:50:39:50:46 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:51:48:51:55 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:52:37:52:44 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:53:27:53:34 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:54:43:54:50 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:55:48:55:55 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:56:47:56:54 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:57:40:57:47 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:58:50:58:57 | username | provenance | | +| logInjectionBad.js:47:20:47:20 | q | logInjectionBad.js:47:9:47:35 | username | provenance | | +| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | provenance | | +| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) | provenance | | +| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | provenance | | +| logInjectionBad.js:51:48:51:55 | username | logInjectionBad.js:51:27:51:56 | colors. ... ername) | provenance | | +| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) | provenance | | +| logInjectionBad.js:52:32:52:45 | blue(username) | logInjectionBad.js:52:27:52:46 | bold(blue(username)) | provenance | | +| logInjectionBad.js:52:37:52:44 | username | logInjectionBad.js:52:32:52:45 | blue(username) | provenance | | +| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) | provenance | | +| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | provenance | | +| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | provenance | | +| logInjectionBad.js:55:48:55:55 | username | logInjectionBad.js:55:27:55:56 | colors. ... ername) | provenance | | +| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | provenance | | +| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | provenance | | +| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | provenance | | +| logInjectionBad.js:58:50:58:57 | username | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | provenance | | +| logInjectionBad.js:63:9:63:36 | q | logInjectionBad.js:64:20:64:20 | q | provenance | | +| logInjectionBad.js:63:13:63:36 | url.par ... , true) | logInjectionBad.js:63:9:63:36 | q | provenance | | +| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:64:9:64:35 | username | logInjectionBad.js:66:35:66:42 | username | provenance | | +| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:9:64:35 | username | provenance | | +| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | provenance | | +| logInjectionBad.js:72:9:72:36 | q | logInjectionBad.js:73:20:73:20 | q | provenance | | +| logInjectionBad.js:72:13:72:36 | url.par ... , true) | logInjectionBad.js:72:9:72:36 | q | provenance | | +| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | provenance | | +| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | provenance | | +| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:9:73:35 | username | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | logInjectionBad.js:82:30:82:37 | username | provenance | | +| logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | logInjectionBad.js:91:26:91:33 | username | provenance | | +| logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | logInjectionBad.js:99:26:99:33 | username | provenance | | +| logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | logInjectionBad.js:113:37:113:44 | username | provenance | | nodes | logInjectionBad.js:7:25:7:32 | username | semmle.label | username | | logInjectionBad.js:8:38:8:45 | username | semmle.label | username | diff --git a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected index b9c024c5590c..c53df2b9abd3 100644 --- a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected +++ b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected @@ -1,51 +1,51 @@ edges -| FileAccessToHttp.js:4:5:4:47 | content | FileAccessToHttp.js:9:23:9:29 | content | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | -| FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | -| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | -| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:21:13:26 | buffer | -| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:32:13:37 | buffer | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | -| bufferRead.js:13:21:13:26 | buffer | bufferRead.js:13:32:13:37 | buffer | -| bufferRead.js:13:32:13:37 | buffer | bufferRead.js:15:26:15:31 | buffer | -| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | -| bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) | -| bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData | -| readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | -| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | -| readFileSync.js:7:11:7:14 | data | readFileSync.js:7:11:7:25 | data.toString() | -| readFileSync.js:7:11:7:25 | data.toString() | readFileSync.js:7:7:7:25 | s | -| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | -| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | -| request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData | -| request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | request.js:8:11:8:20 | {jsonData} | -| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | -| request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData | -| request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | -| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | -| request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData | -| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | -| request.js:50:13:50:16 | data | request.js:13:18:13:24 | xmlData | -| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer | -| sentAsHeaders.js:11:13:11:59 | content | sentAsHeaders.js:12:19:12:25 | content | -| sentAsHeaders.js:11:23:11:28 | buffer | sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | -| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | sentAsHeaders.js:11:13:11:59 | content | -| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:18:47:18:53 | content | -| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:24:47:24:53 | content | -| sentAsHeaders.js:12:19:12:25 | content | sentAsHeaders.js:12:19:12:74 | content ... =", "") | -| sentAsHeaders.js:12:19:12:74 | content ... =", "") | sentAsHeaders.js:12:19:12:81 | content ... .trim() | -| sentAsHeaders.js:12:19:12:81 | content ... .trim() | sentAsHeaders.js:12:9:12:81 | content | -| sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | -| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | -| sentAsHeaders.js:18:47:18:53 | content | sentAsHeaders.js:18:31:18:53 | "http:/ ... content | -| sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | -| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | -| sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content | +| FileAccessToHttp.js:4:5:4:47 | content | FileAccessToHttp.js:9:23:9:29 | content | provenance | | +| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | provenance | | +| FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | provenance | | +| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | provenance | | +| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | provenance | | +| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:21:13:26 | buffer | provenance | | +| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:32:13:37 | buffer | provenance | | +| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | provenance | | +| bufferRead.js:13:21:13:26 | buffer | bufferRead.js:13:32:13:37 | buffer | provenance | | +| bufferRead.js:13:32:13:37 | buffer | bufferRead.js:15:26:15:31 | buffer | provenance | | +| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | provenance | | +| bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) | provenance | | +| bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData | provenance | | +| readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data | provenance | | +| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | provenance | | +| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | provenance | | +| readFileSync.js:7:11:7:14 | data | readFileSync.js:7:11:7:25 | data.toString() | provenance | | +| readFileSync.js:7:11:7:25 | data.toString() | readFileSync.js:7:7:7:25 | s | provenance | | +| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | provenance | | +| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | provenance | | +| request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData | provenance | | +| request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | request.js:8:11:8:20 | {jsonData} | provenance | | +| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | provenance | | +| request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData | provenance | | +| request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | request.js:16:11:23:3 | {\\n u ... ody\\n } | provenance | | +| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | provenance | | +| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | provenance | | +| request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData | provenance | | +| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | provenance | | +| request.js:50:13:50:16 | data | request.js:13:18:13:24 | xmlData | provenance | | +| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer | provenance | | +| sentAsHeaders.js:11:13:11:59 | content | sentAsHeaders.js:12:19:12:25 | content | provenance | | +| sentAsHeaders.js:11:23:11:28 | buffer | sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | provenance | | +| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | sentAsHeaders.js:11:13:11:59 | content | provenance | | +| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:18:47:18:53 | content | provenance | | +| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:24:47:24:53 | content | provenance | | +| sentAsHeaders.js:12:19:12:25 | content | sentAsHeaders.js:12:19:12:74 | content ... =", "") | provenance | | +| sentAsHeaders.js:12:19:12:74 | content ... =", "") | sentAsHeaders.js:12:19:12:81 | content ... .trim() | provenance | | +| sentAsHeaders.js:12:19:12:81 | content ... .trim() | sentAsHeaders.js:12:9:12:81 | content | provenance | | +| sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | sentAsHeaders.js:14:20:19:9 | {\\n ... } | provenance | | +| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | provenance | | +| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | provenance | | +| sentAsHeaders.js:18:47:18:53 | content | sentAsHeaders.js:18:31:18:53 | "http:/ ... content | provenance | | +| sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | sentAsHeaders.js:20:20:25:9 | {\\n ... } | provenance | | +| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | provenance | | +| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | provenance | | +| sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content | provenance | | nodes | FileAccessToHttp.js:4:5:4:47 | content | semmle.label | content | | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | semmle.label | fs.read ... "utf8") | diff --git a/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected b/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected index 4a14ef0aaa6e..8754a6cbdf01 100644 --- a/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected +++ b/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected @@ -1,11 +1,11 @@ edges -| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err | -| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e | -| tst.js:8:15:8:15 | e | tst.js:16:20:16:20 | e | -| tst.js:16:20:16:20 | e | tst.js:17:11:17:11 | e | -| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack | +| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err | provenance | | +| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack | provenance | | +| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | provenance | | +| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e | provenance | | +| tst.js:8:15:8:15 | e | tst.js:16:20:16:20 | e | provenance | | +| tst.js:16:20:16:20 | e | tst.js:17:11:17:11 | e | provenance | | +| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack | provenance | | nodes | node.js:8:10:8:12 | err | semmle.label | err | | node.js:11:13:11:15 | err | semmle.label | err | diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index 181408ccdaaa..8e50d05362e7 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -1,70 +1,70 @@ edges -| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x | -| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:18:9:20:5 | obj1 [password] | passwords.js:21:17:21:20 | obj1 [password] | -| passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | passwords.js:18:9:20:5 | obj1 [password] | -| passwords.js:19:19:19:19 | x | passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | -| passwords.js:21:17:21:20 | obj1 [password] | passwords.js:21:17:21:20 | obj1 | -| passwords.js:23:9:25:5 | obj2 [x] | passwords.js:26:17:26:20 | obj2 [x] | -| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | passwords.js:23:9:25:5 | obj2 [x] | -| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | -| passwords.js:26:17:26:20 | obj2 [x] | passwords.js:26:17:26:20 | obj2 | -| passwords.js:28:9:28:17 | obj3 [x] | passwords.js:29:17:29:20 | obj3 [x] | -| passwords.js:29:17:29:20 | obj3 [x] | passwords.js:29:17:29:20 | obj3 | -| passwords.js:30:5:30:8 | [post update] obj3 [x] | passwords.js:28:9:28:17 | obj3 [x] | -| passwords.js:30:14:30:21 | password | passwords.js:30:5:30:8 | [post update] obj3 [x] | -| passwords.js:77:9:77:55 | temp [encryptedPassword] | passwords.js:78:17:78:20 | temp [encryptedPassword] | -| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | passwords.js:77:9:77:55 | temp [encryptedPassword] | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | -| passwords.js:78:17:78:20 | temp [encryptedPassword] | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:80:9:80:25 | secret | passwords.js:81:24:81:29 | secret | -| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret | -| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() | -| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() | -| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() | -| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:127:9:132:5 | config [password] | passwords.js:135:17:135:22 | config [password] | -| passwords.js:127:9:132:5 | config [x] | passwords.js:135:17:135:22 | config [x] | -| passwords.js:127:9:132:5 | config [x] | passwords.js:136:17:136:22 | config [x] | -| passwords.js:127:9:132:5 | config [y] | passwords.js:135:17:135:22 | config [y] | -| passwords.js:127:9:132:5 | config [y] | passwords.js:137:17:137:22 | config [y] | -| passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | passwords.js:127:9:132:5 | config [password] | -| passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | passwords.js:127:9:132:5 | config [x] | -| passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | passwords.js:127:9:132:5 | config [y] | -| passwords.js:128:19:128:19 | x | passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | -| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | -| passwords.js:135:17:135:22 | config [password] | passwords.js:135:17:135:22 | config | -| passwords.js:135:17:135:22 | config [x] | passwords.js:135:17:135:22 | config | -| passwords.js:135:17:135:22 | config [y] | passwords.js:135:17:135:22 | config | -| passwords.js:136:17:136:22 | config [x] | passwords.js:136:17:136:24 | config.x | -| passwords.js:137:17:137:22 | config [y] | passwords.js:137:17:137:24 | config.y | -| passwords.js:146:9:148:5 | config [x] | passwords.js:149:21:149:26 | config [x] | -| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | passwords.js:146:9:148:5 | config [x] | -| passwords.js:147:12:147:19 | password | passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | -| passwords.js:149:21:149:26 | config [x] | passwords.js:149:21:149:28 | config.x | -| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:152:9:152:63 | procdesc | passwords.js:154:21:154:28 | procdesc | -| passwords.js:152:20:152:44 | Util.in ... ss.env) | passwords.js:152:20:152:63 | Util.in ... /g, '') | -| passwords.js:152:20:152:63 | Util.in ... /g, '') | passwords.js:152:9:152:63 | procdesc | -| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | -| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x | -| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x | +| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x | provenance | | +| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x | provenance | | +| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | provenance | | +| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | provenance | | +| passwords.js:18:9:20:5 | obj1 [password] | passwords.js:21:17:21:20 | obj1 [password] | provenance | | +| passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | passwords.js:18:9:20:5 | obj1 [password] | provenance | | +| passwords.js:19:19:19:19 | x | passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | provenance | | +| passwords.js:21:17:21:20 | obj1 [password] | passwords.js:21:17:21:20 | obj1 | provenance | | +| passwords.js:23:9:25:5 | obj2 [x] | passwords.js:26:17:26:20 | obj2 [x] | provenance | | +| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | passwords.js:23:9:25:5 | obj2 [x] | provenance | | +| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | provenance | | +| passwords.js:26:17:26:20 | obj2 [x] | passwords.js:26:17:26:20 | obj2 | provenance | | +| passwords.js:28:9:28:17 | obj3 [x] | passwords.js:29:17:29:20 | obj3 [x] | provenance | | +| passwords.js:29:17:29:20 | obj3 [x] | passwords.js:29:17:29:20 | obj3 | provenance | | +| passwords.js:30:5:30:8 | [post update] obj3 [x] | passwords.js:28:9:28:17 | obj3 [x] | provenance | | +| passwords.js:30:14:30:21 | password | passwords.js:30:5:30:8 | [post update] obj3 [x] | provenance | | +| passwords.js:77:9:77:55 | temp [encryptedPassword] | passwords.js:78:17:78:20 | temp [encryptedPassword] | provenance | | +| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | passwords.js:77:9:77:55 | temp [encryptedPassword] | provenance | | +| passwords.js:77:37:77:53 | req.body.password | passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | provenance | | +| passwords.js:78:17:78:20 | temp [encryptedPassword] | passwords.js:78:17:78:38 | temp.en ... assword | provenance | | +| passwords.js:80:9:80:25 | secret | passwords.js:81:24:81:29 | secret | provenance | | +| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret | provenance | | +| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` | provenance | | +| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | provenance | | +| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | provenance | | +| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | provenance | | +| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | provenance | | +| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | provenance | | +| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | provenance | | +| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() | provenance | | +| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() | provenance | | +| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() | provenance | | +| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() | provenance | | +| passwords.js:127:9:132:5 | config [password] | passwords.js:135:17:135:22 | config [password] | provenance | | +| passwords.js:127:9:132:5 | config [x] | passwords.js:135:17:135:22 | config [x] | provenance | | +| passwords.js:127:9:132:5 | config [x] | passwords.js:136:17:136:22 | config [x] | provenance | | +| passwords.js:127:9:132:5 | config [y] | passwords.js:135:17:135:22 | config [y] | provenance | | +| passwords.js:127:9:132:5 | config [y] | passwords.js:137:17:137:22 | config [y] | provenance | | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | passwords.js:127:9:132:5 | config [password] | provenance | | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | passwords.js:127:9:132:5 | config [x] | provenance | | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | passwords.js:127:9:132:5 | config [y] | provenance | | +| passwords.js:128:19:128:19 | x | passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | provenance | | +| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | provenance | | +| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | provenance | | +| passwords.js:135:17:135:22 | config [password] | passwords.js:135:17:135:22 | config | provenance | | +| passwords.js:135:17:135:22 | config [x] | passwords.js:135:17:135:22 | config | provenance | | +| passwords.js:135:17:135:22 | config [y] | passwords.js:135:17:135:22 | config | provenance | | +| passwords.js:136:17:136:22 | config [x] | passwords.js:136:17:136:24 | config.x | provenance | | +| passwords.js:137:17:137:22 | config [y] | passwords.js:137:17:137:24 | config.y | provenance | | +| passwords.js:146:9:148:5 | config [x] | passwords.js:149:21:149:26 | config [x] | provenance | | +| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | passwords.js:146:9:148:5 | config [x] | provenance | | +| passwords.js:147:12:147:19 | password | passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | provenance | | +| passwords.js:149:21:149:26 | config [x] | passwords.js:149:21:149:28 | config.x | provenance | | +| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:152:9:152:63 | procdesc | passwords.js:154:21:154:28 | procdesc | provenance | | +| passwords.js:152:20:152:44 | Util.in ... ss.env) | passwords.js:152:20:152:63 | Util.in ... /g, '') | provenance | | +| passwords.js:152:20:152:63 | Util.in ... /g, '') | passwords.js:152:9:152:63 | procdesc | provenance | | +| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | provenance | | +| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | provenance | | +| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | provenance | | +| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | provenance | | +| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | provenance | | +| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x | provenance | | +| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x | provenance | | nodes | passwords.js:2:17:2:24 | password | semmle.label | password | | passwords.js:3:17:3:26 | o.password | semmle.label | o.password | diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected index 5d1885142c93..e6a5f7f551e5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected @@ -1,9 +1,9 @@ edges -| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | -| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | -| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | +| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw | provenance | | +| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | provenance | | +| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | provenance | | +| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | provenance | | +| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | provenance | | nodes | CleartextStorage2.js:5:7:5:58 | pw | semmle.label | pw | | CleartextStorage2.js:5:12:5:58 | url.par ... assword | semmle.label | url.par ... assword | diff --git a/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected b/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected index 7337287c748f..122cb1ac8761 100644 --- a/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected +++ b/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected @@ -1,36 +1,36 @@ edges -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | provenance | | +| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | provenance | Config | | tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix | provenance | | -| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | provenance | | +| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | provenance | Config | | tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix | provenance | | -| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | provenance | | +| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | provenance | Config | | tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | provenance | | | tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | provenance | | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | provenance | | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | provenance | | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | provenance | | +| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | provenance | Config | +| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | provenance | Config | +| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | provenance | Config | | tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand | provenance | | | tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand | provenance | | -| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | provenance | | -| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) | provenance | | +| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | provenance | Config | +| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) | provenance | Config | | tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | provenance | | | tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat | provenance | | -| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() | provenance | | -| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() | provenance | | +| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() | provenance | Config | +| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() | provenance | Config | | tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret | provenance | | | tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | provenance | | -| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | provenance | | -| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | provenance | | -| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | provenance | | -| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | provenance | | -| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | provenance | | -| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | provenance | | -| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | provenance | | -| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | provenance | | -| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | provenance | | -| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] | provenance | | -| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | provenance | | -| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) | provenance | | +| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | provenance | Config | +| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | provenance | Config | +| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | provenance | Config | +| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | provenance | Config | +| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | provenance | Config | +| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | provenance | Config | +| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | provenance | Config | +| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | provenance | Config | +| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | provenance | Config | +| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] | provenance | Config | +| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | provenance | Config | +| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) | provenance | Config | nodes | tst.js:2:20:2:32 | Math.random() | semmle.label | Math.random() | | tst.js:6:20:6:43 | "prefix ... andom() | semmle.label | "prefix ... andom() | diff --git a/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected index fdbf937e0a2e..fd0677de03df 100644 --- a/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected @@ -1,7 +1,7 @@ edges -| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin | -| tst.js:12:18:12:41 | url.par ... , true) | tst.js:12:9:12:54 | origin | -| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) | +| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin | provenance | | +| tst.js:12:18:12:41 | url.par ... , true) | tst.js:12:9:12:54 | origin | provenance | | +| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) | provenance | | nodes | tst.js:12:9:12:54 | origin | semmle.label | origin | | tst.js:12:18:12:41 | url.par ... , true) | semmle.label | url.par ... , true) | diff --git a/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected b/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected index 113ac3bd205c..69dcd04037ad 100644 --- a/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected +++ b/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected @@ -1,16 +1,16 @@ edges -| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | insecure-temporary-file.js:7:9:11:5 | tmpLocation | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | -| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:17:32:17:38 | tmpPath | -| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:23:32:23:38 | tmpPath | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath | -| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 | -| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | insecure-temporary-file.js:25:11:25:92 | tmpPath2 | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | +| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation | provenance | | +| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | insecure-temporary-file.js:7:9:11:5 | tmpLocation | provenance | | +| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | provenance | | +| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:17:32:17:38 | tmpPath | provenance | | +| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:23:32:23:38 | tmpPath | provenance | | +| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath | provenance | | +| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | provenance | | +| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | provenance | | +| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 | provenance | | +| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 | provenance | | +| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | insecure-temporary-file.js:25:11:25:92 | tmpPath2 | provenance | | +| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | provenance | | nodes | insecure-temporary-file.js:7:9:11:5 | tmpLocation | semmle.label | tmpLocation | | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | semmle.label | path.jo ... )\\n ) | diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected index e8593c903ca9..2d21c3324824 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected @@ -1,355 +1,355 @@ edges -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | -| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | lib/lib.js:35:28:35:31 | name | -| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name | -| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name | -| lib/lib.js:44:12:44:15 | name | lib/lib.js:44:12:44:25 | name.substr(1) | -| lib/lib.js:44:12:44:25 | name.substr(1) | lib/lib.js:44:5:44:25 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input | -| lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input | -| lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input | -| lib/snapdragon.js:22:44:22:47 | node | lib/snapdragon.js:23:5:23:8 | node | -| lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:25:22:25:26 | input | lib/snapdragon.js:22:44:22:47 | node | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:10:2:10:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:13:2:13:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:14:2:14:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:21:6:21:12 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:26:2:26:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:27:77:27:83 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:28:76:28:82 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:31:2:31:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:32:2:32:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:34:2:34:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:41:2:41:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:44:2:44:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:46:2:46:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:47:2:47:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:60:17:60:23 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:61:18:61:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:82:2:82:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:83:2:83:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:84:2:84:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:91:2:91:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:92:2:92:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:105:2:105:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:127:2:127:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:129:17:129:23 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:132:18:132:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:135:21:135:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted | -| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:9:2:9:8 | tainted | polynomial-redos.js:10:2:10:8 | tainted | -| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:12:2:12:8 | tainted | polynomial-redos.js:13:2:13:8 | tainted | -| polynomial-redos.js:13:2:13:8 | tainted | polynomial-redos.js:14:2:14:8 | tainted | -| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:20:2:20:8 | tainted | polynomial-redos.js:21:6:21:12 | tainted | -| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:25:2:25:8 | tainted | polynomial-redos.js:26:2:26:8 | tainted | -| polynomial-redos.js:26:2:26:8 | tainted | polynomial-redos.js:27:77:27:83 | tainted | -| polynomial-redos.js:27:77:27:83 | tainted | polynomial-redos.js:28:76:28:82 | tainted | -| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:30:2:30:8 | tainted | polynomial-redos.js:31:2:31:8 | tainted | -| polynomial-redos.js:31:2:31:8 | tainted | polynomial-redos.js:32:2:32:8 | tainted | -| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:33:2:33:8 | tainted | polynomial-redos.js:34:2:34:8 | tainted | -| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:40:2:40:8 | tainted | polynomial-redos.js:41:2:41:8 | tainted | -| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:43:2:43:8 | tainted | polynomial-redos.js:44:2:44:8 | tainted | -| polynomial-redos.js:44:2:44:8 | tainted | polynomial-redos.js:46:2:46:8 | tainted | -| polynomial-redos.js:46:2:46:8 | tainted | polynomial-redos.js:47:2:47:8 | tainted | -| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:59:23:59:29 | tainted | polynomial-redos.js:60:17:60:23 | tainted | -| polynomial-redos.js:60:17:60:23 | tainted | polynomial-redos.js:61:18:61:24 | tainted | -| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:81:2:81:8 | tainted | polynomial-redos.js:82:2:82:8 | tainted | -| polynomial-redos.js:82:2:82:8 | tainted | polynomial-redos.js:83:2:83:8 | tainted | -| polynomial-redos.js:83:2:83:8 | tainted | polynomial-redos.js:84:2:84:8 | tainted | -| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:90:2:90:8 | tainted | polynomial-redos.js:91:2:91:8 | tainted | -| polynomial-redos.js:91:2:91:8 | tainted | polynomial-redos.js:92:2:92:8 | tainted | -| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:104:2:104:8 | tainted | polynomial-redos.js:105:2:105:8 | tainted | -| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | -| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:121:18:121:24 | tainted | -| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:127:2:127:8 | tainted | -| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | polynomial-redos.js:121:18:121:24 | tainted | -| polynomial-redos.js:121:7:121:55 | replaced | polynomial-redos.js:123:13:123:20 | replaced | -| polynomial-redos.js:121:18:121:24 | tainted | polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | -| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | polynomial-redos.js:121:7:121:55 | replaced | -| polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:123:13:123:20 | replaced | polynomial-redos.js:123:3:123:20 | result | -| polynomial-redos.js:127:2:127:8 | tainted | polynomial-redos.js:129:17:129:23 | tainted | -| polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified | -| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | -| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:132:18:132:24 | tainted | -| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | polynomial-redos.js:129:6:129:42 | modified | -| polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | -| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:135:21:135:27 | tainted | -| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | polynomial-redos.js:132:6:132:50 | modified2 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | -| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | polynomial-redos.js:135:9:135:47 | modified3 | +| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | provenance | | +| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | provenance | | +| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | provenance | | +| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | provenance | | +| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | provenance | | +| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | lib/lib.js:35:28:35:31 | name | provenance | | +| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name | provenance | | +| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | provenance | | +| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name | provenance | | +| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name | provenance | | +| lib/lib.js:44:12:44:15 | name | lib/lib.js:44:12:44:25 | name.substr(1) | provenance | | +| lib/lib.js:44:12:44:25 | name.substr(1) | lib/lib.js:44:5:44:25 | name | provenance | | +| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | provenance | | +| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | provenance | | +| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | provenance | | +| lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input | provenance | | +| lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this | provenance | | +| lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input | provenance | | +| lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this | provenance | | +| lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input | provenance | | +| lib/snapdragon.js:22:44:22:47 | node | lib/snapdragon.js:23:5:23:8 | node | provenance | | +| lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val | provenance | | +| lib/snapdragon.js:25:22:25:26 | input | lib/snapdragon.js:22:44:22:47 | node | provenance | | +| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | provenance | | +| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | provenance | | +| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | provenance | | +| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | provenance | | +| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | provenance | | +| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:10:2:10:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:13:2:13:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:14:2:14:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:21:6:21:12 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:26:2:26:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:27:77:27:83 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:28:76:28:82 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:31:2:31:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:32:2:32:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:34:2:34:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:41:2:41:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:44:2:44:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:46:2:46:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:47:2:47:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:60:17:60:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:61:18:61:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:82:2:82:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:83:2:83:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:84:2:84:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:91:2:91:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:92:2:92:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:105:2:105:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:127:2:127:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:129:17:129:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:132:18:132:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:135:21:135:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted | provenance | | +| polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted | provenance | | +| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:9:2:9:8 | tainted | polynomial-redos.js:10:2:10:8 | tainted | provenance | | +| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:12:2:12:8 | tainted | polynomial-redos.js:13:2:13:8 | tainted | provenance | | +| polynomial-redos.js:13:2:13:8 | tainted | polynomial-redos.js:14:2:14:8 | tainted | provenance | | +| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:20:2:20:8 | tainted | polynomial-redos.js:21:6:21:12 | tainted | provenance | | +| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:25:2:25:8 | tainted | polynomial-redos.js:26:2:26:8 | tainted | provenance | | +| polynomial-redos.js:26:2:26:8 | tainted | polynomial-redos.js:27:77:27:83 | tainted | provenance | | +| polynomial-redos.js:27:77:27:83 | tainted | polynomial-redos.js:28:76:28:82 | tainted | provenance | | +| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:30:2:30:8 | tainted | polynomial-redos.js:31:2:31:8 | tainted | provenance | | +| polynomial-redos.js:31:2:31:8 | tainted | polynomial-redos.js:32:2:32:8 | tainted | provenance | | +| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:33:2:33:8 | tainted | polynomial-redos.js:34:2:34:8 | tainted | provenance | | +| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:40:2:40:8 | tainted | polynomial-redos.js:41:2:41:8 | tainted | provenance | | +| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:43:2:43:8 | tainted | polynomial-redos.js:44:2:44:8 | tainted | provenance | | +| polynomial-redos.js:44:2:44:8 | tainted | polynomial-redos.js:46:2:46:8 | tainted | provenance | | +| polynomial-redos.js:46:2:46:8 | tainted | polynomial-redos.js:47:2:47:8 | tainted | provenance | | +| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:59:23:59:29 | tainted | polynomial-redos.js:60:17:60:23 | tainted | provenance | | +| polynomial-redos.js:60:17:60:23 | tainted | polynomial-redos.js:61:18:61:24 | tainted | provenance | | +| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:81:2:81:8 | tainted | polynomial-redos.js:82:2:82:8 | tainted | provenance | | +| polynomial-redos.js:82:2:82:8 | tainted | polynomial-redos.js:83:2:83:8 | tainted | provenance | | +| polynomial-redos.js:83:2:83:8 | tainted | polynomial-redos.js:84:2:84:8 | tainted | provenance | | +| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:90:2:90:8 | tainted | polynomial-redos.js:91:2:91:8 | tainted | provenance | | +| polynomial-redos.js:91:2:91:8 | tainted | polynomial-redos.js:92:2:92:8 | tainted | provenance | | +| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:104:2:104:8 | tainted | polynomial-redos.js:105:2:105:8 | tainted | provenance | | +| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | provenance | | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:121:18:121:24 | tainted | provenance | | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:127:2:127:8 | tainted | provenance | | +| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | polynomial-redos.js:121:18:121:24 | tainted | provenance | | +| polynomial-redos.js:121:7:121:55 | replaced | polynomial-redos.js:123:13:123:20 | replaced | provenance | | +| polynomial-redos.js:121:18:121:24 | tainted | polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | provenance | | +| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | polynomial-redos.js:121:7:121:55 | replaced | provenance | | +| polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result | provenance | | +| polynomial-redos.js:123:13:123:20 | replaced | polynomial-redos.js:123:3:123:20 | result | provenance | | +| polynomial-redos.js:127:2:127:8 | tainted | polynomial-redos.js:129:17:129:23 | tainted | provenance | | +| polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified | provenance | | +| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | provenance | | +| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:132:18:132:24 | tainted | provenance | | +| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | polynomial-redos.js:129:6:129:42 | modified | provenance | | +| polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 | provenance | | +| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | provenance | | +| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:135:21:135:27 | tainted | provenance | | +| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | polynomial-redos.js:132:6:132:50 | modified2 | provenance | | +| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 | provenance | | +| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | provenance | | +| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:138:5:138:11 | tainted | provenance | | +| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | polynomial-redos.js:135:9:135:47 | modified3 | provenance | | nodes | lib/closure.js:3:21:3:21 | x | semmle.label | x | | lib/closure.js:4:16:4:16 | x | semmle.label | x | diff --git a/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected b/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected index d6d347c996d0..2f21ec2ca3d2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected @@ -1,17 +1,17 @@ edges -| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop | -| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop | -| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop | -| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | -| tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop | -| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | -| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | -| tst.js:21:25:21:25 | x | tst.js:22:15:22:15 | x | -| tst.js:22:6:22:15 | result | tst.js:23:9:23:14 | result | -| tst.js:22:15:22:15 | x | tst.js:22:6:22:15 | result | -| tst.js:23:9:23:14 | result | tst.js:23:9:23:42 | result. ... length) | -| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | -| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | +| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop | provenance | | +| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop | provenance | | +| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop | provenance | | +| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | provenance | | +| tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop | provenance | | +| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | provenance | | +| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | provenance | | +| tst.js:21:25:21:25 | x | tst.js:22:15:22:15 | x | provenance | | +| tst.js:22:6:22:15 | result | tst.js:23:9:23:14 | result | provenance | | +| tst.js:22:15:22:15 | x | tst.js:22:6:22:15 | result | provenance | | +| tst.js:23:9:23:14 | result | tst.js:23:9:23:42 | result. ... length) | provenance | | +| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | provenance | | +| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | provenance | | nodes | tst.js:8:6:8:52 | prop | semmle.label | prop | | tst.js:8:13:8:52 | myCoolL ... rolled) | semmle.label | myCoolL ... rolled) | diff --git a/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected b/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected index 50fb024e033f..bf0f97e28da7 100644 --- a/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected +++ b/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected @@ -21,23 +21,23 @@ nodes | tst.js:7:8:7:11 | test | semmle.label | test | | tst.js:7:8:7:15 | test+"n" | semmle.label | test+"n" | edges -| event-stream-orig.js:93:16:93:16 | r | event-stream-orig.js:94:26:94:26 | r | -| event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | -| event-stream-orig.js:94:26:94:26 | r | event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:93:16:93:16 | r | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream.js:5:12:5:12 | r | event-stream.js:6:22:6:22 | r | -| event-stream.js:6:10:6:30 | Buffer. ... "hex") | event-stream.js:6:10:6:41 | Buffer. ... tring() | -| event-stream.js:6:22:6:22 | r | event-stream.js:6:10:6:30 | Buffer. ... "hex") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:5:12:5:12 | r | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| tst.js:1:5:1:88 | totallyHarmlessString | tst.js:2:18:2:38 | totally ... sString | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString | -| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() | -| tst.js:2:18:2:38 | totally ... sString | tst.js:2:6:2:46 | Buffer. ... 'hex') | -| tst.js:5:5:5:23 | test | tst.js:7:8:7:11 | test | -| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test | -| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" | +| event-stream-orig.js:93:16:93:16 | r | event-stream-orig.js:94:26:94:26 | r | provenance | | +| event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | provenance | Config | +| event-stream-orig.js:94:26:94:26 | r | event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | provenance | Config | +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:93:16:93:16 | r | provenance | | +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | provenance | Config | +| event-stream.js:5:12:5:12 | r | event-stream.js:6:22:6:22 | r | provenance | | +| event-stream.js:6:10:6:30 | Buffer. ... "hex") | event-stream.js:6:10:6:41 | Buffer. ... tring() | provenance | Config | +| event-stream.js:6:22:6:22 | r | event-stream.js:6:10:6:30 | Buffer. ... "hex") | provenance | Config | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:5:12:5:12 | r | provenance | | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | provenance | Config | +| tst.js:1:5:1:88 | totallyHarmlessString | tst.js:2:18:2:38 | totally ... sString | provenance | | +| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString | provenance | | +| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() | provenance | Config | +| tst.js:2:18:2:38 | totally ... sString | tst.js:2:6:2:46 | Buffer. ... 'hex') | provenance | Config | +| tst.js:5:5:5:23 | test | tst.js:7:8:7:11 | test | provenance | | +| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test | provenance | | +| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" | provenance | Config | subpaths | event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:93:16:93:16 | r | event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | | event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:5:12:5:12 | r | event-stream.js:6:10:6:41 | Buffer. ... tring() | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected index fbac71a1779b..c245c3e3a107 100644 --- a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected +++ b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected @@ -120,90 +120,90 @@ nodes | typed.ts:55:25:55:35 | redirectUri | semmle.label | redirectUri | | typed.ts:56:33:56:43 | redirectUri | semmle.label | redirectUri | edges -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | -| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | -| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href | -| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | -| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | -| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | -| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | -| tst12.js:3:9:3:50 | urlParts | tst12.js:4:15:4:22 | urlParts | -| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') | -| tst12.js:3:20:3:50 | window. ... it('?') | tst12.js:3:9:3:50 | urlParts | -| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc | -| tst12.js:4:15:4:22 | urlParts | tst12.js:4:9:4:45 | loc | -| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload | -| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) | -| tst13.js:2:19:2:52 | documen ... bstr(1) | tst13.js:2:9:2:52 | payload | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | -| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload | -| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) | -| tst13.js:59:19:59:52 | documen ... bstr(1) | tst13.js:59:9:59:52 | payload | -| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload | -| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) | -| tst13.js:65:19:65:49 | history ... bstr(1) | tst13.js:65:9:65:49 | payload | -| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload | -| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) | -| tst13.js:72:19:72:49 | history ... bstr(1) | tst13.js:72:9:72:49 | payload | -| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url | -| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url | -| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url | -| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url | -| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) | -| tst13.js:78:15:78:48 | documen ... bstr(1) | tst13.js:78:9:78:48 | url | -| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | -| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | -| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | -| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | -| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | -| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | -| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | -| typed.ts:4:13:4:36 | params | typed.ts:5:25:5:30 | params | -| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params | -| typed.ts:5:25:5:30 | params | typed.ts:7:24:7:34 | redirectUri | -| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | -| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri | -| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | -| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri | -| typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri | -| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | -| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | +| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | provenance | | +| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | provenance | | +| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | provenance | | +| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | provenance | | +| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | provenance | | +| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href | provenance | | +| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | provenance | | +| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | provenance | Config | +| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | provenance | | +| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | provenance | | +| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | provenance | | +| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | provenance | | +| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | provenance | | +| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | provenance | | +| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | provenance | | +| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | provenance | | +| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | provenance | | +| tst12.js:3:9:3:50 | urlParts | tst12.js:4:15:4:22 | urlParts | provenance | | +| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') | provenance | | +| tst12.js:3:20:3:50 | window. ... it('?') | tst12.js:3:9:3:50 | urlParts | provenance | | +| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc | provenance | | +| tst12.js:4:15:4:22 | urlParts | tst12.js:4:9:4:45 | loc | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload | provenance | | +| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) | provenance | | +| tst13.js:2:19:2:52 | documen ... bstr(1) | tst13.js:2:9:2:52 | payload | provenance | | +| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | provenance | | +| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | provenance | | +| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload | provenance | | +| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) | provenance | | +| tst13.js:59:19:59:52 | documen ... bstr(1) | tst13.js:59:9:59:52 | payload | provenance | | +| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload | provenance | | +| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) | provenance | | +| tst13.js:65:19:65:49 | history ... bstr(1) | tst13.js:65:9:65:49 | payload | provenance | | +| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload | provenance | | +| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) | provenance | | +| tst13.js:72:19:72:49 | history ... bstr(1) | tst13.js:72:9:72:49 | payload | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url | provenance | | +| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) | provenance | | +| tst13.js:78:15:78:48 | documen ... bstr(1) | tst13.js:78:9:78:48 | url | provenance | | +| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | provenance | | +| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | provenance | Config | +| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | provenance | | +| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | provenance | Config | +| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | provenance | | +| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | provenance | Config | +| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | provenance | | +| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | provenance | Config | +| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | provenance | | +| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | provenance | Config | +| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | provenance | | +| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | provenance | Config | +| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | provenance | | +| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | provenance | Config | +| typed.ts:4:13:4:36 | params | typed.ts:5:25:5:30 | params | provenance | | +| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params | provenance | | +| typed.ts:5:25:5:30 | params | typed.ts:7:24:7:34 | redirectUri | provenance | | +| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | provenance | | +| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri | provenance | | +| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | provenance | | +| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri | provenance | | +| typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri | provenance | | +| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | provenance | | +| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | provenance | | subpaths #select | electron.js:7:20:7:29 | getTaint() | electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | Untrusted URL redirection depends on a $@. | electron.js:4:12:4:22 | window.name | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected b/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected index 4497676ff2e6..ac29a57bf83d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected +++ b/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected @@ -1,47 +1,47 @@ edges -| ServerSideUrlRedirectGood2.js:16:7:16:34 | target | ServerSideUrlRedirectGood2.js:18:18:18:23 | target | -| ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | ServerSideUrlRedirectGood2.js:16:7:16:34 | target | -| express.js:27:7:27:34 | target | express.js:30:18:30:23 | target | -| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target | -| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target | -| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target | -| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target | -| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target | -| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target | -| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:72 | [req.qu ... oin('') | -| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:150:7:150:34 | target | express.js:155:18:155:23 | target | -| express.js:150:7:150:34 | target | express.js:160:18:160:23 | target | -| express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target | -| express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing | -| express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) | -| express.js:164:17:164:54 | JSON.st ... (1, -1) | express.js:164:7:164:54 | myThing | -| express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) | -| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url | -| koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url | -| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url | -| koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url | -| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url | -| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` | -| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | -| node.js:5:7:5:52 | target | node.js:6:34:6:39 | target | -| node.js:5:16:5:39 | url.par ... , true) | node.js:5:7:5:52 | target | -| node.js:5:26:5:32 | req.url | node.js:5:16:5:39 | url.par ... , true) | -| node.js:10:7:10:52 | target | node.js:14:40:14:45 | target | -| node.js:10:16:10:39 | url.par ... , true) | node.js:10:7:10:52 | target | -| node.js:10:26:10:32 | req.url | node.js:10:16:10:39 | url.par ... , true) | -| node.js:14:40:14:45 | target | node.js:14:34:14:45 | '/' + target | -| node.js:28:7:28:52 | target | node.js:31:34:31:39 | target | -| node.js:28:16:28:39 | url.par ... , true) | node.js:28:7:28:52 | target | -| node.js:28:26:28:32 | req.url | node.js:28:16:28:39 | url.par ... , true) | -| node.js:31:34:31:39 | target | node.js:31:34:31:55 | target ... =" + me | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | +| ServerSideUrlRedirectGood2.js:16:7:16:34 | target | ServerSideUrlRedirectGood2.js:18:18:18:23 | target | provenance | | +| ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | ServerSideUrlRedirectGood2.js:16:7:16:34 | target | provenance | | +| express.js:27:7:27:34 | target | express.js:30:18:30:23 | target | provenance | | +| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target | provenance | | +| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target | provenance | | +| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target | provenance | | +| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | provenance | | +| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | provenance | | +| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target | provenance | | +| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target | provenance | | +| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target | provenance | | +| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:72 | [req.qu ... oin('') | provenance | | +| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | provenance | | +| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | provenance | | +| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | provenance | | +| express.js:150:7:150:34 | target | express.js:155:18:155:23 | target | provenance | | +| express.js:150:7:150:34 | target | express.js:160:18:160:23 | target | provenance | | +| express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target | provenance | | +| express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing | provenance | | +| express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) | provenance | | +| express.js:164:17:164:54 | JSON.st ... (1, -1) | express.js:164:7:164:54 | myThing | provenance | | +| express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) | provenance | | +| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url | provenance | | +| koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url | provenance | | +| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url | provenance | | +| koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url | provenance | | +| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url | provenance | | +| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` | provenance | | +| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | provenance | | +| node.js:5:7:5:52 | target | node.js:6:34:6:39 | target | provenance | | +| node.js:5:16:5:39 | url.par ... , true) | node.js:5:7:5:52 | target | provenance | | +| node.js:5:26:5:32 | req.url | node.js:5:16:5:39 | url.par ... , true) | provenance | | +| node.js:10:7:10:52 | target | node.js:14:40:14:45 | target | provenance | | +| node.js:10:16:10:39 | url.par ... , true) | node.js:10:7:10:52 | target | provenance | | +| node.js:10:26:10:32 | req.url | node.js:10:16:10:39 | url.par ... , true) | provenance | | +| node.js:14:40:14:45 | target | node.js:14:34:14:45 | '/' + target | provenance | | +| node.js:28:7:28:52 | target | node.js:31:34:31:39 | target | provenance | | +| node.js:28:16:28:39 | url.par ... , true) | node.js:28:7:28:52 | target | provenance | | +| node.js:28:26:28:32 | req.url | node.js:28:16:28:39 | url.par ... , true) | provenance | | +| node.js:31:34:31:39 | target | node.js:31:34:31:55 | target ... =" + me | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | nodes | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | semmle.label | req.query["target"] | | ServerSideUrlRedirectGood2.js:16:7:16:34 | target | semmle.label | target | diff --git a/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected b/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected index 8302bf16dd06..7bcfc58847a9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected +++ b/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected @@ -1,8 +1,8 @@ edges -| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | -| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | -| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | -| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | +| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | provenance | | +| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | provenance | | +| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | provenance | | +| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | provenance | | nodes | domparser.js:2:7:2:36 | src | semmle.label | src | | domparser.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search | diff --git a/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected b/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected index 12c11f7b2fef..1f3d5bd243d5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected +++ b/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected @@ -1,6 +1,6 @@ edges -| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | +| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | provenance | | +| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | provenance | | nodes | tst.js:17:11:17:113 | `Hi, lo ... token}` | semmle.label | `Hi, lo ... token}` | | tst.js:17:84:17:91 | req.host | semmle.label | req.host | diff --git a/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected b/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected index 5b216204dbe0..c28b6cf57cb4 100644 --- a/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected @@ -1,15 +1,15 @@ edges -| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName | -| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName | -| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | -| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) | -| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query | -| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query | -| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted | -| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted | +| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName | provenance | | +| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName | provenance | | +| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | provenance | | +| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) | provenance | | +| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query | provenance | | +| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query | provenance | | +| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted | provenance | | +| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted | provenance | | +| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted | provenance | | +| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted | provenance | | +| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted | provenance | | nodes | XpathInjectionBad.js:6:7:6:38 | userName | semmle.label | userName | | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | semmle.label | req.par ... rName") | diff --git a/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected b/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected index 936d17028e3d..14a519151625 100644 --- a/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected @@ -1,48 +1,48 @@ edges -| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:8:31:8:33 | key | -| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:19:19:19:21 | key | -| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:21:19:21:21 | key | -| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:33:12:33:14 | key | -| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:54:14:54:16 | key | -| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input | -| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input | -| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | -| RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:26:11:26 | s | -| RegExpInjection.js:11:20:11:27 | wrap2(s) | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | -| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:11:20:11:27 | wrap2(s) | -| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:14:18:14:18 | s | -| RegExpInjection.js:14:18:14:18 | s | RegExpInjection.js:15:12:15:12 | s | -| RegExpInjection.js:15:12:15:12 | s | RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | -| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:10:17:10:17 | s | -| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) | -| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:10:17:10:17 | s | -| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() | -| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:33:12:33:14 | key | RegExpInjection.js:29:21:29:21 | s | -| RegExpInjection.js:34:12:34:19 | getKey() | RegExpInjection.js:29:21:29:21 | s | -| RegExpInjection.js:54:14:54:16 | key | RegExpInjection.js:54:14:54:27 | key.split(".") | -| RegExpInjection.js:54:14:54:27 | key.split(".") | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | -| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | -| RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input | -| RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input | -| RegExpInjection.js:82:7:82:32 | input | RegExpInjection.js:87:25:87:29 | input | -| RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:82:7:82:32 | input | -| RegExpInjection.js:87:25:87:29 | input | RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | -| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | -| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | -| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | -| tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e | -| tst.js:2:9:2:21 | data | tst.js:3:21:3:24 | data | -| tst.js:2:16:2:16 | e | tst.js:2:9:2:21 | data | -| tst.js:3:21:3:24 | data | tst.js:3:16:3:35 | "^"+ data.name + "$" | +| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:8:31:8:33 | key | provenance | | +| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:19:19:19:21 | key | provenance | | +| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:21:19:21:21 | key | provenance | | +| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:33:12:33:14 | key | provenance | | +| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:54:14:54:16 | key | provenance | | +| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input | provenance | | +| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input | provenance | | +| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | provenance | | +| RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:26:11:26 | s | provenance | | +| RegExpInjection.js:11:20:11:27 | wrap2(s) | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | provenance | | +| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:11:20:11:27 | wrap2(s) | provenance | | +| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:14:18:14:18 | s | provenance | | +| RegExpInjection.js:14:18:14:18 | s | RegExpInjection.js:15:12:15:12 | s | provenance | | +| RegExpInjection.js:15:12:15:12 | s | RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | provenance | | +| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:10:17:10:17 | s | provenance | | +| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) | provenance | | +| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:10:17:10:17 | s | provenance | | +| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) | provenance | | +| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | provenance | | +| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() | provenance | | +| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | provenance | | +| RegExpInjection.js:33:12:33:14 | key | RegExpInjection.js:29:21:29:21 | s | provenance | | +| RegExpInjection.js:34:12:34:19 | getKey() | RegExpInjection.js:29:21:29:21 | s | provenance | | +| RegExpInjection.js:54:14:54:16 | key | RegExpInjection.js:54:14:54:27 | key.split(".") | provenance | | +| RegExpInjection.js:54:14:54:27 | key.split(".") | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | provenance | | +| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | provenance | | +| RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input | provenance | | +| RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input | provenance | | +| RegExpInjection.js:82:7:82:32 | input | RegExpInjection.js:87:25:87:29 | input | provenance | | +| RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:82:7:82:32 | input | provenance | | +| RegExpInjection.js:87:25:87:29 | input | RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | provenance | | +| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | provenance | | +| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | provenance | | +| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | provenance | | +| tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e | provenance | | +| tst.js:2:9:2:21 | data | tst.js:3:21:3:24 | data | provenance | | +| tst.js:2:16:2:16 | e | tst.js:2:9:2:21 | data | provenance | | +| tst.js:3:21:3:24 | data | tst.js:3:16:3:35 | "^"+ data.name + "$" | provenance | | nodes | RegExpInjection.js:5:7:5:28 | key | semmle.label | key | | RegExpInjection.js:5:13:5:28 | req.param("key") | semmle.label | req.param("key") | diff --git a/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected b/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected index 55d4ce165102..120f9a82e71a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected +++ b/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected @@ -60,60 +60,60 @@ nodes | tst.js:49:19:49:22 | name | semmle.label | name | | tst.js:50:5:50:6 | fn | semmle.label | fn | edges -| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | -| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | UnsafeDynamicMethodAccess.js:15:9:15:15 | message | -| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | UnsafeDynamicMethodAccess.js:6:9:6:37 | message | -| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | -| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | -| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | -| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | -| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | -| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | -| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | -| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | -| tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev | -| tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev | -| tst.js:7:9:7:39 | name | tst.js:11:9:11:12 | name | -| tst.js:7:9:7:39 | name | tst.js:17:18:17:21 | name | -| tst.js:7:9:7:39 | name | tst.js:21:11:21:14 | name | -| tst.js:7:9:7:39 | name | tst.js:26:11:26:14 | name | -| tst.js:7:9:7:39 | name | tst.js:28:11:28:14 | name | -| tst.js:7:9:7:39 | name | tst.js:34:21:34:24 | name | -| tst.js:7:16:7:34 | JSON.parse(ev.data) | tst.js:7:16:7:39 | JSON.pa ... a).name | -| tst.js:7:16:7:39 | JSON.pa ... a).name | tst.js:7:9:7:39 | name | -| tst.js:7:27:7:28 | ev | tst.js:7:27:7:33 | ev.data | -| tst.js:7:27:7:33 | ev.data | tst.js:7:16:7:34 | JSON.parse(ev.data) | -| tst.js:9:9:9:10 | ev | tst.js:9:9:9:15 | ev.data | -| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] | -| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | -| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn | -| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn | -| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn | -| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] | -| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] | -| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] | -| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] | -| tst.js:34:9:34:24 | key | tst.js:35:9:35:11 | key | -| tst.js:34:9:34:24 | key | tst.js:37:11:37:13 | key | -| tst.js:34:15:34:24 | "$" + name | tst.js:34:9:34:24 | key | -| tst.js:34:21:34:24 | name | tst.js:34:15:34:24 | "$" + name | -| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] | -| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] | -| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev | -| tst.js:48:9:48:39 | name | tst.js:49:19:49:22 | name | -| tst.js:48:16:48:34 | JSON.parse(ev.data) | tst.js:48:16:48:39 | JSON.pa ... a).name | -| tst.js:48:16:48:39 | JSON.pa ... a).name | tst.js:48:9:48:39 | name | -| tst.js:48:27:48:28 | ev | tst.js:48:27:48:33 | ev.data | -| tst.js:48:27:48:33 | ev.data | tst.js:48:16:48:34 | JSON.parse(ev.data) | -| tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn | -| tst.js:49:14:49:23 | obj2[name] | tst.js:49:9:49:23 | fn | -| tst.js:49:19:49:22 | name | tst.js:49:14:49:23 | obj2[name] | +| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | provenance | | +| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | UnsafeDynamicMethodAccess.js:15:9:15:15 | message | provenance | | +| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | UnsafeDynamicMethodAccess.js:6:9:6:37 | message | provenance | | +| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | provenance | Config | +| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | provenance | Config | +| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | provenance | Config | +| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | provenance | Config | +| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | provenance | | +| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | provenance | | +| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | provenance | Config | +| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | provenance | | +| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | provenance | | +| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | provenance | Config | +| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | provenance | | +| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | provenance | | +| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | provenance | Config | +| tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev | provenance | | +| tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev | provenance | | +| tst.js:7:9:7:39 | name | tst.js:11:9:11:12 | name | provenance | | +| tst.js:7:9:7:39 | name | tst.js:17:18:17:21 | name | provenance | | +| tst.js:7:9:7:39 | name | tst.js:21:11:21:14 | name | provenance | | +| tst.js:7:9:7:39 | name | tst.js:26:11:26:14 | name | provenance | | +| tst.js:7:9:7:39 | name | tst.js:28:11:28:14 | name | provenance | | +| tst.js:7:9:7:39 | name | tst.js:34:21:34:24 | name | provenance | | +| tst.js:7:16:7:34 | JSON.parse(ev.data) | tst.js:7:16:7:39 | JSON.pa ... a).name | provenance | Config | +| tst.js:7:16:7:39 | JSON.pa ... a).name | tst.js:7:9:7:39 | name | provenance | | +| tst.js:7:27:7:28 | ev | tst.js:7:27:7:33 | ev.data | provenance | Config | +| tst.js:7:27:7:33 | ev.data | tst.js:7:16:7:34 | JSON.parse(ev.data) | provenance | Config | +| tst.js:9:9:9:10 | ev | tst.js:9:9:9:15 | ev.data | provenance | Config | +| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] | provenance | Config | +| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] | provenance | Config | +| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | provenance | | +| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn | provenance | | +| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn | provenance | | +| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn | provenance | | +| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] | provenance | Config | +| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] | provenance | Config | +| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] | provenance | Config | +| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] | provenance | Config | +| tst.js:34:9:34:24 | key | tst.js:35:9:35:11 | key | provenance | | +| tst.js:34:9:34:24 | key | tst.js:37:11:37:13 | key | provenance | | +| tst.js:34:15:34:24 | "$" + name | tst.js:34:9:34:24 | key | provenance | | +| tst.js:34:21:34:24 | name | tst.js:34:15:34:24 | "$" + name | provenance | Config | +| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] | provenance | Config | +| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] | provenance | Config | +| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev | provenance | | +| tst.js:48:9:48:39 | name | tst.js:49:19:49:22 | name | provenance | | +| tst.js:48:16:48:34 | JSON.parse(ev.data) | tst.js:48:16:48:39 | JSON.pa ... a).name | provenance | Config | +| tst.js:48:16:48:39 | JSON.pa ... a).name | tst.js:48:9:48:39 | name | provenance | | +| tst.js:48:27:48:28 | ev | tst.js:48:27:48:33 | ev.data | provenance | Config | +| tst.js:48:27:48:33 | ev.data | tst.js:48:16:48:34 | JSON.parse(ev.data) | provenance | Config | +| tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn | provenance | | +| tst.js:49:14:49:23 | obj2[name] | tst.js:49:9:49:23 | fn | provenance | | +| tst.js:49:19:49:22 | name | tst.js:49:14:49:23 | obj2[name] | provenance | Config | subpaths #select | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | user-controlled | diff --git a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected b/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected index f3b767c64b4a..7ca545489969 100644 --- a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected +++ b/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected @@ -1,33 +1,33 @@ edges -| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | -| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:6:20:6:20 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:35:12:35:12 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:82:17:82:17 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:84:18:84:18 | s | -| resource-exhaustion.js:5:11:5:34 | url.par ... , true) | resource-exhaustion.js:5:7:5:42 | s | -| resource-exhaustion.js:5:21:5:27 | req.url | resource-exhaustion.js:5:11:5:34 | url.par ... , true) | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:14:16:14:16 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:15:22:15:22 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:16:26:16:26 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:20:20:20:20 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:22:18:22:18 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:27:9:27:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:28:13:28:13 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:29:9:29:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:30:9:30:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:31:9:31:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:32:9:32:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:34:12:34:12 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:81:17:81:17 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:83:18:83:18 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:88:16:88:16 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:92:18:92:18 | n | -| resource-exhaustion.js:6:11:6:21 | parseInt(s) | resource-exhaustion.js:6:7:6:21 | n | -| resource-exhaustion.js:6:20:6:20 | s | resource-exhaustion.js:6:11:6:21 | parseInt(s) | +| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | provenance | | +| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | provenance | | +| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | provenance | | +| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | provenance | Config | +| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | provenance | | +| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:6:20:6:20 | s | provenance | | +| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:35:12:35:12 | s | provenance | | +| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:82:17:82:17 | s | provenance | | +| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:84:18:84:18 | s | provenance | | +| resource-exhaustion.js:5:11:5:34 | url.par ... , true) | resource-exhaustion.js:5:7:5:42 | s | provenance | | +| resource-exhaustion.js:5:21:5:27 | req.url | resource-exhaustion.js:5:11:5:34 | url.par ... , true) | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:14:16:14:16 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:15:22:15:22 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:16:26:16:26 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:20:20:20:20 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:22:18:22:18 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:27:9:27:9 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:28:13:28:13 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:29:9:29:9 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:30:9:30:9 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:31:9:31:9 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:32:9:32:9 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:34:12:34:12 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:81:17:81:17 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:83:18:83:18 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:88:16:88:16 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:92:18:92:18 | n | provenance | | +| resource-exhaustion.js:6:11:6:21 | parseInt(s) | resource-exhaustion.js:6:7:6:21 | n | provenance | | +| resource-exhaustion.js:6:20:6:20 | s | resource-exhaustion.js:6:11:6:21 | parseInt(s) | provenance | Config | nodes | documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | semmle.label | delay | | documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | semmle.label | parseIn ... .delay) | diff --git a/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected b/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected index be99aaf75139..bcdb2c57680c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected +++ b/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected @@ -1,12 +1,12 @@ edges -| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src | -| closure.js:2:13:2:36 | documen ... .search | closure.js:2:7:2:36 | src | -| domparser.js:2:7:2:36 | src | domparser.js:6:37:6:39 | src | -| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | -| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | -| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | -| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src | -| jquery.js:2:13:2:36 | documen ... .search | jquery.js:2:7:2:36 | src | +| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src | provenance | | +| closure.js:2:13:2:36 | documen ... .search | closure.js:2:7:2:36 | src | provenance | | +| domparser.js:2:7:2:36 | src | domparser.js:6:37:6:39 | src | provenance | | +| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | provenance | | +| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | provenance | | +| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | provenance | | +| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src | provenance | | +| jquery.js:2:13:2:36 | documen ... .search | jquery.js:2:7:2:36 | src | provenance | | nodes | closure.js:2:7:2:36 | src | semmle.label | src | | closure.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search | diff --git a/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected b/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected index f78e2428b902..834ad02c1f24 100644 --- a/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected +++ b/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected @@ -1,19 +1,19 @@ edges -| example_bypass.js:6:9:6:19 | req.cookies | example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:24:17:24:17 | v | tst.js:25:16:25:16 | v | -| tst.js:27:9:27:37 | v3 | tst.js:28:9:28:10 | v3 | -| tst.js:27:14:27:37 | id(req. ... okieId) | tst.js:27:9:27:37 | v3 | -| tst.js:27:17:27:27 | req.cookies | tst.js:27:17:27:36 | req.cookies.cookieId | -| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:24:17:24:17 | v | -| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:27:14:27:37 | id(req. ... okieId) | -| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:28 | req.cookies.cookieId | tst.js:78:9:78:41 | req.coo ... secret" | +| example_bypass.js:6:9:6:19 | req.cookies | example_bypass.js:6:9:6:34 | req.coo ... nUserId | provenance | | +| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | provenance | | +| tst.js:24:17:24:17 | v | tst.js:25:16:25:16 | v | provenance | | +| tst.js:27:9:27:37 | v3 | tst.js:28:9:28:10 | v3 | provenance | | +| tst.js:27:14:27:37 | id(req. ... okieId) | tst.js:27:9:27:37 | v3 | provenance | | +| tst.js:27:17:27:27 | req.cookies | tst.js:27:17:27:36 | req.cookies.cookieId | provenance | | +| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:24:17:24:17 | v | provenance | | +| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:27:14:27:37 | id(req. ... okieId) | provenance | | +| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | provenance | | +| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | provenance | | +| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId | provenance | | +| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId | provenance | | +| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | provenance | | +| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | provenance | | +| tst.js:78:9:78:28 | req.cookies.cookieId | tst.js:78:9:78:41 | req.coo ... secret" | provenance | Config | nodes | example_bypass.js:6:9:6:19 | req.cookies | semmle.label | req.cookies | | example_bypass.js:6:9:6:34 | req.coo ... nUserId | semmle.label | req.coo ... nUserId | diff --git a/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected b/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected index 464b21ca14e1..511e776ed3c8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected @@ -1,22 +1,22 @@ edges -| LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:17:18:17:20 | val | -| LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:25:20:25:22 | val | -| LoopBoundInjectionBad.js:12:25:12:32 | req.body | LoopBoundInjectionBad.js:35:30:35:32 | val | -| LoopBoundInjectionBad.js:14:19:14:26 | req.body | LoopBoundInjectionBad.js:46:24:46:26 | val | -| LoopBoundInjectionBad.js:17:18:17:20 | val | LoopBoundInjectionBad.js:20:25:20:27 | val | -| LoopBoundInjectionBad.js:25:20:25:22 | val | LoopBoundInjectionBad.js:29:16:29:18 | val | -| LoopBoundInjectionBad.js:35:30:35:32 | val | LoopBoundInjectionBad.js:38:15:38:17 | val | -| LoopBoundInjectionBad.js:46:24:46:26 | val | LoopBoundInjectionBad.js:51:25:51:27 | val | -| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | LoopBoundInjectionExitBad.js:17:17:17:19 | val | -| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | LoopBoundInjectionExitBad.js:31:17:31:19 | val | -| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | LoopBoundInjectionExitBad.js:46:18:46:20 | val | -| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | LoopBoundInjectionExitBad.js:59:22:59:24 | val | -| LoopBoundInjectionExitBad.js:17:17:17:19 | val | LoopBoundInjectionExitBad.js:20:22:20:24 | val | -| LoopBoundInjectionExitBad.js:31:17:31:19 | val | LoopBoundInjectionExitBad.js:34:22:34:24 | val | -| LoopBoundInjectionExitBad.js:46:18:46:20 | val | LoopBoundInjectionExitBad.js:49:22:49:24 | val | -| LoopBoundInjectionExitBad.js:59:22:59:24 | val | LoopBoundInjectionExitBad.js:60:8:60:10 | val | -| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | LoopBoundInjectionLodash.js:12:18:12:20 | val | -| LoopBoundInjectionLodash.js:12:18:12:20 | val | LoopBoundInjectionLodash.js:13:13:13:15 | val | +| LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:17:18:17:20 | val | provenance | | +| LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:25:20:25:22 | val | provenance | | +| LoopBoundInjectionBad.js:12:25:12:32 | req.body | LoopBoundInjectionBad.js:35:30:35:32 | val | provenance | | +| LoopBoundInjectionBad.js:14:19:14:26 | req.body | LoopBoundInjectionBad.js:46:24:46:26 | val | provenance | | +| LoopBoundInjectionBad.js:17:18:17:20 | val | LoopBoundInjectionBad.js:20:25:20:27 | val | provenance | | +| LoopBoundInjectionBad.js:25:20:25:22 | val | LoopBoundInjectionBad.js:29:16:29:18 | val | provenance | | +| LoopBoundInjectionBad.js:35:30:35:32 | val | LoopBoundInjectionBad.js:38:15:38:17 | val | provenance | | +| LoopBoundInjectionBad.js:46:24:46:26 | val | LoopBoundInjectionBad.js:51:25:51:27 | val | provenance | | +| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | LoopBoundInjectionExitBad.js:17:17:17:19 | val | provenance | | +| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | LoopBoundInjectionExitBad.js:31:17:31:19 | val | provenance | | +| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | LoopBoundInjectionExitBad.js:46:18:46:20 | val | provenance | | +| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | LoopBoundInjectionExitBad.js:59:22:59:24 | val | provenance | | +| LoopBoundInjectionExitBad.js:17:17:17:19 | val | LoopBoundInjectionExitBad.js:20:22:20:24 | val | provenance | | +| LoopBoundInjectionExitBad.js:31:17:31:19 | val | LoopBoundInjectionExitBad.js:34:22:34:24 | val | provenance | | +| LoopBoundInjectionExitBad.js:46:18:46:20 | val | LoopBoundInjectionExitBad.js:49:22:49:24 | val | provenance | | +| LoopBoundInjectionExitBad.js:59:22:59:24 | val | LoopBoundInjectionExitBad.js:60:8:60:10 | val | provenance | | +| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | LoopBoundInjectionLodash.js:12:18:12:20 | val | provenance | | +| LoopBoundInjectionLodash.js:12:18:12:20 | val | LoopBoundInjectionLodash.js:13:13:13:15 | val | provenance | | nodes | LoopBoundInjectionBad.js:8:13:8:20 | req.body | semmle.label | req.body | | LoopBoundInjectionBad.js:10:15:10:22 | req.body | semmle.label | req.body | diff --git a/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected b/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected index d0234ead0793..27de08dc8461 100644 --- a/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected +++ b/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected @@ -1,41 +1,41 @@ edges -| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:17:7:17:9 | foo | -| tst.js:5:9:5:27 | foo | tst.js:21:5:21:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:22:5:22:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:23:5:23:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:25:5:25:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:28:5:28:7 | foo | -| tst.js:5:15:5:27 | req.query.foo | tst.js:5:9:5:27 | foo | -| tst.js:6:5:6:7 | foo | tst.js:8:5:8:7 | foo | -| tst.js:6:5:6:7 | foo | tst.js:8:5:8:7 | foo | -| tst.js:8:5:8:7 | foo | tst.js:10:5:12:5 | functio ... K\\n } [foo] | -| tst.js:8:5:8:7 | foo | tst.js:17:7:17:9 | foo | -| tst.js:10:5:12:5 | functio ... K\\n } [foo] | tst.js:10:14:10:14 | f [foo] | -| tst.js:10:5:12:5 | functio ... K\\n } [foo] | tst.js:11:9:11:11 | foo | -| tst.js:10:14:10:14 | f [foo] | tst.js:39:12:39:12 | f [foo] | -| tst.js:14:16:14:18 | bar | tst.js:15:9:15:11 | bar | -| tst.js:17:7:17:9 | foo | tst.js:14:16:14:18 | bar | -| tst.js:17:7:17:9 | foo | tst.js:21:5:21:7 | foo | -| tst.js:21:5:21:7 | foo | tst.js:22:5:22:7 | foo | -| tst.js:22:5:22:7 | foo | tst.js:23:5:23:7 | foo | -| tst.js:23:5:23:7 | foo | tst.js:25:5:25:7 | foo | -| tst.js:25:5:25:7 | foo | tst.js:27:5:27:7 | foo | -| tst.js:25:5:25:7 | foo | tst.js:27:5:27:7 | foo | -| tst.js:27:5:27:7 | foo | tst.js:28:5:28:7 | foo | -| tst.js:39:12:39:12 | f [foo] | tst.js:11:9:11:11 | foo | -| tst.js:45:9:45:35 | foo | tst.js:46:5:46:7 | foo | -| tst.js:45:15:45:35 | ctx.req ... ery.foo | tst.js:45:9:45:35 | foo | -| tst.js:77:25:77:38 | req.query.path | tst.js:80:23:80:23 | p | -| tst.js:80:23:80:23 | p | tst.js:81:9:81:9 | p | -| tst.js:80:23:80:23 | p | tst.js:82:9:82:9 | p | -| tst.js:103:9:103:29 | data | tst.js:104:5:104:8 | data | -| tst.js:103:16:103:29 | req.query.data | tst.js:103:9:103:29 | data | +| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:17:7:17:9 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:21:5:21:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:22:5:22:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:23:5:23:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:25:5:25:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:28:5:28:7 | foo | provenance | | +| tst.js:5:15:5:27 | req.query.foo | tst.js:5:9:5:27 | foo | provenance | | +| tst.js:6:5:6:7 | foo | tst.js:8:5:8:7 | foo | provenance | | +| tst.js:6:5:6:7 | foo | tst.js:8:5:8:7 | foo | provenance | | +| tst.js:8:5:8:7 | foo | tst.js:10:5:12:5 | functio ... K\\n } [foo] | provenance | | +| tst.js:8:5:8:7 | foo | tst.js:17:7:17:9 | foo | provenance | | +| tst.js:10:5:12:5 | functio ... K\\n } [foo] | tst.js:10:14:10:14 | f [foo] | provenance | | +| tst.js:10:5:12:5 | functio ... K\\n } [foo] | tst.js:11:9:11:11 | foo | provenance | | +| tst.js:10:14:10:14 | f [foo] | tst.js:39:12:39:12 | f [foo] | provenance | | +| tst.js:14:16:14:18 | bar | tst.js:15:9:15:11 | bar | provenance | | +| tst.js:17:7:17:9 | foo | tst.js:14:16:14:18 | bar | provenance | | +| tst.js:17:7:17:9 | foo | tst.js:21:5:21:7 | foo | provenance | | +| tst.js:21:5:21:7 | foo | tst.js:22:5:22:7 | foo | provenance | | +| tst.js:22:5:22:7 | foo | tst.js:23:5:23:7 | foo | provenance | | +| tst.js:23:5:23:7 | foo | tst.js:25:5:25:7 | foo | provenance | | +| tst.js:25:5:25:7 | foo | tst.js:27:5:27:7 | foo | provenance | | +| tst.js:25:5:25:7 | foo | tst.js:27:5:27:7 | foo | provenance | | +| tst.js:27:5:27:7 | foo | tst.js:28:5:28:7 | foo | provenance | | +| tst.js:39:12:39:12 | f [foo] | tst.js:11:9:11:11 | foo | provenance | | +| tst.js:45:9:45:35 | foo | tst.js:46:5:46:7 | foo | provenance | | +| tst.js:45:15:45:35 | ctx.req ... ery.foo | tst.js:45:9:45:35 | foo | provenance | | +| tst.js:77:25:77:38 | req.query.path | tst.js:80:23:80:23 | p | provenance | | +| tst.js:80:23:80:23 | p | tst.js:81:9:81:9 | p | provenance | | +| tst.js:80:23:80:23 | p | tst.js:82:9:82:9 | p | provenance | | +| tst.js:103:9:103:29 | data | tst.js:104:5:104:8 | data | provenance | | +| tst.js:103:16:103:29 | req.query.data | tst.js:103:9:103:29 | data | provenance | | nodes | tst.js:5:9:5:27 | foo | semmle.label | foo | | tst.js:5:15:5:27 | req.query.foo | semmle.label | req.query.foo | diff --git a/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected b/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected index a9973f754659..0928df48ef9a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected +++ b/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected @@ -1,12 +1,12 @@ edges -| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | -| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | -| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | -| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | -| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | -| tst.js:16:33:16:33 | c | tst.js:19:25:19:25 | c | -| tst.js:16:33:16:33 | c | tst.js:19:25:19:25 | c | -| tst.js:19:25:19:25 | c | tst.js:24:22:24:22 | c | +| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | provenance | | +| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | provenance | | +| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | provenance | | +| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | provenance | | +| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | provenance | | +| tst.js:16:33:16:33 | c | tst.js:19:25:19:25 | c | provenance | | +| tst.js:16:33:16:33 | c | tst.js:19:25:19:25 | c | provenance | | +| tst.js:19:25:19:25 | c | tst.js:24:22:24:22 | c | provenance | | nodes | HttpToFileAccess.js:5:18:5:18 | d | semmle.label | d | | HttpToFileAccess.js:6:37:6:37 | d | semmle.label | d | diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected index e3e20255490c..46afcf5a14f8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected @@ -1,106 +1,106 @@ edges -| lib.js:1:38:1:40 | obj | lib.js:6:7:6:9 | obj | -| lib.js:1:43:1:46 | path | lib.js:2:21:2:24 | path | -| lib.js:2:7:2:27 | currentPath | lib.js:11:21:11:31 | currentPath | -| lib.js:2:21:2:24 | path | lib.js:2:21:2:27 | path[0] | -| lib.js:2:21:2:27 | path[0] | lib.js:2:7:2:27 | currentPath | -| lib.js:11:17:11:32 | obj[currentPath] | lib.js:1:38:1:40 | obj | -| lib.js:11:21:11:31 | currentPath | lib.js:11:17:11:32 | obj[currentPath] | -| lib.js:14:38:14:41 | path | lib.js:15:7:15:10 | path | -| lib.js:15:7:15:10 | path | lib.js:15:7:15:13 | path[0] | -| lib.js:15:7:15:13 | path[0] | lib.js:15:3:15:14 | obj[path[0]] | -| lib.js:20:7:20:25 | path | lib.js:22:7:22:10 | path | -| lib.js:20:14:20:22 | arguments | lib.js:20:14:20:25 | arguments[1] | -| lib.js:20:14:20:25 | arguments[1] | lib.js:20:7:20:25 | path | -| lib.js:22:7:22:10 | path | lib.js:22:7:22:13 | path[0] | -| lib.js:22:7:22:13 | path[0] | lib.js:22:3:22:14 | obj[path[0]] | -| lib.js:25:44:25:47 | path | lib.js:26:14:26:17 | path | -| lib.js:26:14:26:17 | path | lib.js:26:14:26:20 | path[0] | -| lib.js:26:14:26:20 | path[0] | lib.js:26:10:26:21 | obj[path[0]] | -| lib.js:30:9:30:52 | args | lib.js:32:14:32:17 | args | -| lib.js:30:16:30:52 | Array.p ... uments) | lib.js:30:9:30:52 | args | -| lib.js:30:16:30:52 | reflective call | lib.js:30:16:30:52 | Array.p ... uments) | -| lib.js:30:43:30:51 | arguments | lib.js:30:16:30:52 | reflective call | -| lib.js:32:7:32:20 | path | lib.js:34:7:34:10 | path | -| lib.js:32:14:32:17 | args | lib.js:32:14:32:20 | args[1] | -| lib.js:32:14:32:20 | args[1] | lib.js:32:7:32:20 | path | -| lib.js:34:7:34:10 | path | lib.js:34:7:34:13 | path[0] | -| lib.js:34:7:34:13 | path[0] | lib.js:34:3:34:14 | obj[path[0]] | -| lib.js:38:9:38:36 | args | lib.js:40:14:40:17 | args | -| lib.js:38:16:38:36 | Array.f ... uments) | lib.js:38:9:38:36 | args | -| lib.js:38:27:38:35 | arguments | lib.js:38:16:38:36 | Array.f ... uments) | -| lib.js:40:7:40:20 | path | lib.js:42:7:42:10 | path | -| lib.js:40:14:40:17 | args | lib.js:40:14:40:20 | args[1] | -| lib.js:40:14:40:20 | args[1] | lib.js:40:7:40:20 | path | -| lib.js:42:7:42:10 | path | lib.js:42:7:42:13 | path[0] | -| lib.js:42:7:42:13 | path[0] | lib.js:42:3:42:14 | obj[path[0]] | -| lib.js:83:7:83:25 | path | lib.js:86:19:86:22 | path | -| lib.js:83:14:83:22 | arguments | lib.js:83:14:83:25 | arguments[1] | -| lib.js:83:14:83:25 | arguments[1] | lib.js:83:7:83:25 | path | -| lib.js:86:7:86:26 | proto | lib.js:87:10:87:14 | proto | -| lib.js:86:15:86:26 | obj[path[0]] | lib.js:86:7:86:26 | proto | -| lib.js:86:19:86:22 | path | lib.js:86:19:86:25 | path[0] | -| lib.js:86:19:86:25 | path[0] | lib.js:86:15:86:26 | obj[path[0]] | -| lib.js:90:43:90:46 | path | lib.js:91:24:91:27 | path | -| lib.js:91:7:91:28 | maybeProto | lib.js:92:3:92:12 | maybeProto | -| lib.js:91:7:91:28 | maybeProto | lib.js:95:3:95:12 | maybeProto | -| lib.js:91:20:91:28 | obj[path] | lib.js:91:7:91:28 | maybeProto | -| lib.js:91:24:91:27 | path | lib.js:91:20:91:28 | obj[path] | -| lib.js:104:7:104:24 | one | lib.js:108:7:108:9 | one | -| lib.js:104:13:104:21 | arguments | lib.js:104:13:104:24 | arguments[1] | -| lib.js:104:13:104:24 | arguments[1] | lib.js:104:7:104:24 | one | -| lib.js:108:7:108:9 | one | lib.js:108:3:108:10 | obj[one] | -| lib.js:118:29:118:32 | path | lib.js:119:17:119:20 | path | -| lib.js:119:17:119:20 | path | lib.js:119:17:119:23 | path[0] | -| lib.js:119:17:119:23 | path[0] | lib.js:119:13:119:24 | obj[path[0]] | -| lib.js:127:14:127:17 | path | lib.js:128:13:128:16 | path | -| lib.js:128:13:128:16 | path | lib.js:128:13:128:19 | path[0] | -| lib.js:128:13:128:19 | path[0] | lib.js:128:9:128:20 | obj[path[0]] | -| otherlib/src/otherlibimpl.js:1:37:1:40 | path | otherlib/src/otherlibimpl.js:2:7:2:10 | path | -| otherlib/src/otherlibimpl.js:2:7:2:10 | path | otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | -| otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | -| sublib/other.js:5:28:5:31 | path | sublib/other.js:6:11:6:14 | path | -| sublib/other.js:6:11:6:14 | path | sublib/other.js:6:11:6:17 | path[0] | -| sublib/other.js:6:11:6:17 | path[0] | sublib/other.js:6:7:6:18 | obj[path[0]] | -| sublib/sub.js:1:37:1:40 | path | sublib/sub.js:2:7:2:10 | path | -| sublib/sub.js:2:7:2:10 | path | sublib/sub.js:2:7:2:13 | path[0] | -| sublib/sub.js:2:7:2:13 | path[0] | sublib/sub.js:2:3:2:14 | obj[path[0]] | -| tst.js:5:9:5:38 | taint | tst.js:8:12:8:16 | taint | -| tst.js:5:9:5:38 | taint | tst.js:9:12:9:16 | taint | -| tst.js:5:9:5:38 | taint | tst.js:12:25:12:29 | taint | -| tst.js:5:9:5:38 | taint | tst.js:14:27:14:31 | taint | -| tst.js:5:17:5:38 | String( ... y.data) | tst.js:5:9:5:38 | taint | -| tst.js:5:24:5:37 | req.query.data | tst.js:5:17:5:38 | String( ... y.data) | -| tst.js:8:12:8:16 | taint | tst.js:8:5:8:17 | object[taint] | -| tst.js:9:12:9:16 | taint | tst.js:9:5:9:17 | object[taint] | -| tst.js:12:18:12:30 | object[taint] | tst.js:33:23:33:25 | obj | -| tst.js:12:25:12:29 | taint | tst.js:12:18:12:30 | object[taint] | -| tst.js:14:27:14:31 | taint | tst.js:14:5:14:32 | unsafeG ... taint) | -| tst.js:14:27:14:31 | taint | tst.js:55:29:55:32 | prop | -| tst.js:33:23:33:25 | obj | tst.js:34:5:34:7 | obj | -| tst.js:33:23:33:25 | obj | tst.js:39:9:39:11 | obj | -| tst.js:33:23:33:25 | obj | tst.js:45:9:45:11 | obj | -| tst.js:33:23:33:25 | obj | tst.js:48:9:48:11 | obj | -| tst.js:55:29:55:32 | prop | tst.js:56:22:56:25 | prop | -| tst.js:56:18:56:26 | obj[prop] | tst.js:56:12:56:33 | obj ? o ... : null | -| tst.js:56:22:56:25 | prop | tst.js:56:18:56:26 | obj[prop] | -| tst.js:77:9:77:38 | taint | tst.js:80:12:80:16 | taint | -| tst.js:77:9:77:38 | taint | tst.js:82:17:82:21 | taint | -| tst.js:77:9:77:38 | taint | tst.js:87:16:87:20 | taint | -| tst.js:77:17:77:38 | String( ... y.data) | tst.js:77:9:77:38 | taint | -| tst.js:77:24:77:37 | req.query.data | tst.js:77:17:77:38 | String( ... y.data) | -| tst.js:80:12:80:16 | taint | tst.js:80:5:80:17 | object[taint] | -| tst.js:82:12:82:21 | "" + taint | tst.js:82:5:82:22 | object["" + taint] | -| tst.js:82:17:82:21 | taint | tst.js:82:12:82:21 | "" + taint | -| tst.js:87:16:87:20 | taint | tst.js:87:9:87:21 | object[taint] | -| tst.js:94:9:94:19 | req.query.x | tst.js:94:9:94:36 | req.que ... _', '') | -| tst.js:94:9:94:36 | req.que ... _', '') | tst.js:94:5:94:37 | obj[req ... ', '')] | -| tst.js:97:9:97:19 | req.query.x | tst.js:97:9:97:45 | req.que ... /g, '') | -| tst.js:97:9:97:45 | req.que ... /g, '') | tst.js:97:5:97:46 | obj[req ... g, '')] | -| tst.js:102:9:102:38 | taint | tst.js:105:12:105:16 | taint | -| tst.js:102:17:102:38 | String( ... y.data) | tst.js:102:9:102:38 | taint | -| tst.js:102:24:102:37 | req.query.data | tst.js:102:17:102:38 | String( ... y.data) | -| tst.js:105:12:105:16 | taint | tst.js:105:5:105:17 | object[taint] | +| lib.js:1:38:1:40 | obj | lib.js:6:7:6:9 | obj | provenance | | +| lib.js:1:43:1:46 | path | lib.js:2:21:2:24 | path | provenance | | +| lib.js:2:7:2:27 | currentPath | lib.js:11:21:11:31 | currentPath | provenance | | +| lib.js:2:21:2:24 | path | lib.js:2:21:2:27 | path[0] | provenance | Config | +| lib.js:2:21:2:27 | path[0] | lib.js:2:7:2:27 | currentPath | provenance | | +| lib.js:11:17:11:32 | obj[currentPath] | lib.js:1:38:1:40 | obj | provenance | | +| lib.js:11:21:11:31 | currentPath | lib.js:11:17:11:32 | obj[currentPath] | provenance | Config | +| lib.js:14:38:14:41 | path | lib.js:15:7:15:10 | path | provenance | | +| lib.js:15:7:15:10 | path | lib.js:15:7:15:13 | path[0] | provenance | Config | +| lib.js:15:7:15:13 | path[0] | lib.js:15:3:15:14 | obj[path[0]] | provenance | Config | +| lib.js:20:7:20:25 | path | lib.js:22:7:22:10 | path | provenance | | +| lib.js:20:14:20:22 | arguments | lib.js:20:14:20:25 | arguments[1] | provenance | Config | +| lib.js:20:14:20:25 | arguments[1] | lib.js:20:7:20:25 | path | provenance | | +| lib.js:22:7:22:10 | path | lib.js:22:7:22:13 | path[0] | provenance | Config | +| lib.js:22:7:22:13 | path[0] | lib.js:22:3:22:14 | obj[path[0]] | provenance | Config | +| lib.js:25:44:25:47 | path | lib.js:26:14:26:17 | path | provenance | | +| lib.js:26:14:26:17 | path | lib.js:26:14:26:20 | path[0] | provenance | Config | +| lib.js:26:14:26:20 | path[0] | lib.js:26:10:26:21 | obj[path[0]] | provenance | Config | +| lib.js:30:9:30:52 | args | lib.js:32:14:32:17 | args | provenance | | +| lib.js:30:16:30:52 | Array.p ... uments) | lib.js:30:9:30:52 | args | provenance | | +| lib.js:30:16:30:52 | reflective call | lib.js:30:16:30:52 | Array.p ... uments) | provenance | | +| lib.js:30:43:30:51 | arguments | lib.js:30:16:30:52 | reflective call | provenance | Config | +| lib.js:32:7:32:20 | path | lib.js:34:7:34:10 | path | provenance | | +| lib.js:32:14:32:17 | args | lib.js:32:14:32:20 | args[1] | provenance | Config | +| lib.js:32:14:32:20 | args[1] | lib.js:32:7:32:20 | path | provenance | | +| lib.js:34:7:34:10 | path | lib.js:34:7:34:13 | path[0] | provenance | Config | +| lib.js:34:7:34:13 | path[0] | lib.js:34:3:34:14 | obj[path[0]] | provenance | Config | +| lib.js:38:9:38:36 | args | lib.js:40:14:40:17 | args | provenance | | +| lib.js:38:16:38:36 | Array.f ... uments) | lib.js:38:9:38:36 | args | provenance | | +| lib.js:38:27:38:35 | arguments | lib.js:38:16:38:36 | Array.f ... uments) | provenance | Config | +| lib.js:40:7:40:20 | path | lib.js:42:7:42:10 | path | provenance | | +| lib.js:40:14:40:17 | args | lib.js:40:14:40:20 | args[1] | provenance | Config | +| lib.js:40:14:40:20 | args[1] | lib.js:40:7:40:20 | path | provenance | | +| lib.js:42:7:42:10 | path | lib.js:42:7:42:13 | path[0] | provenance | Config | +| lib.js:42:7:42:13 | path[0] | lib.js:42:3:42:14 | obj[path[0]] | provenance | Config | +| lib.js:83:7:83:25 | path | lib.js:86:19:86:22 | path | provenance | | +| lib.js:83:14:83:22 | arguments | lib.js:83:14:83:25 | arguments[1] | provenance | Config | +| lib.js:83:14:83:25 | arguments[1] | lib.js:83:7:83:25 | path | provenance | | +| lib.js:86:7:86:26 | proto | lib.js:87:10:87:14 | proto | provenance | | +| lib.js:86:15:86:26 | obj[path[0]] | lib.js:86:7:86:26 | proto | provenance | | +| lib.js:86:19:86:22 | path | lib.js:86:19:86:25 | path[0] | provenance | Config | +| lib.js:86:19:86:25 | path[0] | lib.js:86:15:86:26 | obj[path[0]] | provenance | Config | +| lib.js:90:43:90:46 | path | lib.js:91:24:91:27 | path | provenance | | +| lib.js:91:7:91:28 | maybeProto | lib.js:92:3:92:12 | maybeProto | provenance | | +| lib.js:91:7:91:28 | maybeProto | lib.js:95:3:95:12 | maybeProto | provenance | | +| lib.js:91:20:91:28 | obj[path] | lib.js:91:7:91:28 | maybeProto | provenance | | +| lib.js:91:24:91:27 | path | lib.js:91:20:91:28 | obj[path] | provenance | Config | +| lib.js:104:7:104:24 | one | lib.js:108:7:108:9 | one | provenance | | +| lib.js:104:13:104:21 | arguments | lib.js:104:13:104:24 | arguments[1] | provenance | Config | +| lib.js:104:13:104:24 | arguments[1] | lib.js:104:7:104:24 | one | provenance | | +| lib.js:108:7:108:9 | one | lib.js:108:3:108:10 | obj[one] | provenance | Config | +| lib.js:118:29:118:32 | path | lib.js:119:17:119:20 | path | provenance | | +| lib.js:119:17:119:20 | path | lib.js:119:17:119:23 | path[0] | provenance | Config | +| lib.js:119:17:119:23 | path[0] | lib.js:119:13:119:24 | obj[path[0]] | provenance | Config | +| lib.js:127:14:127:17 | path | lib.js:128:13:128:16 | path | provenance | | +| lib.js:128:13:128:16 | path | lib.js:128:13:128:19 | path[0] | provenance | Config | +| lib.js:128:13:128:19 | path[0] | lib.js:128:9:128:20 | obj[path[0]] | provenance | Config | +| otherlib/src/otherlibimpl.js:1:37:1:40 | path | otherlib/src/otherlibimpl.js:2:7:2:10 | path | provenance | | +| otherlib/src/otherlibimpl.js:2:7:2:10 | path | otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | provenance | Config | +| otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | provenance | Config | +| sublib/other.js:5:28:5:31 | path | sublib/other.js:6:11:6:14 | path | provenance | | +| sublib/other.js:6:11:6:14 | path | sublib/other.js:6:11:6:17 | path[0] | provenance | Config | +| sublib/other.js:6:11:6:17 | path[0] | sublib/other.js:6:7:6:18 | obj[path[0]] | provenance | Config | +| sublib/sub.js:1:37:1:40 | path | sublib/sub.js:2:7:2:10 | path | provenance | | +| sublib/sub.js:2:7:2:10 | path | sublib/sub.js:2:7:2:13 | path[0] | provenance | Config | +| sublib/sub.js:2:7:2:13 | path[0] | sublib/sub.js:2:3:2:14 | obj[path[0]] | provenance | Config | +| tst.js:5:9:5:38 | taint | tst.js:8:12:8:16 | taint | provenance | | +| tst.js:5:9:5:38 | taint | tst.js:9:12:9:16 | taint | provenance | | +| tst.js:5:9:5:38 | taint | tst.js:12:25:12:29 | taint | provenance | | +| tst.js:5:9:5:38 | taint | tst.js:14:27:14:31 | taint | provenance | | +| tst.js:5:17:5:38 | String( ... y.data) | tst.js:5:9:5:38 | taint | provenance | | +| tst.js:5:24:5:37 | req.query.data | tst.js:5:17:5:38 | String( ... y.data) | provenance | Config | +| tst.js:8:12:8:16 | taint | tst.js:8:5:8:17 | object[taint] | provenance | Config | +| tst.js:9:12:9:16 | taint | tst.js:9:5:9:17 | object[taint] | provenance | Config | +| tst.js:12:18:12:30 | object[taint] | tst.js:33:23:33:25 | obj | provenance | | +| tst.js:12:25:12:29 | taint | tst.js:12:18:12:30 | object[taint] | provenance | Config | +| tst.js:14:27:14:31 | taint | tst.js:14:5:14:32 | unsafeG ... taint) | provenance | Config | +| tst.js:14:27:14:31 | taint | tst.js:55:29:55:32 | prop | provenance | | +| tst.js:33:23:33:25 | obj | tst.js:34:5:34:7 | obj | provenance | | +| tst.js:33:23:33:25 | obj | tst.js:39:9:39:11 | obj | provenance | | +| tst.js:33:23:33:25 | obj | tst.js:45:9:45:11 | obj | provenance | | +| tst.js:33:23:33:25 | obj | tst.js:48:9:48:11 | obj | provenance | | +| tst.js:55:29:55:32 | prop | tst.js:56:22:56:25 | prop | provenance | | +| tst.js:56:18:56:26 | obj[prop] | tst.js:56:12:56:33 | obj ? o ... : null | provenance | | +| tst.js:56:22:56:25 | prop | tst.js:56:18:56:26 | obj[prop] | provenance | Config | +| tst.js:77:9:77:38 | taint | tst.js:80:12:80:16 | taint | provenance | | +| tst.js:77:9:77:38 | taint | tst.js:82:17:82:21 | taint | provenance | | +| tst.js:77:9:77:38 | taint | tst.js:87:16:87:20 | taint | provenance | | +| tst.js:77:17:77:38 | String( ... y.data) | tst.js:77:9:77:38 | taint | provenance | | +| tst.js:77:24:77:37 | req.query.data | tst.js:77:17:77:38 | String( ... y.data) | provenance | Config | +| tst.js:80:12:80:16 | taint | tst.js:80:5:80:17 | object[taint] | provenance | Config | +| tst.js:82:12:82:21 | "" + taint | tst.js:82:5:82:22 | object["" + taint] | provenance | Config | +| tst.js:82:17:82:21 | taint | tst.js:82:12:82:21 | "" + taint | provenance | Config | +| tst.js:87:16:87:20 | taint | tst.js:87:9:87:21 | object[taint] | provenance | Config | +| tst.js:94:9:94:19 | req.query.x | tst.js:94:9:94:36 | req.que ... _', '') | provenance | Config | +| tst.js:94:9:94:36 | req.que ... _', '') | tst.js:94:5:94:37 | obj[req ... ', '')] | provenance | Config | +| tst.js:97:9:97:19 | req.query.x | tst.js:97:9:97:45 | req.que ... /g, '') | provenance | Config | +| tst.js:97:9:97:45 | req.que ... /g, '') | tst.js:97:5:97:46 | obj[req ... g, '')] | provenance | Config | +| tst.js:102:9:102:38 | taint | tst.js:105:12:105:16 | taint | provenance | | +| tst.js:102:17:102:38 | String( ... y.data) | tst.js:102:9:102:38 | taint | provenance | | +| tst.js:102:24:102:37 | req.query.data | tst.js:102:17:102:38 | String( ... y.data) | provenance | Config | +| tst.js:105:12:105:16 | taint | tst.js:105:5:105:17 | object[taint] | provenance | Config | nodes | lib.js:1:38:1:40 | obj | semmle.label | obj | | lib.js:1:43:1:46 | path | semmle.label | path | diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected index 185775d7dac4..1c21a6995335 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected @@ -642,65 +642,65 @@ edges | examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | provenance | | | examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | provenance | | | examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | provenance | | -| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | provenance | | +| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | provenance | Config | | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | provenance | | -| examples/PrototypePollutingFunction.js:5:23:5:25 | key | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | provenance | | -| examples/PrototypePollutingFunction.js:5:29:5:31 | src | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | provenance | | +| examples/PrototypePollutingFunction.js:5:23:5:25 | key | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | provenance | Config | +| examples/PrototypePollutingFunction.js:5:29:5:31 | src | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | provenance | Config | | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | provenance | | -| examples/PrototypePollutingFunction.js:5:33:5:35 | key | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | provenance | | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | provenance | | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | provenance | | +| examples/PrototypePollutingFunction.js:5:33:5:35 | key | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | provenance | Config | +| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | provenance | Config | +| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | provenance | Config | | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | provenance | | | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | provenance | | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | provenance | | +| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | provenance | Config | | examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | provenance | | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | provenance | | +| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | provenance | Config | | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | provenance | | | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | provenance | | | examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | provenance | | | examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | provenance | | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | provenance | | +| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | provenance | Config | | examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | provenance | | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | provenance | | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | provenance | | +| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | provenance | Config | +| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | provenance | Config | | path-assignment.js:8:13:8:25 | key | path-assignment.js:13:29:13:31 | key | provenance | | | path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | provenance | | | path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | provenance | | | path-assignment.js:13:13:13:32 | target | path-assignment.js:13:22:13:27 | target | provenance | | | path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | provenance | | -| path-assignment.js:13:22:13:27 | target | path-assignment.js:13:22:13:32 | target[key] | provenance | | +| path-assignment.js:13:22:13:27 | target | path-assignment.js:13:22:13:32 | target[key] | provenance | Config | | path-assignment.js:13:22:13:32 | target[key] | path-assignment.js:13:13:13:32 | target | provenance | | -| path-assignment.js:13:29:13:31 | key | path-assignment.js:13:22:13:32 | target[key] | provenance | | +| path-assignment.js:13:29:13:31 | key | path-assignment.js:13:22:13:32 | target[key] | provenance | Config | | path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | provenance | | | path-assignment.js:41:13:41:25 | key | path-assignment.js:42:39:42:41 | key | provenance | | | path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | provenance | | | path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | provenance | | | path-assignment.js:42:9:42:48 | target | path-assignment.js:42:32:42:37 | target | provenance | | | path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | provenance | | -| path-assignment.js:42:32:42:37 | target | path-assignment.js:42:32:42:42 | target[key] | provenance | | +| path-assignment.js:42:32:42:37 | target | path-assignment.js:42:32:42:42 | target[key] | provenance | Config | | path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:9:42:48 | target | provenance | | | path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | provenance | | -| path-assignment.js:42:39:42:41 | key | path-assignment.js:42:32:42:42 | target[key] | provenance | | +| path-assignment.js:42:39:42:41 | key | path-assignment.js:42:32:42:42 | target[key] | provenance | Config | | path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | provenance | | | path-assignment.js:58:13:58:25 | key | path-assignment.js:59:39:59:41 | key | provenance | | | path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | provenance | | | path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | provenance | | | path-assignment.js:59:9:59:48 | target | path-assignment.js:59:32:59:37 | target | provenance | | | path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | provenance | | -| path-assignment.js:59:32:59:37 | target | path-assignment.js:59:32:59:42 | target[key] | provenance | | +| path-assignment.js:59:32:59:37 | target | path-assignment.js:59:32:59:42 | target[key] | provenance | Config | | path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:9:59:48 | target | provenance | | | path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | provenance | | -| path-assignment.js:59:39:59:41 | key | path-assignment.js:59:32:59:42 | target[key] | provenance | | +| path-assignment.js:59:39:59:41 | key | path-assignment.js:59:32:59:42 | target[key] | provenance | Config | | path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | provenance | | | path-assignment.js:68:13:68:25 | key | path-assignment.js:69:39:69:41 | key | provenance | | | path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | provenance | | | path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | provenance | | | path-assignment.js:69:9:69:48 | target | path-assignment.js:69:32:69:37 | target | provenance | | | path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | provenance | | -| path-assignment.js:69:32:69:37 | target | path-assignment.js:69:32:69:42 | target[key] | provenance | | +| path-assignment.js:69:32:69:37 | target | path-assignment.js:69:32:69:42 | target[key] | provenance | Config | | path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:9:69:48 | target | provenance | | | path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | provenance | | -| path-assignment.js:69:39:69:41 | key | path-assignment.js:69:32:69:42 | target[key] | provenance | | +| path-assignment.js:69:39:69:41 | key | path-assignment.js:69:32:69:42 | target[key] | provenance | Config | | tests.js:3:25:3:27 | dst | tests.js:6:28:6:30 | dst | provenance | | | tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | provenance | | | tests.js:3:30:3:32 | src | tests.js:6:38:6:40 | src | provenance | | @@ -709,14 +709,14 @@ edges | tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | provenance | | | tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | provenance | | | tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | provenance | | -| tests.js:6:28:6:30 | dst | tests.js:6:28:6:35 | dst[key] | provenance | | +| tests.js:6:28:6:30 | dst | tests.js:6:28:6:35 | dst[key] | provenance | Config | | tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | provenance | | -| tests.js:6:32:6:34 | key | tests.js:6:28:6:35 | dst[key] | provenance | | -| tests.js:6:38:6:40 | src | tests.js:6:38:6:45 | src[key] | provenance | | +| tests.js:6:32:6:34 | key | tests.js:6:28:6:35 | dst[key] | provenance | Config | +| tests.js:6:38:6:40 | src | tests.js:6:38:6:45 | src[key] | provenance | Config | | tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | provenance | | -| tests.js:6:42:6:44 | key | tests.js:6:38:6:45 | src[key] | provenance | | -| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | provenance | | -| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | provenance | | +| tests.js:6:42:6:44 | key | tests.js:6:38:6:45 | src[key] | provenance | Config | +| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | provenance | Config | +| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | provenance | Config | | tests.js:13:24:13:26 | dst | tests.js:16:27:16:29 | dst | provenance | | | tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | provenance | | | tests.js:13:29:13:31 | src | tests.js:14:17:14:19 | src | provenance | | @@ -726,20 +726,20 @@ edges | tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | provenance | | | tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | provenance | | | tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | provenance | | -| tests.js:16:27:16:29 | dst | tests.js:16:27:16:34 | dst[key] | provenance | | +| tests.js:16:27:16:29 | dst | tests.js:16:27:16:34 | dst[key] | provenance | Config | | tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | provenance | | -| tests.js:16:31:16:33 | key | tests.js:16:27:16:34 | dst[key] | provenance | | -| tests.js:16:37:16:39 | src | tests.js:16:37:16:44 | src[key] | provenance | | +| tests.js:16:31:16:33 | key | tests.js:16:27:16:34 | dst[key] | provenance | Config | +| tests.js:16:37:16:39 | src | tests.js:16:37:16:44 | src[key] | provenance | Config | | tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | provenance | | -| tests.js:16:41:16:43 | key | tests.js:16:37:16:44 | src[key] | provenance | | -| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | provenance | | -| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | provenance | | +| tests.js:16:41:16:43 | key | tests.js:16:37:16:44 | src[key] | provenance | Config | +| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | provenance | Config | +| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | provenance | Config | | tests.js:23:19:23:21 | dst | tests.js:26:25:26:27 | dst | provenance | | | tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | provenance | | | tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | provenance | | | tests.js:26:25:26:27 | dst | tests.js:31:22:31:24 | dst | provenance | | | tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | provenance | | -| tests.js:26:37:26:39 | key | tests.js:26:30:26:40 | source[key] | provenance | | +| tests.js:26:37:26:39 | key | tests.js:26:30:26:40 | source[key] | provenance | Config | | tests.js:26:43:26:45 | key | tests.js:31:34:31:36 | key | provenance | | | tests.js:31:22:31:24 | dst | tests.js:32:20:32:22 | dst | provenance | | | tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | provenance | | @@ -747,9 +747,9 @@ edges | tests.js:31:34:31:36 | key | tests.js:32:24:32:26 | key | provenance | | | tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | provenance | | | tests.js:32:9:32:27 | dstValue | tests.js:34:18:34:25 | dstValue | provenance | | -| tests.js:32:20:32:22 | dst | tests.js:32:20:32:27 | dst[key] | provenance | | +| tests.js:32:20:32:22 | dst | tests.js:32:20:32:27 | dst[key] | provenance | Config | | tests.js:32:20:32:27 | dst[key] | tests.js:32:9:32:27 | dstValue | provenance | | -| tests.js:32:24:32:26 | key | tests.js:32:20:32:27 | dst[key] | provenance | | +| tests.js:32:24:32:26 | key | tests.js:32:20:32:27 | dst[key] | provenance | Config | | tests.js:34:18:34:25 | dstValue | tests.js:23:19:23:21 | dst | provenance | | | tests.js:40:27:40:29 | dst | tests.js:44:30:44:32 | dst | provenance | | | tests.js:40:27:40:29 | dst | tests.js:46:13:46:15 | dst | provenance | | @@ -759,14 +759,14 @@ edges | tests.js:41:14:41:16 | key | tests.js:44:44:44:46 | key | provenance | | | tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | provenance | | | tests.js:41:14:41:16 | key | tests.js:46:28:46:30 | key | provenance | | -| tests.js:44:30:44:32 | dst | tests.js:44:30:44:37 | dst[key] | provenance | | +| tests.js:44:30:44:32 | dst | tests.js:44:30:44:37 | dst[key] | provenance | Config | | tests.js:44:30:44:37 | dst[key] | tests.js:40:27:40:29 | dst | provenance | | -| tests.js:44:34:44:36 | key | tests.js:44:30:44:37 | dst[key] | provenance | | -| tests.js:44:40:44:42 | src | tests.js:44:40:44:47 | src[key] | provenance | | +| tests.js:44:34:44:36 | key | tests.js:44:30:44:37 | dst[key] | provenance | Config | +| tests.js:44:40:44:42 | src | tests.js:44:40:44:47 | src[key] | provenance | Config | | tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | provenance | | -| tests.js:44:44:44:46 | key | tests.js:44:40:44:47 | src[key] | provenance | | -| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | provenance | | -| tests.js:46:28:46:30 | key | tests.js:46:24:46:31 | src[key] | provenance | | +| tests.js:44:44:44:46 | key | tests.js:44:40:44:47 | src[key] | provenance | Config | +| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | provenance | Config | +| tests.js:46:28:46:30 | key | tests.js:46:24:46:31 | src[key] | provenance | Config | | tests.js:51:26:51:28 | dst | tests.js:55:29:55:31 | dst | provenance | | | tests.js:51:26:51:28 | dst | tests.js:57:13:57:15 | dst | provenance | | | tests.js:51:31:51:33 | src | tests.js:55:39:55:41 | src | provenance | | @@ -775,32 +775,32 @@ edges | tests.js:52:14:52:16 | key | tests.js:55:43:55:45 | key | provenance | | | tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | provenance | | | tests.js:52:14:52:16 | key | tests.js:57:28:57:30 | key | provenance | | -| tests.js:55:29:55:31 | dst | tests.js:55:29:55:36 | dst[key] | provenance | | +| tests.js:55:29:55:31 | dst | tests.js:55:29:55:36 | dst[key] | provenance | Config | | tests.js:55:29:55:36 | dst[key] | tests.js:51:26:51:28 | dst | provenance | | -| tests.js:55:33:55:35 | key | tests.js:55:29:55:36 | dst[key] | provenance | | -| tests.js:55:39:55:41 | src | tests.js:55:39:55:46 | src[key] | provenance | | +| tests.js:55:33:55:35 | key | tests.js:55:29:55:36 | dst[key] | provenance | Config | +| tests.js:55:39:55:41 | src | tests.js:55:39:55:46 | src[key] | provenance | Config | | tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | provenance | | -| tests.js:55:43:55:45 | key | tests.js:55:39:55:46 | src[key] | provenance | | -| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | provenance | | -| tests.js:57:28:57:30 | key | tests.js:57:24:57:31 | src[key] | provenance | | +| tests.js:55:43:55:45 | key | tests.js:55:39:55:46 | src[key] | provenance | Config | +| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | provenance | Config | +| tests.js:57:28:57:30 | key | tests.js:57:24:57:31 | src[key] | provenance | Config | | tests.js:62:33:62:35 | src | tests.js:66:41:66:43 | src | provenance | | | tests.js:62:33:62:35 | src | tests.js:68:24:68:26 | src | provenance | | -| tests.js:66:41:66:43 | src | tests.js:66:41:66:48 | src[key] | provenance | | +| tests.js:66:41:66:43 | src | tests.js:66:41:66:48 | src[key] | provenance | Config | | tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | provenance | | -| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | provenance | | +| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | provenance | Config | | tests.js:77:27:77:29 | src | tests.js:81:39:81:41 | src | provenance | | | tests.js:77:27:77:29 | src | tests.js:83:28:83:30 | src | provenance | | -| tests.js:81:39:81:41 | src | tests.js:81:39:81:46 | src[key] | provenance | | +| tests.js:81:39:81:41 | src | tests.js:81:39:81:46 | src[key] | provenance | Config | | tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | provenance | | -| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | provenance | | +| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | provenance | Config | | tests.js:89:34:89:36 | src | tests.js:94:42:94:44 | src | provenance | | | tests.js:89:34:89:36 | src | tests.js:96:24:96:26 | src | provenance | | | tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | provenance | | | tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | provenance | | -| tests.js:94:42:94:44 | src | tests.js:94:42:94:49 | src[key] | provenance | | +| tests.js:94:42:94:44 | src | tests.js:94:42:94:49 | src[key] | provenance | Config | | tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | provenance | | -| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | provenance | | -| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | provenance | | +| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | provenance | Config | +| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | provenance | Config | | tests.js:101:32:101:34 | dst | tests.js:107:35:107:37 | dst | provenance | | | tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | provenance | | | tests.js:101:37:101:39 | src | tests.js:107:45:107:47 | src | provenance | | @@ -809,22 +809,22 @@ edges | tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | provenance | | | tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | provenance | | | tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | provenance | | -| tests.js:107:35:107:37 | dst | tests.js:107:35:107:42 | dst[key] | provenance | | +| tests.js:107:35:107:37 | dst | tests.js:107:35:107:42 | dst[key] | provenance | Config | | tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | provenance | | -| tests.js:107:39:107:41 | key | tests.js:107:35:107:42 | dst[key] | provenance | | -| tests.js:107:45:107:47 | src | tests.js:107:45:107:52 | src[key] | provenance | | +| tests.js:107:39:107:41 | key | tests.js:107:35:107:42 | dst[key] | provenance | Config | +| tests.js:107:45:107:47 | src | tests.js:107:45:107:52 | src[key] | provenance | Config | | tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | provenance | | -| tests.js:107:49:107:51 | key | tests.js:107:45:107:52 | src[key] | provenance | | -| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | provenance | | -| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | provenance | | +| tests.js:107:49:107:51 | key | tests.js:107:45:107:52 | src[key] | provenance | Config | +| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | provenance | Config | +| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | provenance | Config | | tests.js:116:41:116:43 | src | tests.js:119:49:119:51 | src | provenance | | | tests.js:116:41:116:43 | src | tests.js:121:24:121:26 | src | provenance | | | tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | provenance | | | tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | provenance | | -| tests.js:119:49:119:51 | src | tests.js:119:49:119:56 | src[key] | provenance | | +| tests.js:119:49:119:51 | src | tests.js:119:49:119:56 | src[key] | provenance | Config | | tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | provenance | | -| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | provenance | | -| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | provenance | | +| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | provenance | Config | +| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | provenance | Config | | tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | provenance | | | tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | provenance | | | tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | provenance | | @@ -835,8 +835,8 @@ edges | tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | provenance | | | tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | provenance | | | tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | provenance | | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | provenance | | -| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | provenance | | +| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | provenance | Config | +| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | provenance | Config | | tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | provenance | | | tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | provenance | | | tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | provenance | | @@ -845,27 +845,27 @@ edges | tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | provenance | | | tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | provenance | | | tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | provenance | | -| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | provenance | | +| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | provenance | Config | | tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | provenance | | -| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | provenance | | -| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | provenance | | +| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | provenance | Config | +| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | provenance | Config | | tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | provenance | | -| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | provenance | | +| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | provenance | Config | | tests.js:165:37:165:39 | src | tests.js:169:45:169:47 | src | provenance | | | tests.js:165:37:165:39 | src | tests.js:171:24:171:26 | src | provenance | | | tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | provenance | | | tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | provenance | | | tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | provenance | | -| tests.js:169:45:169:47 | src | tests.js:169:45:169:52 | src[key] | provenance | | +| tests.js:169:45:169:47 | src | tests.js:169:45:169:52 | src[key] | provenance | Config | | tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | provenance | | -| tests.js:169:49:169:51 | key | tests.js:169:45:169:52 | src[key] | provenance | | -| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | provenance | | -| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | provenance | | +| tests.js:169:49:169:51 | key | tests.js:169:45:169:52 | src[key] | provenance | Config | +| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | provenance | Config | +| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | provenance | Config | | tests.js:178:33:178:35 | src | tests.js:182:41:182:43 | src | provenance | | | tests.js:178:33:178:35 | src | tests.js:184:24:184:26 | src | provenance | | -| tests.js:182:41:182:43 | src | tests.js:182:41:182:48 | src[key] | provenance | | +| tests.js:182:41:182:43 | src | tests.js:182:41:182:48 | src[key] | provenance | Config | | tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | provenance | | -| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | provenance | | +| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | provenance | Config | | tests.js:189:32:189:34 | dst | tests.js:194:35:194:37 | dst | provenance | | | tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | provenance | | | tests.js:189:37:189:39 | src | tests.js:194:45:194:47 | src | provenance | | @@ -875,54 +875,54 @@ edges | tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | provenance | | | tests.js:192:13:192:25 | key | tests.js:196:28:196:30 | key | provenance | | | tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | provenance | | -| tests.js:194:35:194:37 | dst | tests.js:194:35:194:42 | dst[key] | provenance | | +| tests.js:194:35:194:37 | dst | tests.js:194:35:194:42 | dst[key] | provenance | Config | | tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | provenance | | -| tests.js:194:39:194:41 | key | tests.js:194:35:194:42 | dst[key] | provenance | | -| tests.js:194:45:194:47 | src | tests.js:194:45:194:52 | src[key] | provenance | | +| tests.js:194:39:194:41 | key | tests.js:194:35:194:42 | dst[key] | provenance | Config | +| tests.js:194:45:194:47 | src | tests.js:194:45:194:52 | src[key] | provenance | Config | | tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | provenance | | -| tests.js:194:49:194:51 | key | tests.js:194:45:194:52 | src[key] | provenance | | -| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | provenance | | -| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | provenance | | +| tests.js:194:49:194:51 | key | tests.js:194:45:194:52 | src[key] | provenance | Config | +| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | provenance | Config | +| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | provenance | Config | | tests.js:201:39:201:41 | dst | tests.js:206:42:206:44 | dst | provenance | | | tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | provenance | | | tests.js:201:44:201:46 | src | tests.js:206:56:206:58 | src | provenance | | | tests.js:201:44:201:46 | src | tests.js:208:28:208:30 | src | provenance | | -| tests.js:206:42:206:44 | dst | tests.js:206:42:206:53 | dst[keys[i]] | provenance | | +| tests.js:206:42:206:44 | dst | tests.js:206:42:206:53 | dst[keys[i]] | provenance | Config | | tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | provenance | | -| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | provenance | | -| tests.js:206:56:206:58 | src | tests.js:206:56:206:67 | src[keys[i]] | provenance | | +| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | provenance | Config | +| tests.js:206:56:206:58 | src | tests.js:206:56:206:67 | src[keys[i]] | provenance | Config | | tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | provenance | | -| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | provenance | | -| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | provenance | | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | provenance | | +| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | provenance | Config | +| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | provenance | Config | +| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | provenance | Config | | tests.js:213:23:213:26 | key1 | tests.js:217:9:217:12 | key1 | provenance | | | tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | provenance | | | tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | provenance | | -| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | provenance | | +| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | provenance | Config | | tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | provenance | | | tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | provenance | | | tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | provenance | | | tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | provenance | | | tests.js:224:23:224:25 | key | tests.js:213:23:213:26 | key1 | provenance | | | tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | provenance | | -| tests.js:224:38:224:40 | key | tests.js:224:33:224:41 | data[key] | provenance | | +| tests.js:224:38:224:40 | key | tests.js:224:33:224:41 | data[key] | provenance | Config | | tests.js:225:28:225:30 | key | tests.js:213:29:213:32 | key2 | provenance | | | tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | provenance | | -| tests.js:225:38:225:40 | key | tests.js:225:33:225:41 | data[key] | provenance | | +| tests.js:225:38:225:40 | key | tests.js:225:33:225:41 | data[key] | provenance | Config | | tests.js:229:26:229:29 | key1 | tests.js:233:9:233:12 | key1 | provenance | | | tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | provenance | | | tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | provenance | | -| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | provenance | | +| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | provenance | Config | | tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | provenance | | | tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | provenance | | | tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | provenance | | | tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | provenance | | | tests.js:239:24:239:26 | key | tests.js:229:26:229:29 | key1 | provenance | | | tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | provenance | | -| tests.js:239:39:239:41 | key | tests.js:239:34:239:42 | data[key] | provenance | | +| tests.js:239:39:239:41 | key | tests.js:239:34:239:42 | data[key] | provenance | Config | | tests.js:240:31:240:33 | key | tests.js:229:32:229:35 | key2 | provenance | | | tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | provenance | | -| tests.js:240:41:240:43 | key | tests.js:240:36:240:44 | data[key] | provenance | | +| tests.js:240:41:240:43 | key | tests.js:240:36:240:44 | data[key] | provenance | Config | | tests.js:263:27:263:29 | dst | tests.js:268:30:268:32 | dst | provenance | | | tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | provenance | | | tests.js:265:13:265:26 | key | tests.js:268:34:268:36 | key | provenance | | @@ -930,9 +930,9 @@ edges | tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | provenance | | | tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | provenance | | | tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | provenance | | -| tests.js:268:30:268:32 | dst | tests.js:268:30:268:37 | dst[key] | provenance | | +| tests.js:268:30:268:32 | dst | tests.js:268:30:268:37 | dst[key] | provenance | Config | | tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | provenance | | -| tests.js:268:34:268:36 | key | tests.js:268:30:268:37 | dst[key] | provenance | | +| tests.js:268:34:268:36 | key | tests.js:268:30:268:37 | dst[key] | provenance | Config | | tests.js:275:27:275:29 | dst | tests.js:278:30:278:32 | dst | provenance | | | tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | provenance | | | tests.js:275:32:275:34 | src | tests.js:276:21:276:23 | src | provenance | | @@ -942,14 +942,14 @@ edges | tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | provenance | | | tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | provenance | | | tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | provenance | | -| tests.js:278:30:278:32 | dst | tests.js:278:30:278:37 | dst[key] | provenance | | +| tests.js:278:30:278:32 | dst | tests.js:278:30:278:37 | dst[key] | provenance | Config | | tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | provenance | | -| tests.js:278:34:278:36 | key | tests.js:278:30:278:37 | dst[key] | provenance | | -| tests.js:278:40:278:42 | src | tests.js:278:40:278:47 | src[key] | provenance | | +| tests.js:278:34:278:36 | key | tests.js:278:30:278:37 | dst[key] | provenance | Config | +| tests.js:278:40:278:42 | src | tests.js:278:40:278:47 | src[key] | provenance | Config | | tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | provenance | | -| tests.js:278:44:278:46 | key | tests.js:278:40:278:47 | src[key] | provenance | | -| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | provenance | | -| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | provenance | | +| tests.js:278:44:278:46 | key | tests.js:278:40:278:47 | src[key] | provenance | Config | +| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | provenance | Config | +| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | provenance | Config | | tests.js:301:27:301:29 | dst | tests.js:306:34:306:36 | dst | provenance | | | tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | provenance | | | tests.js:301:32:301:34 | src | tests.js:304:25:304:27 | src | provenance | | @@ -961,15 +961,15 @@ edges | tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | provenance | | | tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | provenance | | | tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | provenance | | -| tests.js:304:25:304:27 | src | tests.js:304:25:304:32 | src[key] | provenance | | +| tests.js:304:25:304:27 | src | tests.js:304:25:304:32 | src[key] | provenance | Config | | tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | provenance | | | tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | provenance | | | tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | provenance | | -| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | provenance | | -| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | provenance | | -| tests.js:306:34:306:36 | dst | tests.js:306:34:306:41 | dst[key] | provenance | | +| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | provenance | Config | +| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | provenance | Config | +| tests.js:306:34:306:36 | dst | tests.js:306:34:306:41 | dst[key] | provenance | Config | | tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | provenance | | -| tests.js:306:38:306:40 | key | tests.js:306:34:306:41 | dst[key] | provenance | | +| tests.js:306:38:306:40 | key | tests.js:306:34:306:41 | dst[key] | provenance | Config | | tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | provenance | | | tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | provenance | | | tests.js:314:31:314:33 | dst | tests.js:320:38:320:40 | dst | provenance | | @@ -983,15 +983,15 @@ edges | tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | provenance | | | tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | provenance | | | tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | provenance | | -| tests.js:318:25:318:27 | src | tests.js:318:25:318:32 | src[key] | provenance | | +| tests.js:318:25:318:27 | src | tests.js:318:25:318:32 | src[key] | provenance | Config | | tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | provenance | | | tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | provenance | | | tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | provenance | | -| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | provenance | | -| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | provenance | | -| tests.js:320:38:320:40 | dst | tests.js:320:38:320:45 | dst[key] | provenance | | +| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | provenance | Config | +| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | provenance | Config | +| tests.js:320:38:320:40 | dst | tests.js:320:38:320:45 | dst[key] | provenance | Config | | tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | provenance | | -| tests.js:320:42:320:44 | key | tests.js:320:38:320:45 | dst[key] | provenance | | +| tests.js:320:42:320:44 | key | tests.js:320:38:320:45 | dst[key] | provenance | Config | | tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | provenance | | | tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | provenance | | | tests.js:328:25:328:27 | dst | tests.js:336:32:336:34 | dst | provenance | | @@ -1002,14 +1002,14 @@ edges | tests.js:329:14:329:16 | key | tests.js:336:46:336:48 | key | provenance | | | tests.js:329:14:329:16 | key | tests.js:338:21:338:23 | key | provenance | | | tests.js:329:14:329:16 | key | tests.js:338:32:338:34 | key | provenance | | -| tests.js:336:32:336:34 | dst | tests.js:336:32:336:39 | dst[key] | provenance | | +| tests.js:336:32:336:34 | dst | tests.js:336:32:336:39 | dst[key] | provenance | Config | | tests.js:336:32:336:39 | dst[key] | tests.js:328:25:328:27 | dst | provenance | | -| tests.js:336:36:336:38 | key | tests.js:336:32:336:39 | dst[key] | provenance | | -| tests.js:336:42:336:44 | src | tests.js:336:42:336:49 | src[key] | provenance | | +| tests.js:336:36:336:38 | key | tests.js:336:32:336:39 | dst[key] | provenance | Config | +| tests.js:336:42:336:44 | src | tests.js:336:42:336:49 | src[key] | provenance | Config | | tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | provenance | | -| tests.js:336:46:336:48 | key | tests.js:336:42:336:49 | src[key] | provenance | | -| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | provenance | | -| tests.js:338:32:338:34 | key | tests.js:338:28:338:35 | src[key] | provenance | | +| tests.js:336:46:336:48 | key | tests.js:336:42:336:49 | src[key] | provenance | Config | +| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | provenance | Config | +| tests.js:338:32:338:34 | key | tests.js:338:28:338:35 | src[key] | provenance | Config | | tests.js:348:32:348:37 | target | tests.js:349:26:349:31 | target | provenance | | | tests.js:348:32:348:37 | target | tests.js:361:12:361:17 | target | provenance | | | tests.js:348:40:348:45 | source | tests.js:349:54:349:59 | source | provenance | | @@ -1025,14 +1025,14 @@ edges | tests.js:350:37:350:39 | key | tests.js:355:60:355:62 | key | provenance | | | tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | provenance | | | tests.js:350:37:350:39 | key | tests.js:357:38:357:40 | key | provenance | | -| tests.js:355:53:355:58 | target | tests.js:355:53:355:63 | target[key] | provenance | | +| tests.js:355:53:355:58 | target | tests.js:355:53:355:63 | target[key] | provenance | Config | | tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | provenance | | | tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | provenance | | -| tests.js:355:60:355:62 | key | tests.js:355:53:355:63 | target[key] | provenance | | -| tests.js:355:66:355:71 | source | tests.js:355:66:355:76 | source[key] | provenance | | +| tests.js:355:60:355:62 | key | tests.js:355:53:355:63 | target[key] | provenance | Config | +| tests.js:355:66:355:71 | source | tests.js:355:66:355:76 | source[key] | provenance | Config | | tests.js:355:66:355:76 | source[key] | tests.js:348:40:348:45 | source | provenance | | -| tests.js:357:31:357:36 | source | tests.js:357:31:357:41 | source[key] | provenance | | -| tests.js:357:38:357:40 | key | tests.js:357:31:357:41 | source[key] | provenance | | +| tests.js:357:31:357:36 | source | tests.js:357:31:357:41 | source[key] | provenance | Config | +| tests.js:357:38:357:40 | key | tests.js:357:31:357:41 | source[key] | provenance | Config | | tests.js:364:41:364:46 | target | tests.js:377:12:377:17 | target | provenance | | | tests.js:364:49:364:54 | source | tests.js:371:75:371:80 | source | provenance | | | tests.js:364:49:364:54 | source | tests.js:373:31:373:36 | source | provenance | | @@ -1042,11 +1042,11 @@ edges | tests.js:366:18:366:20 | key | tests.js:373:38:373:40 | key | provenance | | | tests.js:371:62:371:72 | target[key] | tests.js:364:41:364:46 | target | provenance | | | tests.js:371:62:371:72 | target[key] | tests.js:371:31:371:95 | mergePl ... ptions) | provenance | | -| tests.js:371:69:371:71 | key | tests.js:371:62:371:72 | target[key] | provenance | | -| tests.js:371:75:371:80 | source | tests.js:371:75:371:85 | source[key] | provenance | | +| tests.js:371:69:371:71 | key | tests.js:371:62:371:72 | target[key] | provenance | Config | +| tests.js:371:75:371:80 | source | tests.js:371:75:371:85 | source[key] | provenance | Config | | tests.js:371:75:371:85 | source[key] | tests.js:364:49:364:54 | source | provenance | | -| tests.js:373:31:373:36 | source | tests.js:373:31:373:41 | source[key] | provenance | | -| tests.js:373:38:373:40 | key | tests.js:373:31:373:41 | source[key] | provenance | | +| tests.js:373:31:373:36 | source | tests.js:373:31:373:41 | source[key] | provenance | Config | +| tests.js:373:38:373:40 | key | tests.js:373:31:373:41 | source[key] | provenance | Config | | tests.js:380:22:380:24 | obj | tests.js:383:27:383:29 | obj | provenance | | | tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | provenance | | | tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | provenance | | @@ -1067,9 +1067,9 @@ edges | tests.js:383:13:383:20 | callback [src] | tests.js:393:24:393:26 | src | provenance | | | tests.js:383:22:383:24 | key | tests.js:389:22:389:24 | key | provenance | | | tests.js:383:22:383:24 | key | tests.js:399:23:399:25 | key | provenance | | -| tests.js:383:27:383:29 | obj | tests.js:383:27:383:34 | obj[key] | provenance | | +| tests.js:383:27:383:29 | obj | tests.js:383:27:383:34 | obj[key] | provenance | Config | | tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | provenance | | -| tests.js:383:31:383:33 | key | tests.js:383:27:383:34 | obj[key] | provenance | | +| tests.js:383:31:383:33 | key | tests.js:383:27:383:34 | obj[key] | provenance | Config | | tests.js:388:29:388:31 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | | tests.js:388:29:388:31 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | | tests.js:388:29:388:31 | dst | tests.js:391:32:391:34 | dst | provenance | | @@ -1084,17 +1084,17 @@ edges | tests.js:389:22:389:24 | key | tests.js:391:46:391:48 | key | provenance | | | tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | provenance | | | tests.js:389:22:389:24 | key | tests.js:393:28:393:30 | key | provenance | | -| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | provenance | | -| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | provenance | | +| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | provenance | Config | +| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | provenance | Config | | tests.js:391:32:391:39 | dst[key] | tests.js:388:29:388:31 | dst | provenance | | | tests.js:391:32:391:39 | dst[key] | tests.js:388:29:388:31 | dst | provenance | | -| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | provenance | | -| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | provenance | | -| tests.js:391:42:391:44 | src | tests.js:391:42:391:49 | src[key] | provenance | | +| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | provenance | Config | +| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | provenance | Config | +| tests.js:391:42:391:44 | src | tests.js:391:42:391:49 | src[key] | provenance | Config | | tests.js:391:42:391:49 | src[key] | tests.js:388:34:388:36 | src | provenance | | -| tests.js:391:46:391:48 | key | tests.js:391:42:391:49 | src[key] | provenance | | -| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | provenance | | -| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | provenance | | +| tests.js:391:46:391:48 | key | tests.js:391:42:391:49 | src[key] | provenance | Config | +| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | provenance | Config | +| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | provenance | Config | | tests.js:398:30:398:32 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | | tests.js:398:30:398:32 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | | tests.js:398:30:398:32 | dst | tests.js:401:33:401:35 | dst | provenance | | @@ -1107,17 +1107,17 @@ edges | tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | provenance | | | tests.js:399:28:399:32 | value | tests.js:401:43:401:47 | value | provenance | | | tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | provenance | | -| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | provenance | | -| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | provenance | | +| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | provenance | Config | +| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | provenance | Config | | tests.js:401:33:401:40 | dst[key] | tests.js:398:30:398:32 | dst | provenance | | | tests.js:401:33:401:40 | dst[key] | tests.js:398:30:398:32 | dst | provenance | | -| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | provenance | | -| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | provenance | | +| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | provenance | Config | +| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | provenance | Config | | tests.js:401:43:401:47 | value | tests.js:398:35:398:37 | src | provenance | | | tests.js:408:22:408:24 | obj | tests.js:409:12:409:14 | obj | provenance | | | tests.js:408:27:408:29 | key | tests.js:409:16:409:18 | key | provenance | | -| tests.js:409:12:409:14 | obj | tests.js:409:12:409:19 | obj[key] | provenance | | -| tests.js:409:16:409:18 | key | tests.js:409:12:409:19 | obj[key] | provenance | | +| tests.js:409:12:409:14 | obj | tests.js:409:12:409:19 | obj[key] | provenance | Config | +| tests.js:409:16:409:18 | key | tests.js:409:12:409:19 | obj[key] | provenance | Config | | tests.js:412:31:412:33 | dst | tests.js:415:34:415:36 | dst | provenance | | | tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | provenance | | | tests.js:412:36:412:38 | src | tests.js:414:33:414:35 | src | provenance | | @@ -1128,21 +1128,21 @@ edges | tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | provenance | | | tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | provenance | | | tests.js:414:33:414:35 | src | tests.js:408:22:408:24 | obj | provenance | | -| tests.js:414:33:414:35 | src | tests.js:414:21:414:41 | wrapped ... c, key) | provenance | | +| tests.js:414:33:414:35 | src | tests.js:414:21:414:41 | wrapped ... c, key) | provenance | Config | | tests.js:414:38:414:40 | key | tests.js:408:27:408:29 | key | provenance | | -| tests.js:414:38:414:40 | key | tests.js:414:21:414:41 | wrapped ... c, key) | provenance | | +| tests.js:414:38:414:40 | key | tests.js:414:21:414:41 | wrapped ... c, key) | provenance | Config | | tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | provenance | | | tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | provenance | | | tests.js:415:34:415:36 | dst | tests.js:408:22:408:24 | obj | provenance | | -| tests.js:415:34:415:36 | dst | tests.js:415:22:415:42 | wrapped ... t, key) | provenance | | +| tests.js:415:34:415:36 | dst | tests.js:415:22:415:42 | wrapped ... t, key) | provenance | Config | | tests.js:415:39:415:41 | key | tests.js:408:27:408:29 | key | provenance | | -| tests.js:415:39:415:41 | key | tests.js:415:22:415:42 | wrapped ... t, key) | provenance | | +| tests.js:415:39:415:41 | key | tests.js:415:22:415:42 | wrapped ... t, key) | provenance | Config | | tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | provenance | | | tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | provenance | | | tests.js:424:25:424:27 | obj | tests.js:426:12:426:14 | obj | provenance | | | tests.js:424:30:424:32 | key | tests.js:426:16:426:18 | key | provenance | | -| tests.js:426:12:426:14 | obj | tests.js:426:12:426:19 | obj[key] | provenance | | -| tests.js:426:16:426:18 | key | tests.js:426:12:426:19 | obj[key] | provenance | | +| tests.js:426:12:426:14 | obj | tests.js:426:12:426:19 | obj[key] | provenance | Config | +| tests.js:426:16:426:18 | key | tests.js:426:12:426:19 | obj[key] | provenance | Config | | tests.js:429:34:429:36 | dst | tests.js:432:37:432:39 | dst | provenance | | | tests.js:429:34:429:36 | dst | tests.js:436:13:436:15 | dst | provenance | | | tests.js:429:39:429:41 | src | tests.js:431:36:431:38 | src | provenance | | @@ -1153,26 +1153,26 @@ edges | tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | provenance | | | tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | provenance | | | tests.js:431:36:431:38 | src | tests.js:424:25:424:27 | obj | provenance | | -| tests.js:431:36:431:38 | src | tests.js:431:21:431:44 | almostS ... c, key) | provenance | | +| tests.js:431:36:431:38 | src | tests.js:431:21:431:44 | almostS ... c, key) | provenance | Config | | tests.js:431:41:431:43 | key | tests.js:424:30:424:32 | key | provenance | | -| tests.js:431:41:431:43 | key | tests.js:431:21:431:44 | almostS ... c, key) | provenance | | +| tests.js:431:41:431:43 | key | tests.js:431:21:431:44 | almostS ... c, key) | provenance | Config | | tests.js:432:13:432:45 | target | tests.js:434:37:434:42 | target | provenance | | | tests.js:432:22:432:45 | almostS ... t, key) | tests.js:432:13:432:45 | target | provenance | | | tests.js:432:37:432:39 | dst | tests.js:424:25:424:27 | obj | provenance | | -| tests.js:432:37:432:39 | dst | tests.js:432:22:432:45 | almostS ... t, key) | provenance | | +| tests.js:432:37:432:39 | dst | tests.js:432:22:432:45 | almostS ... t, key) | provenance | Config | | tests.js:432:42:432:44 | key | tests.js:424:30:424:32 | key | provenance | | -| tests.js:432:42:432:44 | key | tests.js:432:22:432:45 | almostS ... t, key) | provenance | | +| tests.js:432:42:432:44 | key | tests.js:432:22:432:45 | almostS ... t, key) | provenance | Config | | tests.js:434:37:434:42 | target | tests.js:429:34:429:36 | dst | provenance | | | tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | provenance | | | tests.js:441:19:441:21 | obj | tests.js:443:12:443:14 | obj | provenance | | -| tests.js:443:12:443:14 | obj | tests.js:443:12:443:19 | obj[key] | provenance | | +| tests.js:443:12:443:14 | obj | tests.js:443:12:443:19 | obj[key] | provenance | Config | | tests.js:446:33:446:35 | src | tests.js:448:30:448:32 | src | provenance | | | tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | provenance | | | tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | provenance | | | tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | provenance | | | tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | provenance | | | tests.js:448:30:448:32 | src | tests.js:441:19:441:21 | obj | provenance | | -| tests.js:448:30:448:32 | src | tests.js:448:21:448:38 | safeRead(src, key) | provenance | | +| tests.js:448:30:448:32 | src | tests.js:448:21:448:38 | safeRead(src, key) | provenance | Config | | tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | provenance | | | tests.js:458:26:458:28 | dst | tests.js:462:29:462:31 | dst | provenance | | | tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | provenance | | @@ -1189,23 +1189,23 @@ edges | tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | provenance | | | tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | provenance | | | tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | provenance | | -| tests.js:462:29:462:31 | dst | tests.js:462:29:462:36 | dst[key] | provenance | | +| tests.js:462:29:462:31 | dst | tests.js:462:29:462:36 | dst[key] | provenance | Config | | tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | provenance | | -| tests.js:462:33:462:35 | key | tests.js:462:29:462:36 | dst[key] | provenance | | -| tests.js:462:39:462:41 | src | tests.js:462:39:462:46 | src[key] | provenance | | +| tests.js:462:33:462:35 | key | tests.js:462:29:462:36 | dst[key] | provenance | Config | +| tests.js:462:39:462:41 | src | tests.js:462:39:462:46 | src[key] | provenance | Config | | tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | provenance | | -| tests.js:462:43:462:45 | key | tests.js:462:39:462:46 | src[key] | provenance | | -| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | provenance | | -| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | provenance | | -| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | provenance | | +| tests.js:462:43:462:45 | key | tests.js:462:39:462:46 | src[key] | provenance | Config | +| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | provenance | Config | +| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | provenance | Config | +| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | provenance | Config | | tests.js:472:38:472:40 | dst | tests.js:475:41:475:43 | dst | provenance | | | tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | provenance | | | tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | provenance | | | tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | provenance | | | tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | provenance | | -| tests.js:475:41:475:43 | dst | tests.js:475:41:475:48 | dst[key] | provenance | | +| tests.js:475:41:475:43 | dst | tests.js:475:41:475:48 | dst[key] | provenance | Config | | tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | provenance | | -| tests.js:475:45:475:47 | key | tests.js:475:41:475:48 | dst[key] | provenance | | +| tests.js:475:45:475:47 | key | tests.js:475:41:475:48 | dst[key] | provenance | Config | | tests.js:483:26:483:28 | dst | tests.js:487:29:487:31 | dst | provenance | | | tests.js:483:26:483:28 | dst | tests.js:489:13:489:15 | dst | provenance | | | tests.js:483:31:483:33 | src | tests.js:487:39:487:41 | src | provenance | | @@ -1215,16 +1215,16 @@ edges | tests.js:484:14:484:16 | key | tests.js:487:43:487:45 | key | provenance | | | tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | provenance | | | tests.js:484:14:484:16 | key | tests.js:489:28:489:30 | key | provenance | | -| tests.js:487:29:487:31 | dst | tests.js:487:29:487:36 | dst[key] | provenance | | +| tests.js:487:29:487:31 | dst | tests.js:487:29:487:36 | dst[key] | provenance | Config | | tests.js:487:29:487:36 | dst[key] | tests.js:483:26:483:28 | dst | provenance | | -| tests.js:487:33:487:35 | key | tests.js:487:29:487:36 | dst[key] | provenance | | -| tests.js:487:39:487:41 | src | tests.js:487:39:487:46 | src[key] | provenance | | +| tests.js:487:33:487:35 | key | tests.js:487:29:487:36 | dst[key] | provenance | Config | +| tests.js:487:39:487:41 | src | tests.js:487:39:487:46 | src[key] | provenance | Config | | tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | provenance | | | tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | provenance | | | tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | provenance | | -| tests.js:487:43:487:45 | key | tests.js:487:39:487:46 | src[key] | provenance | | -| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | provenance | | -| tests.js:489:28:489:30 | key | tests.js:489:24:489:31 | src[key] | provenance | | +| tests.js:487:43:487:45 | key | tests.js:487:39:487:46 | src[key] | provenance | Config | +| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | provenance | Config | +| tests.js:489:28:489:30 | key | tests.js:489:24:489:31 | src[key] | provenance | Config | | tests.js:494:32:494:34 | src | tests.js:498:21:498:23 | src | provenance | | | tests.js:495:14:495:16 | key | tests.js:498:25:498:27 | key | provenance | | | tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | provenance | | @@ -1233,11 +1233,11 @@ edges | tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | provenance | | | tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | provenance | | | tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | provenance | | -| tests.js:498:21:498:23 | src | tests.js:498:21:498:28 | src[key] | provenance | | +| tests.js:498:21:498:23 | src | tests.js:498:21:498:28 | src[key] | provenance | Config | | tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | provenance | | | tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | provenance | | | tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | provenance | | -| tests.js:498:25:498:27 | key | tests.js:498:21:498:28 | src[key] | provenance | | +| tests.js:498:25:498:27 | key | tests.js:498:21:498:28 | src[key] | provenance | Config | | tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | provenance | | | tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | provenance | | | tests.js:508:30:508:32 | dst | tests.js:513:33:513:35 | dst | provenance | | @@ -1249,25 +1249,25 @@ edges | tests.js:511:13:511:25 | key | tests.js:516:36:516:38 | key | provenance | | | tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | provenance | | | tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | provenance | | -| tests.js:513:33:513:35 | dst | tests.js:513:33:513:40 | dst[key] | provenance | | +| tests.js:513:33:513:35 | dst | tests.js:513:33:513:40 | dst[key] | provenance | Config | | tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | provenance | | -| tests.js:513:37:513:39 | key | tests.js:513:33:513:40 | dst[key] | provenance | | -| tests.js:513:43:513:45 | src | tests.js:513:43:513:50 | src[key] | provenance | | +| tests.js:513:37:513:39 | key | tests.js:513:33:513:40 | dst[key] | provenance | Config | +| tests.js:513:43:513:45 | src | tests.js:513:43:513:50 | src[key] | provenance | Config | | tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | provenance | | -| tests.js:513:47:513:49 | key | tests.js:513:43:513:50 | src[key] | provenance | | -| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | provenance | | -| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | provenance | | +| tests.js:513:47:513:49 | key | tests.js:513:43:513:50 | src[key] | provenance | Config | +| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | provenance | Config | +| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | provenance | Config | | tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | provenance | | | tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | provenance | | -| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | provenance | | +| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | provenance | Config | | tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | provenance | | | tests.js:534:36:534:43 | callback [dst] | tests.js:538:9:538:16 | callback [dst] | provenance | | | tests.js:538:9:538:16 | callback [dst] | tests.js:545:33:545:35 | dst | provenance | | | tests.js:538:9:538:16 | callback [dst] | tests.js:547:13:547:15 | dst | provenance | | | tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | provenance | | -| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | provenance | | +| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | provenance | Config | | tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | provenance | | -| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | provenance | | +| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | provenance | Config | | tests.js:542:30:542:32 | dst | tests.js:534:36:534:43 | callback [dst] | provenance | | | tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | provenance | | | tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | provenance | | @@ -1277,34 +1277,34 @@ edges | tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | provenance | | | tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | provenance | | | tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | provenance | | -| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | provenance | | +| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | provenance | Config | | tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | provenance | | -| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | provenance | | +| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | provenance | Config | | tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | provenance | | | tests.js:552:35:552:37 | src | tests.js:557:43:557:45 | src | provenance | | | tests.js:552:35:552:37 | src | tests.js:559:24:559:26 | src | provenance | | | tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | provenance | | | tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | provenance | | -| tests.js:557:43:557:45 | src | tests.js:557:43:557:50 | src[key] | provenance | | +| tests.js:557:43:557:45 | src | tests.js:557:43:557:50 | src[key] | provenance | Config | | tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | provenance | | -| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | provenance | | -| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | provenance | | +| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | provenance | Config | +| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | provenance | Config | | tests.js:564:35:564:37 | src | tests.js:569:43:569:45 | src | provenance | | | tests.js:564:35:564:37 | src | tests.js:571:24:571:26 | src | provenance | | | tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | provenance | | | tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | provenance | | -| tests.js:569:43:569:45 | src | tests.js:569:43:569:50 | src[key] | provenance | | +| tests.js:569:43:569:45 | src | tests.js:569:43:569:50 | src[key] | provenance | Config | | tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | provenance | | -| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | provenance | | -| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | provenance | | +| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | provenance | Config | +| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | provenance | Config | | tests.js:576:30:576:32 | src | tests.js:580:38:580:40 | src | provenance | | | tests.js:576:30:576:32 | src | tests.js:582:24:582:26 | src | provenance | | | tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | provenance | | | tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | provenance | | -| tests.js:580:38:580:40 | src | tests.js:580:38:580:45 | src[key] | provenance | | +| tests.js:580:38:580:40 | src | tests.js:580:38:580:45 | src[key] | provenance | Config | | tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | provenance | | -| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | provenance | | -| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | provenance | | +| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | provenance | Config | +| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | provenance | Config | | tests.js:591:25:591:27 | obj | tests.js:592:7:592:9 | obj | provenance | | | tests.js:591:25:591:27 | obj | tests.js:592:21:592:23 | obj | provenance | | | tests.js:592:7:592:9 | obj | tests.js:592:21:592:23 | obj | provenance | | @@ -1318,16 +1318,16 @@ edges | tests.js:601:16:601:18 | key | tests.js:603:52:603:54 | key | provenance | | | tests.js:601:16:601:18 | key | tests.js:605:18:605:20 | key | provenance | | | tests.js:601:16:601:18 | key | tests.js:605:47:605:49 | key | provenance | | -| tests.js:603:34:603:37 | dest | tests.js:603:34:603:42 | dest[key] | provenance | | +| tests.js:603:34:603:37 | dest | tests.js:603:34:603:42 | dest[key] | provenance | Config | | tests.js:603:34:603:42 | dest[key] | tests.js:600:31:600:34 | dest | provenance | | -| tests.js:603:39:603:41 | key | tests.js:603:34:603:42 | dest[key] | provenance | | -| tests.js:603:45:603:50 | source | tests.js:603:45:603:55 | source[key] | provenance | | +| tests.js:603:39:603:41 | key | tests.js:603:34:603:42 | dest[key] | provenance | Config | +| tests.js:603:45:603:50 | source | tests.js:603:45:603:55 | source[key] | provenance | Config | | tests.js:603:45:603:55 | source[key] | tests.js:600:37:600:42 | source | provenance | | -| tests.js:603:52:603:54 | key | tests.js:603:45:603:55 | source[key] | provenance | | -| tests.js:605:40:605:45 | source | tests.js:605:40:605:50 | source[key] | provenance | | +| tests.js:603:52:603:54 | key | tests.js:603:45:603:55 | source[key] | provenance | Config | +| tests.js:605:40:605:45 | source | tests.js:605:40:605:50 | source[key] | provenance | Config | | tests.js:605:40:605:50 | source[key] | tests.js:591:25:591:27 | obj | provenance | | | tests.js:605:40:605:50 | source[key] | tests.js:605:25:605:51 | capture ... e[key]) | provenance | | -| tests.js:605:47:605:49 | key | tests.js:605:40:605:50 | source[key] | provenance | | +| tests.js:605:47:605:49 | key | tests.js:605:40:605:50 | source[key] | provenance | Config | subpaths | tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | tests.js:361:12:361:17 | target | tests.js:355:31:355:86 | mergePl ... ptions) | | tests.js:371:62:371:72 | target[key] | tests.js:364:41:364:46 | target | tests.js:377:12:377:17 | target | tests.js:371:31:371:95 | mergePl ... ptions) | diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected index 29d49ed71a4d..b773f9b2dee4 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected @@ -31,31 +31,31 @@ nodes | webix/webix.js:5:31:5:35 | event | semmle.label | event | | webix/webix.js:5:31:5:40 | event.data | semmle.label | event.data | edges -| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event | -| angularmerge.js:2:32:2:36 | event | angularmerge.js:2:32:2:41 | event.data | -| angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | -| src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } [value] | -| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | -| src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | -| src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | -| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | -| src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } [value] | -| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | -| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | -| webix/webix.html:3:34:3:38 | event | webix/webix.html:4:37:4:41 | event | -| webix/webix.html:3:34:3:38 | event | webix/webix.html:5:35:5:39 | event | -| webix/webix.html:4:37:4:41 | event | webix/webix.html:4:37:4:46 | event.data | -| webix/webix.html:4:37:4:46 | event.data | webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | -| webix/webix.html:5:35:5:39 | event | webix/webix.html:5:35:5:44 | event.data | -| webix/webix.html:5:35:5:44 | event.data | webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | -| webix/webix.js:3:30:3:34 | event | webix/webix.js:4:33:4:37 | event | -| webix/webix.js:3:30:3:34 | event | webix/webix.js:5:31:5:35 | event | -| webix/webix.js:4:33:4:37 | event | webix/webix.js:4:33:4:42 | event.data | -| webix/webix.js:4:33:4:42 | event.data | webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | -| webix/webix.js:5:31:5:35 | event | webix/webix.js:5:31:5:40 | event.data | -| webix/webix.js:5:31:5:40 | event.data | webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | +| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event | provenance | | +| angularmerge.js:2:32:2:36 | event | angularmerge.js:2:32:2:41 | event.data | provenance | | +| angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | provenance | Config | +| src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } [value] | provenance | | +| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | provenance | | +| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | provenance | | +| src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | provenance | | +| src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | provenance | | +| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | provenance | | +| src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } [value] | provenance | | +| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | provenance | | +| src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | provenance | | +| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | provenance | | +| webix/webix.html:3:34:3:38 | event | webix/webix.html:4:37:4:41 | event | provenance | | +| webix/webix.html:3:34:3:38 | event | webix/webix.html:5:35:5:39 | event | provenance | | +| webix/webix.html:4:37:4:41 | event | webix/webix.html:4:37:4:46 | event.data | provenance | | +| webix/webix.html:4:37:4:46 | event.data | webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | provenance | Config | +| webix/webix.html:5:35:5:39 | event | webix/webix.html:5:35:5:44 | event.data | provenance | | +| webix/webix.html:5:35:5:44 | event.data | webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | provenance | Config | +| webix/webix.js:3:30:3:34 | event | webix/webix.js:4:33:4:37 | event | provenance | | +| webix/webix.js:3:30:3:34 | event | webix/webix.js:5:31:5:35 | event | provenance | | +| webix/webix.js:4:33:4:37 | event | webix/webix.js:4:33:4:42 | event.data | provenance | | +| webix/webix.js:4:33:4:42 | event.data | webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | provenance | Config | +| webix/webix.js:5:31:5:35 | event | webix/webix.js:5:31:5:40 | event.data | provenance | | +| webix/webix.js:5:31:5:40 | event.data | webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | provenance | Config | subpaths #select | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | angularmerge.js:1:30:1:34 | event | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | angularmerge.js:1:30:1:34 | event | user-controlled value | angularmerge.js:2:3:2:43 | angular ... .data)) | angular | diff --git a/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected index b11a9d20a641..5a267ea56891 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected @@ -1,16 +1,16 @@ edges -| clientSide.js:11:11:11:53 | query | clientSide.js:12:42:12:46 | query | -| clientSide.js:11:19:11:40 | window. ... .search | clientSide.js:11:19:11:53 | window. ... ring(1) | -| clientSide.js:11:19:11:53 | window. ... ring(1) | clientSide.js:11:11:11:53 | query | -| clientSide.js:12:42:12:46 | query | clientSide.js:12:13:12:54 | 'https: ... + '/id' | -| clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | -| clientSide.js:16:11:16:54 | fragment | clientSide.js:17:42:17:49 | fragment | -| clientSide.js:16:22:16:41 | window.location.hash | clientSide.js:16:22:16:54 | window. ... ring(1) | -| clientSide.js:16:22:16:54 | window. ... ring(1) | clientSide.js:16:11:16:54 | fragment | -| clientSide.js:17:42:17:49 | fragment | clientSide.js:17:13:17:57 | 'https: ... + '/id' | -| clientSide.js:20:11:20:28 | name | clientSide.js:21:42:21:45 | name | -| clientSide.js:20:18:20:28 | window.name | clientSide.js:20:11:20:28 | name | -| clientSide.js:21:42:21:45 | name | clientSide.js:21:13:21:53 | 'https: ... + '/id' | +| clientSide.js:11:11:11:53 | query | clientSide.js:12:42:12:46 | query | provenance | | +| clientSide.js:11:19:11:40 | window. ... .search | clientSide.js:11:19:11:53 | window. ... ring(1) | provenance | | +| clientSide.js:11:19:11:53 | window. ... ring(1) | clientSide.js:11:11:11:53 | query | provenance | | +| clientSide.js:12:42:12:46 | query | clientSide.js:12:13:12:54 | 'https: ... + '/id' | provenance | | +| clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | provenance | | +| clientSide.js:16:11:16:54 | fragment | clientSide.js:17:42:17:49 | fragment | provenance | | +| clientSide.js:16:22:16:41 | window.location.hash | clientSide.js:16:22:16:54 | window. ... ring(1) | provenance | | +| clientSide.js:16:22:16:54 | window. ... ring(1) | clientSide.js:16:11:16:54 | fragment | provenance | | +| clientSide.js:17:42:17:49 | fragment | clientSide.js:17:13:17:57 | 'https: ... + '/id' | provenance | | +| clientSide.js:20:11:20:28 | name | clientSide.js:21:42:21:45 | name | provenance | | +| clientSide.js:20:18:20:28 | window.name | clientSide.js:20:11:20:28 | name | provenance | | +| clientSide.js:21:42:21:45 | name | clientSide.js:21:13:21:53 | 'https: ... + '/id' | provenance | | nodes | clientSide.js:11:11:11:53 | query | semmle.label | query | | clientSide.js:11:19:11:40 | window. ... .search | semmle.label | window. ... .search | diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 4d97d522e54b..edeab8f1d94f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,52 +1,52 @@ edges -| serverSide.js:14:9:14:52 | tainted | serverSide.js:18:13:18:19 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:20:17:20:23 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:23:19:23:25 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:26:25:26:31 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:28:36:28:42 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:30:37:30:43 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:34:34:34:40 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:36:24:36:30 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:37:30:37:36 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:41:43:41:49 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:43:46:43:52 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:45:50:45:56 | tainted | -| serverSide.js:14:19:14:42 | url.par ... , true) | serverSide.js:14:9:14:52 | tainted | -| serverSide.js:14:29:14:35 | req.url | serverSide.js:14:19:14:42 | url.par ... , true) | -| serverSide.js:26:25:26:31 | tainted | serverSide.js:26:13:26:31 | "http://" + tainted | -| serverSide.js:28:36:28:42 | tainted | serverSide.js:28:13:28:42 | "http:/ ... tainted | -| serverSide.js:30:37:30:43 | tainted | serverSide.js:30:13:30:43 | "http:/ ... tainted | -| serverSide.js:36:24:36:30 | tainted | serverSide.js:36:16:36:31 | new Uri(tainted) | -| serverSide.js:37:30:37:36 | tainted | serverSide.js:37:22:37:37 | new Uri(tainted) | -| serverSide.js:41:43:41:49 | tainted | serverSide.js:41:13:41:51 | `http:/ ... inted}` | -| serverSide.js:43:46:43:52 | tainted | serverSide.js:43:13:43:54 | `http:/ ... inted}` | -| serverSide.js:45:50:45:56 | tainted | serverSide.js:45:13:45:56 | 'http:/ ... tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:61:29:61:35 | tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:61:29:61:35 | tainted | -| serverSide.js:58:19:58:42 | url.par ... , true) | serverSide.js:58:9:58:52 | tainted | -| serverSide.js:58:29:58:35 | req.url | serverSide.js:58:19:58:42 | url.par ... , true) | -| serverSide.js:61:29:61:35 | tainted | serverSide.js:64:30:64:36 | tainted | -| serverSide.js:61:29:61:35 | tainted | serverSide.js:68:30:68:36 | tainted | -| serverSide.js:74:9:74:52 | tainted | serverSide.js:76:19:76:25 | tainted | -| serverSide.js:74:19:74:42 | url.par ... , true) | serverSide.js:74:9:74:52 | tainted | -| serverSide.js:74:29:74:35 | req.url | serverSide.js:74:19:74:42 | url.par ... , true) | -| serverSide.js:83:38:83:43 | param1 | serverSide.js:84:19:84:24 | param1 | -| serverSide.js:90:19:90:28 | ctx.params | serverSide.js:90:19:90:32 | ctx.params.foo | -| serverSide.js:92:19:92:28 | ctx.params | serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:98:9:98:52 | tainted | serverSide.js:100:19:100:25 | tainted | -| serverSide.js:98:19:98:42 | url.par ... , true) | serverSide.js:98:9:98:52 | tainted | -| serverSide.js:98:29:98:35 | req.url | serverSide.js:98:19:98:42 | url.par ... , true) | -| serverSide.js:108:11:108:27 | url | serverSide.js:109:27:109:29 | url | -| serverSide.js:108:17:108:27 | request.url | serverSide.js:108:11:108:27 | url | -| serverSide.js:115:11:115:42 | url | serverSide.js:117:27:117:29 | url | -| serverSide.js:115:17:115:42 | new URL ... , base) | serverSide.js:115:11:115:42 | url | -| serverSide.js:115:25:115:35 | request.url | serverSide.js:115:17:115:42 | new URL ... , base) | -| serverSide.js:123:9:123:52 | tainted | serverSide.js:127:14:127:20 | tainted | -| serverSide.js:123:9:123:52 | tainted | serverSide.js:130:37:130:43 | tainted | -| serverSide.js:123:19:123:42 | url.par ... , true) | serverSide.js:123:9:123:52 | tainted | -| serverSide.js:123:29:123:35 | req.url | serverSide.js:123:19:123:42 | url.par ... , true) | -| serverSide.js:130:9:130:45 | myUrl | serverSide.js:131:15:131:19 | myUrl | -| serverSide.js:130:37:130:43 | tainted | serverSide.js:130:9:130:45 | myUrl | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:18:13:18:19 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:20:17:20:23 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:23:19:23:25 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:26:25:26:31 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:28:36:28:42 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:30:37:30:43 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:34:34:34:40 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:36:24:36:30 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:37:30:37:36 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:41:43:41:49 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:43:46:43:52 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:45:50:45:56 | tainted | provenance | | +| serverSide.js:14:19:14:42 | url.par ... , true) | serverSide.js:14:9:14:52 | tainted | provenance | | +| serverSide.js:14:29:14:35 | req.url | serverSide.js:14:19:14:42 | url.par ... , true) | provenance | | +| serverSide.js:26:25:26:31 | tainted | serverSide.js:26:13:26:31 | "http://" + tainted | provenance | | +| serverSide.js:28:36:28:42 | tainted | serverSide.js:28:13:28:42 | "http:/ ... tainted | provenance | | +| serverSide.js:30:37:30:43 | tainted | serverSide.js:30:13:30:43 | "http:/ ... tainted | provenance | | +| serverSide.js:36:24:36:30 | tainted | serverSide.js:36:16:36:31 | new Uri(tainted) | provenance | | +| serverSide.js:37:30:37:36 | tainted | serverSide.js:37:22:37:37 | new Uri(tainted) | provenance | | +| serverSide.js:41:43:41:49 | tainted | serverSide.js:41:13:41:51 | `http:/ ... inted}` | provenance | | +| serverSide.js:43:46:43:52 | tainted | serverSide.js:43:13:43:54 | `http:/ ... inted}` | provenance | | +| serverSide.js:45:50:45:56 | tainted | serverSide.js:45:13:45:56 | 'http:/ ... tainted | provenance | | +| serverSide.js:58:9:58:52 | tainted | serverSide.js:61:29:61:35 | tainted | provenance | | +| serverSide.js:58:9:58:52 | tainted | serverSide.js:61:29:61:35 | tainted | provenance | | +| serverSide.js:58:19:58:42 | url.par ... , true) | serverSide.js:58:9:58:52 | tainted | provenance | | +| serverSide.js:58:29:58:35 | req.url | serverSide.js:58:19:58:42 | url.par ... , true) | provenance | | +| serverSide.js:61:29:61:35 | tainted | serverSide.js:64:30:64:36 | tainted | provenance | | +| serverSide.js:61:29:61:35 | tainted | serverSide.js:68:30:68:36 | tainted | provenance | | +| serverSide.js:74:9:74:52 | tainted | serverSide.js:76:19:76:25 | tainted | provenance | | +| serverSide.js:74:19:74:42 | url.par ... , true) | serverSide.js:74:9:74:52 | tainted | provenance | | +| serverSide.js:74:29:74:35 | req.url | serverSide.js:74:19:74:42 | url.par ... , true) | provenance | | +| serverSide.js:83:38:83:43 | param1 | serverSide.js:84:19:84:24 | param1 | provenance | | +| serverSide.js:90:19:90:28 | ctx.params | serverSide.js:90:19:90:32 | ctx.params.foo | provenance | | +| serverSide.js:92:19:92:28 | ctx.params | serverSide.js:92:19:92:32 | ctx.params.foo | provenance | | +| serverSide.js:98:9:98:52 | tainted | serverSide.js:100:19:100:25 | tainted | provenance | | +| serverSide.js:98:19:98:42 | url.par ... , true) | serverSide.js:98:9:98:52 | tainted | provenance | | +| serverSide.js:98:29:98:35 | req.url | serverSide.js:98:19:98:42 | url.par ... , true) | provenance | | +| serverSide.js:108:11:108:27 | url | serverSide.js:109:27:109:29 | url | provenance | | +| serverSide.js:108:17:108:27 | request.url | serverSide.js:108:11:108:27 | url | provenance | | +| serverSide.js:115:11:115:42 | url | serverSide.js:117:27:117:29 | url | provenance | | +| serverSide.js:115:17:115:42 | new URL ... , base) | serverSide.js:115:11:115:42 | url | provenance | | +| serverSide.js:115:25:115:35 | request.url | serverSide.js:115:17:115:42 | new URL ... , base) | provenance | Config | +| serverSide.js:123:9:123:52 | tainted | serverSide.js:127:14:127:20 | tainted | provenance | | +| serverSide.js:123:9:123:52 | tainted | serverSide.js:130:37:130:43 | tainted | provenance | | +| serverSide.js:123:19:123:42 | url.par ... , true) | serverSide.js:123:9:123:52 | tainted | provenance | | +| serverSide.js:123:29:123:35 | req.url | serverSide.js:123:19:123:42 | url.par ... , true) | provenance | | +| serverSide.js:130:9:130:45 | myUrl | serverSide.js:131:15:131:19 | myUrl | provenance | | +| serverSide.js:130:37:130:43 | tainted | serverSide.js:130:9:130:45 | myUrl | provenance | | nodes | serverSide.js:14:9:14:52 | tainted | semmle.label | tainted | | serverSide.js:14:19:14:42 | url.par ... , true) | semmle.label | url.par ... , true) | From af7b4e30633dd69bc9081b08b10df48ec3575816 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 26 Jun 2024 13:45:09 +0200 Subject: [PATCH 212/223] Accept flow difference due to added test cases New library gets FN for spread arguments in a call to splice(), which was added to the old version in this PR: https://github.com/github/codeql/pull/16739 --- javascript/ql/test/library-tests/Arrays/DataFlow.expected | 2 +- javascript/ql/test/library-tests/Arrays/TaintFlow.expected | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/test/library-tests/Arrays/DataFlow.expected b/javascript/ql/test/library-tests/Arrays/DataFlow.expected index 3c9cd4147f10..340f5dbe2302 100644 --- a/javascript/ql/test/library-tests/Arrays/DataFlow.expected +++ b/javascript/ql/test/library-tests/Arrays/DataFlow.expected @@ -1,11 +1,11 @@ legacyDataFlowDifference +| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() | only flow with OLD data flow library | flow | arrays.js:2:16:2:23 | "source" | arrays.js:5:8:5:14 | obj.foo | | arrays.js:2:16:2:23 | "source" | arrays.js:11:10:11:15 | arr[i] | | arrays.js:2:16:2:23 | "source" | arrays.js:15:27:15:27 | e | | arrays.js:2:16:2:23 | "source" | arrays.js:16:23:16:23 | e | | arrays.js:2:16:2:23 | "source" | arrays.js:20:8:20:16 | arr.pop() | -| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() | | arrays.js:2:16:2:23 | "source" | arrays.js:61:10:61:10 | x | | arrays.js:2:16:2:23 | "source" | arrays.js:65:10:65:10 | x | | arrays.js:2:16:2:23 | "source" | arrays.js:69:10:69:10 | x | diff --git a/javascript/ql/test/library-tests/Arrays/TaintFlow.expected b/javascript/ql/test/library-tests/Arrays/TaintFlow.expected index 12d926e8eb67..0f246a750bc9 100644 --- a/javascript/ql/test/library-tests/Arrays/TaintFlow.expected +++ b/javascript/ql/test/library-tests/Arrays/TaintFlow.expected @@ -1,11 +1,11 @@ legacyDataFlowDifference +| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() | only flow with OLD data flow library | flow | arrays.js:2:16:2:23 | "source" | arrays.js:5:8:5:14 | obj.foo | | arrays.js:2:16:2:23 | "source" | arrays.js:11:10:11:15 | arr[i] | | arrays.js:2:16:2:23 | "source" | arrays.js:15:27:15:27 | e | | arrays.js:2:16:2:23 | "source" | arrays.js:16:23:16:23 | e | | arrays.js:2:16:2:23 | "source" | arrays.js:20:8:20:16 | arr.pop() | -| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() | | arrays.js:2:16:2:23 | "source" | arrays.js:58:8:58:13 | arr[0] | | arrays.js:2:16:2:23 | "source" | arrays.js:61:10:61:10 | x | | arrays.js:2:16:2:23 | "source" | arrays.js:65:10:65:10 | x | From 24732746813a0877c7c7639a38384cb5997294ef Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 27 Jun 2024 09:06:45 +0200 Subject: [PATCH 213/223] JS: Benign test output changes --- .../InterProceduralFlow/tests.expected | 6 +++ .../frameworks/Templating/XssDiff.expected | 1 + .../IndirectCommandInjection.expected | 8 ++-- .../ImproperCodeSanitization.expected | 18 ++++---- .../CWE-798/HardcodedCredentials.expected | 45 ++++++++++--------- 5 files changed, 45 insertions(+), 33 deletions(-) diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected index 81321780859c..94fe390a0465 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected +++ b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected @@ -48,6 +48,7 @@ dataFlow | partial.js:6:15:6:24 | "tainted2" | partial.js:42:15:42:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:48:15:48:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:54:15:54:15 | y | +| promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | | properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | @@ -61,6 +62,7 @@ dataFlow | tst2.js:6:24:6:37 | "also tainted" | tst2.js:11:15:11:24 | g(source2) | | tst6.mjs:12:14:12:21 | "source" | tst6.mjs:14:12:14:16 | a.m() | | tst6.mjs:16:15:16:23 | "source2" | tst6.mjs:18:13:18:24 | a.m.call(a2) | +| tst.js:2:17:2:22 | "src1" | tst.js:28:20:28:22 | elt | | tst.js:2:17:2:22 | "src1" | tst.js:39:17:39:17 | x | | tst.js:2:17:2:22 | "src1" | tst.js:41:19:41:19 | x | | tst.js:2:17:2:22 | "src1" | tst.js:45:17:45:17 | x | @@ -126,6 +128,7 @@ taintTracking | partial.js:6:15:6:24 | "tainted2" | partial.js:42:15:42:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:48:15:48:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:54:15:54:15 | y | +| promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | | properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | @@ -154,6 +157,7 @@ taintTracking | tst.js:2:17:2:22 | "src1" | tst.js:19:16:19:34 | JSON.parse(source1) | | tst.js:2:17:2:22 | "src1" | tst.js:20:16:20:37 | JSON.st ... sink10) | | tst.js:2:17:2:22 | "src1" | tst.js:24:16:24:18 | foo | +| tst.js:2:17:2:22 | "src1" | tst.js:28:20:28:22 | elt | | tst.js:2:17:2:22 | "src1" | tst.js:30:20:30:22 | ary | | tst.js:2:17:2:22 | "src1" | tst.js:36:16:36:24 | dict[key] | | tst.js:2:17:2:22 | "src1" | tst.js:39:17:39:17 | x | @@ -223,6 +227,7 @@ germanFlow | partial.js:6:15:6:24 | "tainted2" | partial.js:42:15:42:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:48:15:48:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:54:15:54:15 | y | +| promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | | properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | @@ -236,6 +241,7 @@ germanFlow | tst2.js:6:24:6:37 | "also tainted" | tst2.js:11:15:11:24 | g(source2) | | tst6.mjs:12:14:12:21 | "source" | tst6.mjs:14:12:14:16 | a.m() | | tst6.mjs:16:15:16:23 | "source2" | tst6.mjs:18:13:18:24 | a.m.call(a2) | +| tst.js:2:17:2:22 | "src1" | tst.js:28:20:28:22 | elt | | tst.js:2:17:2:22 | "src1" | tst.js:39:17:39:17 | x | | tst.js:2:17:2:22 | "src1" | tst.js:41:19:41:19 | x | | tst.js:2:17:2:22 | "src1" | tst.js:45:17:45:17 | x | diff --git a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected index 168b17e2a1b3..1bed23967d25 100644 --- a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected +++ b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected @@ -25,6 +25,7 @@ flow | app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | +| app.js:73:18:73:30 | req.query.foo | views/dot_sinks.html.dot:3:9:3:22 | {{! tainted }} | | projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | | projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | | projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected index 1dd1715cdcc8..26416731806e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected @@ -74,16 +74,16 @@ edges | command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | provenance | | | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | command-line-parameter-command-injection.js:76:8:76:35 | argv | provenance | | | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | provenance | | -| command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | provenance | | +| command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | provenance | Config | | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | provenance | | | command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | provenance | | -| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | provenance | | +| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | provenance | Config | | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | provenance | | | command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | provenance | | -| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | provenance | | +| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | provenance | Config | | command-line-parameter-command-injection.js:88:6:88:37 | flags | command-line-parameter-command-injection.js:89:22:89:26 | flags | provenance | | | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | command-line-parameter-command-injection.js:88:6:88:37 | flags | provenance | | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | provenance | | +| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | provenance | Config | | command-line-parameter-command-injection.js:89:22:89:26 | flags | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | provenance | | | command-line-parameter-command-injection.js:91:6:91:38 | flags | command-line-parameter-command-injection.js:92:22:92:26 | flags | provenance | | | command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | provenance | | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected index ee2425775bbf..6e8db0460973 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected @@ -1,13 +1,13 @@ edges -| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | bad-code-sanitization.js:7:31:7:43 | safeProp(key) | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | -| bad-code-sanitization.js:6:11:6:25 | statements | bad-code-sanitization.js:8:27:8:36 | statements | -| bad-code-sanitization.js:7:5:7:14 | [post update] statements | bad-code-sanitization.js:6:11:6:25 | statements | -| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements | -| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | -| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:11:63:55 | assignment | +| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | bad-code-sanitization.js:7:31:7:43 | safeProp(key) | provenance | | +| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | provenance | | +| bad-code-sanitization.js:6:11:6:25 | statements | bad-code-sanitization.js:8:27:8:36 | statements | provenance | | +| bad-code-sanitization.js:7:5:7:14 | [post update] statements | bad-code-sanitization.js:6:11:6:25 | statements | provenance | | +| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements | provenance | | +| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | provenance | | +| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | provenance | | +| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | provenance | | +| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:11:63:55 | assignment | provenance | | nodes | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | semmle.label | /^[_$a- ... key)}]` | | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | semmle.label | JSON.stringify(key) | diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected index 12f0b7bb5a71..086af0f7bdf0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected @@ -9,32 +9,32 @@ edges | HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:195:46:195:49 | AUTH | provenance | | | HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:204:44:204:47 | AUTH | provenance | | | HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | HardcodedCredentials.js:173:11:173:49 | AUTH | provenance | | -| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | provenance | | -| HardcodedCredentials.js:173:35:173:38 | USER | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | provenance | | -| HardcodedCredentials.js:173:43:173:46 | PASS | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | provenance | | -| HardcodedCredentials.js:178:39:178:42 | AUTH | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | provenance | | -| HardcodedCredentials.js:188:39:188:42 | AUTH | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | provenance | | -| HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | provenance | | -| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | provenance | | +| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | provenance | Config | +| HardcodedCredentials.js:173:35:173:38 | USER | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | provenance | Config | +| HardcodedCredentials.js:173:43:173:46 | PASS | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | provenance | Config | +| HardcodedCredentials.js:178:39:178:42 | AUTH | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | provenance | Config | +| HardcodedCredentials.js:188:39:188:42 | AUTH | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | provenance | Config | +| HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | provenance | Config | +| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | provenance | Config | | HardcodedCredentials.js:214:11:214:25 | USER | HardcodedCredentials.js:216:35:216:38 | USER | provenance | | | HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER | provenance | | | HardcodedCredentials.js:215:11:215:25 | PASS | HardcodedCredentials.js:216:43:216:46 | PASS | provenance | | | HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS | provenance | | | HardcodedCredentials.js:216:11:216:49 | AUTH | HardcodedCredentials.js:221:46:221:49 | AUTH | provenance | | | HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | HardcodedCredentials.js:216:11:216:49 | AUTH | provenance | | -| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | provenance | | -| HardcodedCredentials.js:216:35:216:38 | USER | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | provenance | | -| HardcodedCredentials.js:216:43:216:46 | PASS | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | provenance | | -| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | provenance | | +| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | provenance | Config | +| HardcodedCredentials.js:216:35:216:38 | USER | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | provenance | Config | +| HardcodedCredentials.js:216:43:216:46 | PASS | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | provenance | Config | +| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | provenance | Config | | HardcodedCredentials.js:231:11:231:29 | username | HardcodedCredentials.js:237:47:237:54 | username | provenance | | | HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username | provenance | | -| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | provenance | | -| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | provenance | | -| HardcodedCredentials.js:237:47:237:54 | username | HardcodedCredentials.js:237:47:237:71 | usernam ... assword | provenance | | -| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | provenance | | +| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | provenance | Config | +| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | provenance | Config | +| HardcodedCredentials.js:237:47:237:54 | username | HardcodedCredentials.js:237:47:237:71 | usernam ... assword | provenance | Config | +| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | provenance | Config | | HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey | provenance | | | HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey | provenance | | -| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | provenance | | +| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | provenance | Config | | HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | provenance | | | HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | provenance | | nodes @@ -90,8 +90,8 @@ nodes | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | semmle.label | 'hgfedcba' | | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | semmle.label | 'hgfedcba' | | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | semmle.label | "hgfedcba" | -| HardcodedCredentials.js:160:38:160:48 | "change_me" | semmle.label | "change_me" | -| HardcodedCredentials.js:161:41:161:51 | 'change_me' | semmle.label | 'change_me' | +| HardcodedCredentials.js:160:38:160:56 | "oiuneawrgiyubaegr" | semmle.label | "oiuneawrgiyubaegr" | +| HardcodedCredentials.js:161:41:161:59 | 'oiuneawrgiyubaegr' | semmle.label | 'oiuneawrgiyubaegr' | | HardcodedCredentials.js:164:35:164:45 | 'change_me' | semmle.label | 'change_me' | | HardcodedCredentials.js:171:11:171:25 | USER | semmle.label | USER | | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | semmle.label | 'sdsdag' | @@ -152,6 +152,10 @@ nodes | HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | semmle.label | `Basic ... xxxxxx` | | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | semmle.label | `Basic ... gbbbbb` | | HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | semmle.label | `Basic ... 000001` | +| HardcodedCredentials.js:299:44:299:52 | 'mytoken' | semmle.label | 'mytoken' | +| HardcodedCredentials.js:300:44:300:56 | 'SampleToken' | semmle.label | 'SampleToken' | +| HardcodedCredentials.js:301:44:301:55 | 'MyPassword' | semmle.label | 'MyPassword' | +| HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | semmle.label | 'iubfew ... ybgera' | subpaths #select | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name | @@ -202,8 +206,8 @@ subpaths | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | key | | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | key | | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | key | -| HardcodedCredentials.js:160:38:160:48 | "change_me" | HardcodedCredentials.js:160:38:160:48 | "change_me" | HardcodedCredentials.js:160:38:160:48 | "change_me" | The hard-coded value "change_me" is used as $@. | HardcodedCredentials.js:160:38:160:48 | "change_me" | key | -| HardcodedCredentials.js:161:41:161:51 | 'change_me' | HardcodedCredentials.js:161:41:161:51 | 'change_me' | HardcodedCredentials.js:161:41:161:51 | 'change_me' | The hard-coded value "change_me" is used as $@. | HardcodedCredentials.js:161:41:161:51 | 'change_me' | key | +| HardcodedCredentials.js:160:38:160:56 | "oiuneawrgiyubaegr" | HardcodedCredentials.js:160:38:160:56 | "oiuneawrgiyubaegr" | HardcodedCredentials.js:160:38:160:56 | "oiuneawrgiyubaegr" | The hard-coded value "oiuneawrgiyubaegr" is used as $@. | HardcodedCredentials.js:160:38:160:56 | "oiuneawrgiyubaegr" | key | +| HardcodedCredentials.js:161:41:161:59 | 'oiuneawrgiyubaegr' | HardcodedCredentials.js:161:41:161:59 | 'oiuneawrgiyubaegr' | HardcodedCredentials.js:161:41:161:59 | 'oiuneawrgiyubaegr' | The hard-coded value "oiuneawrgiyubaegr" is used as $@. | HardcodedCredentials.js:161:41:161:59 | 'oiuneawrgiyubaegr' | key | | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | authorization header | | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | authorization header | | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | The hard-coded value "sdsdag" is used as $@. | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | authorization header | @@ -218,3 +222,4 @@ subpaths | HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:246:42:246:51 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:246:42:246:51 | privateKey | key | | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | The hard-coded value "Basic sdsdag:sdsdag" is used as $@. | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | authorization header | | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | The hard-coded value "Basic sdsdag:aaaiuogrweuibgbbbbb" is used as $@. | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | authorization header | +| HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | The hard-coded value "iubfewiaaweiybgaeuybgera" is used as $@. | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | key | From e53c0cdce71ae60d5e198cad96f2a0e32517c9be Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 27 Jun 2024 09:39:06 +0200 Subject: [PATCH 214/223] Fix unknown Parameter/Argument decoding --- .../javascript/dataflow/internal/FlowSummaryPrivate.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index 1186c713e9af..ddf7d450d11b 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -180,7 +180,7 @@ string encodeWithContent(ContentSet c, string arg) { result = "With" + encodeCon */ bindingset[token] ParameterPosition decodeUnknownParameterPosition(AccessPathSyntax::AccessPathTokenBase token) { - token.getName() = "Parameter" and + token.getName() = "Argument" and desugaredPositionName(result, token.getAnArgument()) } @@ -194,7 +194,7 @@ ParameterPosition decodeUnknownParameterPosition(AccessPathSyntax::AccessPathTok */ bindingset[token] ArgumentPosition decodeUnknownArgumentPosition(AccessPathSyntax::AccessPathTokenBase token) { - token.getName() = "Argument" and + token.getName() = "Parameter" and desugaredPositionName(result, token.getAnArgument()) } From c52a4b0621898639672240ef4cbefb628c743e46 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 27 Jun 2024 09:44:45 +0200 Subject: [PATCH 215/223] JS: Provide RenderSummarizedCallable --- .../semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll | 2 ++ 1 file changed, 2 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index ddf7d450d11b..24b1081d932b 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -139,6 +139,8 @@ private module FlowSummaryStepInput implements Private::StepsInputSig { module Steps = Private::Steps; +module RenderSummarizedCallable = Private::RenderSummarizedCallable; + /** * Gets the textual representation of return kind `rk` used in MaD. * From df0488a4700919689169b6a8f19733dcd54dcb89 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 27 Jun 2024 10:22:14 +0200 Subject: [PATCH 216/223] Ensure Member tokens from flow summaries are seen in PropertyName --- .../javascript/dataflow/internal/Contents.qll | 20 ++++++++++++------- .../dataflow/internal/FlowSummaryPrivate.qll | 4 ++++ 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll index 6c6272e6e324..a359ee0d1d5b 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll @@ -1,5 +1,7 @@ private import javascript private import semmle.javascript.frameworks.data.internal.ApiGraphModels as ApiGraphModels +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate +private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax module Private { import Public @@ -15,6 +17,15 @@ module Private { /** Gets the largest array index should be propagated precisely through flow summaries. */ int getAPreciseArrayIndex() { result = [0 .. getMaxPreciseArrayIndex()] } + /** + * Holds if a MaD access path token of form `name[arg]` exists. + */ + predicate isAccessPathTokenPresent(string name, string arg) { + arg = any(FlowSummaryPrivate::AccessPathToken tok).getAnArgument(name) + or + arg = any(ApiGraphModels::AccessPathToken tok).getAnArgument(name) + } + /** * Holds if values associated with `key` should be tracked as a individual contents of a `Map` object. */ @@ -25,10 +36,7 @@ module Private { call.getArgument(0).getStringValue() = key ) or - exists(ApiGraphModels::AccessPathToken token | - token.getName() = "MapValue" and - token.getAnArgument() = key - ) + isAccessPathTokenPresent("MapValue", key) } /** @@ -47,9 +55,7 @@ module Private { or this = getAPreciseArrayIndex().toString() or - exists(ApiGraphModels::AccessPathToken tok | - tok.getName() = "Member" and this = tok.getAnArgument() - ) + isAccessPathTokenPresent("Member", this) } /** Gets the array index corresponding to this property name. */ diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll index 24b1081d932b..d978f81fb8a1 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -141,6 +141,10 @@ module Steps = Private::Steps; module RenderSummarizedCallable = Private::RenderSummarizedCallable; +class AccessPath = Private::AccessPath; + +class AccessPathToken = Private::AccessPathToken; + /** * Gets the textual representation of return kind `rk` used in MaD. * From ee10702e7346478c875fff12d2269bb82fd3a115 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 27 Jun 2024 11:56:01 +0200 Subject: [PATCH 217/223] JS: Another provanance test output update --- .../CommandInjection.expected | 206 +++++++++--------- 1 file changed, 103 insertions(+), 103 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected index 6126cef4888c..82521f20efac 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected @@ -1,107 +1,107 @@ edges -| actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title | -| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | -| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | -| actions.js:18:9:18:63 | head_ref | actions.js:19:22:19:29 | head_ref | -| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | -| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:25:21:25:23 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:57:46:57:48 | cmd | -| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:9:6:49 | cmd | -| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd | -| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | -| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] | -| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | -| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:9:73:49 | cmd | -| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | -| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | -| exec-sh2.js:14:9:14:49 | cmd | exec-sh2.js:15:12:15:14 | cmd | -| exec-sh2.js:14:15:14:38 | url.par ... , true) | exec-sh2.js:14:9:14:49 | cmd | -| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) | -| exec-sh2.js:15:12:15:14 | cmd | exec-sh2.js:9:17:9:23 | command | -| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command | -| exec-sh.js:19:9:19:49 | cmd | exec-sh.js:20:12:20:14 | cmd | -| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:9:19:49 | cmd | -| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | -| exec-sh.js:20:12:20:14 | cmd | exec-sh.js:13:17:13:23 | command | -| execSeries.js:3:20:3:22 | arr | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | -| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr | -| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | -| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:6:14:6:16 | arr [0] | -| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | execSeries.js:6:14:6:16 | arr [0] | -| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | execSeries.js:6:14:6:16 | arr | -| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] | -| execSeries.js:6:14:6:16 | arr [0] | execSeries.js:6:14:6:21 | arr[i++] | -| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command | -| execSeries.js:13:19:13:26 | commands | execSeries.js:14:13:14:20 | commands | -| execSeries.js:13:19:13:26 | commands [0] | execSeries.js:14:13:14:20 | commands [0] | -| execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr | -| execSeries.js:14:13:14:20 | commands [0] | execSeries.js:3:20:3:22 | arr [0] | -| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | -| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd | -| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:7:18:58 | cmd | -| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | -| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands | -| execSeries.js:19:12:19:16 | [cmd] [0] | execSeries.js:13:19:13:26 | commands [0] | -| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] | -| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] [0] | -| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | -| form-parsers.js:13:21:13:24 | file | form-parsers.js:14:21:14:24 | file | -| form-parsers.js:14:21:14:24 | file | form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename | -| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | -| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields | -| form-parsers.js:36:21:36:26 | fields | form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields | -| form-parsers.js:41:21:41:26 | fields | form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields | -| form-parsers.js:53:21:53:26 | fields | form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part | -| form-parsers.js:59:21:59:24 | part | form-parsers.js:59:10:59:33 | "touch ... ilename | -| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd | -| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd | -| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd | -| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd | -| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd | -| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd | -| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd | -| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd | -| other.js:5:15:5:38 | url.par ... , true) | other.js:5:9:5:49 | cmd | -| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | +| actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title | provenance | | +| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | provenance | | +| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | provenance | | +| actions.js:18:9:18:63 | head_ref | actions.js:19:22:19:29 | head_ref | provenance | | +| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | provenance | | +| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:25:21:25:23 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:57:46:57:48 | cmd | provenance | | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:9:6:49 | cmd | provenance | | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | provenance | | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | provenance | | +| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd | provenance | | +| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | provenance | | +| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | provenance | | +| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | | +| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | | +| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | | +| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] | provenance | | +| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | provenance | | +| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | provenance | | +| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | provenance | | +| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:9:73:49 | cmd | provenance | | +| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | provenance | | +| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | provenance | | +| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | provenance | | +| exec-sh2.js:14:9:14:49 | cmd | exec-sh2.js:15:12:15:14 | cmd | provenance | | +| exec-sh2.js:14:15:14:38 | url.par ... , true) | exec-sh2.js:14:9:14:49 | cmd | provenance | | +| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) | provenance | | +| exec-sh2.js:15:12:15:14 | cmd | exec-sh2.js:9:17:9:23 | command | provenance | | +| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command | provenance | | +| exec-sh.js:19:9:19:49 | cmd | exec-sh.js:20:12:20:14 | cmd | provenance | | +| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:9:19:49 | cmd | provenance | | +| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | provenance | | +| exec-sh.js:20:12:20:14 | cmd | exec-sh.js:13:17:13:23 | command | provenance | | +| execSeries.js:3:20:3:22 | arr | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | provenance | | +| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr | provenance | | +| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | provenance | | +| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:6:14:6:16 | arr [0] | provenance | | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | execSeries.js:6:14:6:16 | arr [0] | provenance | | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | execSeries.js:6:14:6:16 | arr | provenance | | +| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] | provenance | | +| execSeries.js:6:14:6:16 | arr [0] | execSeries.js:6:14:6:21 | arr[i++] | provenance | | +| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command | provenance | | +| execSeries.js:13:19:13:26 | commands | execSeries.js:14:13:14:20 | commands | provenance | | +| execSeries.js:13:19:13:26 | commands [0] | execSeries.js:14:13:14:20 | commands [0] | provenance | | +| execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr | provenance | | +| execSeries.js:14:13:14:20 | commands [0] | execSeries.js:3:20:3:22 | arr [0] | provenance | | +| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | provenance | | +| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd | provenance | | +| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:7:18:58 | cmd | provenance | | +| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | provenance | | +| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands | provenance | | +| execSeries.js:19:12:19:16 | [cmd] [0] | execSeries.js:13:19:13:26 | commands [0] | provenance | | +| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] | provenance | | +| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] [0] | provenance | | +| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | provenance | | +| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | provenance | | +| form-parsers.js:13:21:13:24 | file | form-parsers.js:14:21:14:24 | file | provenance | | +| form-parsers.js:14:21:14:24 | file | form-parsers.js:14:10:14:37 | "touch ... nalname | provenance | | +| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename | provenance | | +| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | provenance | | +| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields | provenance | | +| form-parsers.js:36:21:36:26 | fields | form-parsers.js:36:10:36:31 | "touch ... ds.name | provenance | | +| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields | provenance | | +| form-parsers.js:41:21:41:26 | fields | form-parsers.js:41:10:41:31 | "touch ... ds.name | provenance | | +| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields | provenance | | +| form-parsers.js:53:21:53:26 | fields | form-parsers.js:53:10:53:31 | "touch ... ds.name | provenance | | +| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part | provenance | | +| form-parsers.js:59:21:59:24 | part | form-parsers.js:59:10:59:33 | "touch ... ilename | provenance | | +| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd | provenance | | +| other.js:5:15:5:38 | url.par ... , true) | other.js:5:9:5:49 | cmd | provenance | | +| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | provenance | | +| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | provenance | | nodes | actions.js:8:9:8:57 | title | semmle.label | title | | actions.js:8:17:8:57 | github. ... t.title | semmle.label | github. ... t.title | From 90f0e07e49421797b23ed244b93ad69c87ecb54b Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 27 Jun 2024 11:56:22 +0200 Subject: [PATCH 218/223] JS: Benign update after fixing PropertyName charpred --- .../InterProceduralFlow/tests.expected | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected index 94fe390a0465..aab7951f4804 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected +++ b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected @@ -48,6 +48,11 @@ dataFlow | partial.js:6:15:6:24 | "tainted2" | partial.js:42:15:42:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:48:15:48:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:54:15:54:15 | y | +| promises.js:2:16:2:24 | "tainted" | promises.js:7:16:7:18 | val | +| promises.js:2:16:2:24 | "tainted" | promises.js:38:32:38:32 | v | +| promises.js:11:22:11:31 | "resolved" | promises.js:19:20:19:20 | v | +| promises.js:12:22:12:31 | "rejected" | promises.js:21:20:21:20 | v | +| promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | | properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | @@ -128,6 +133,11 @@ taintTracking | partial.js:6:15:6:24 | "tainted2" | partial.js:42:15:42:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:48:15:48:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:54:15:54:15 | y | +| promises.js:2:16:2:24 | "tainted" | promises.js:7:16:7:18 | val | +| promises.js:2:16:2:24 | "tainted" | promises.js:38:32:38:32 | v | +| promises.js:11:22:11:31 | "resolved" | promises.js:19:20:19:20 | v | +| promises.js:12:22:12:31 | "rejected" | promises.js:21:20:21:20 | v | +| promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | | properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | @@ -227,6 +237,11 @@ germanFlow | partial.js:6:15:6:24 | "tainted2" | partial.js:42:15:42:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:48:15:48:15 | y | | partial.js:6:15:6:24 | "tainted2" | partial.js:54:15:54:15 | y | +| promises.js:2:16:2:24 | "tainted" | promises.js:7:16:7:18 | val | +| promises.js:2:16:2:24 | "tainted" | promises.js:38:32:38:32 | v | +| promises.js:11:22:11:31 | "resolved" | promises.js:19:20:19:20 | v | +| promises.js:12:22:12:31 | "rejected" | promises.js:21:20:21:20 | v | +| promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | | properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | From c3806a2210a9f4ce8c21f36c7cf3ba63f3114d5e Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 27 Jun 2024 11:59:56 +0200 Subject: [PATCH 219/223] JS: Messy test output updates These initially got messed up by a merge conflict where I couldn't rerun the tests due to breaking changes in the data flow library. I wanted the breaking-change updates to live in their own commits, not just eaten by a merge resolution commit, so the test output became broken for a while. The '#select' result set is unchanged in all of these, so they should be safe to accept. --- .../CWE-022/TaintedPath/TaintedPath.expected | 5324 ++--------------- .../Security/CWE-079/DomBasedXss/Xss.expected | 2311 ++----- .../XssWithAdditionalSources.expected | 2395 ++------ .../ExceptionXss/ExceptionXss.expected | 148 +- .../ReflectedXss/ReflectedXss.expected | 810 +-- .../CWE-079/StoredXss/StoredXss.expected | 82 +- .../UnsafeHtmlConstruction.expected | 81 +- .../CWE-089/untyped/SqlInjection.expected | 704 +-- .../CWE-312/BuildArtifactLeak.expected | 83 +- 9 files changed, 2540 insertions(+), 9398 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index f226bc698401..fcc9e4dd3b2a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -1,5 +1,4 @@ nodes -<<<<<<< HEAD | TaintedPath-es6.js:7:7:7:44 | path | semmle.label | path | | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | semmle.label | parse(req.url, true) | | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | semmle.label | parse(r ... ).query | @@ -139,6 +138,13 @@ nodes | TaintedPath.js:212:31:212:34 | path | semmle.label | path | | TaintedPath.js:213:45:213:48 | path | semmle.label | path | | TaintedPath.js:214:35:214:38 | path | semmle.label | path | +| examples/TaintedPath.js:8:7:8:52 | filePath | semmle.label | filePath | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | semmle.label | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | semmle.label | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| examples/TaintedPath.js:8:28:8:34 | req.url | semmle.label | req.url | +| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | semmle.label | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | semmle.label | filePath | | express.js:8:20:8:32 | req.query.bar | semmle.label | req.query.bar | | handlebars.js:10:51:10:58 | filePath | semmle.label | filePath | | handlebars.js:11:32:11:39 | filePath | semmle.label | filePath | @@ -486,4898 +492,432 @@ nodes | typescript.ts:30:15:30:18 | path | semmle.label | path | | typescript.ts:32:29:32:33 | path6 | semmle.label | path6 | | views.js:1:43:1:55 | req.params[0] | semmle.label | req.params[0] | -======= -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:24:6:27 | name | -| torrents.js:6:24:6:27 | name | -| torrents.js:6:24:6:27 | name | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | ->>>>>>> main edges -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -<<<<<<< HEAD -======= -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | ->>>>>>> main -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:73:8:73:11 | path | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:73:8:73:11 | path | other-fs-libraries.js:75:15:75:15 | x | -| other-fs-libraries.js:75:15:75:15 | x | other-fs-libraries.js:76:19:76:19 | x | -| other-fs-libraries.js:81:7:81:48 | path | other-fs-libraries.js:83:16:83:19 | path | -| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | other-fs-libraries.js:81:14:81:43 | url.par ... ).query | -| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | -| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | other-fs-libraries.js:81:7:81:48 | path | -| other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:81:14:81:37 | url.par ... , true) | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:21:27:21:34 | filepath | -| sharedlib-repro.js:21:27:21:34 | filepath | sharedlib-repro.js:22:18:22:25 | filepath | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-promise-steps.js:6:7:6:48 | path | tainted-promise-steps.js:7:26:7:29 | path | -| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | tainted-promise-steps.js:6:7:6:48 | path | -| tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | -| tainted-promise-steps.js:7:26:7:29 | path | tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | -| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | -| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | -| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:19:11:35 | await pathPromise | -| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:20:12:23 | path | -| tainted-promise-steps.js:12:20:12:23 | path | tainted-promise-steps.js:12:44:12:47 | path | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | -| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | +| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | provenance | | +| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | provenance | Config | +| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | provenance | Config | +| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | provenance | | +| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | provenance | Config | +| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | provenance | Config | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | provenance | | +| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | provenance | | +| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | provenance | Config | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | provenance | | +| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | provenance | Config | +| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | provenance | | +| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | provenance | Config | +| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | provenance | Config | +| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | provenance | Config | +| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | provenance | Config | +| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | provenance | Config | +| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | provenance | Config | +| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | provenance | Config | +| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | provenance | Config | +| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | provenance | Config | +| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | provenance | Config | +| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | provenance | Config | +| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | provenance | Config | +| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | provenance | Config | +| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | provenance | | +| TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | provenance | Config | +| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | provenance | Config | +| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | provenance | | +| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | provenance | | +| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | provenance | Config | +| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | provenance | | +| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | provenance | Config | +| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | provenance | Config | +| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | provenance | Config | +| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | provenance | | +| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | provenance | | +| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | provenance | Config | +| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | provenance | | +| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | provenance | Config | +| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | provenance | | +| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | provenance | | +| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | provenance | | +| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | provenance | | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | provenance | | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | provenance | | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | provenance | | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | provenance | | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | provenance | | +| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | provenance | Config | +| TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | provenance | | +| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | provenance | Config | +| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | provenance | Config | +| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | provenance | Config | +| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | provenance | Config | +| TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | provenance | | +| TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | provenance | | +| TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | provenance | Config | +| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | provenance | Config | +| TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | provenance | | +| TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | provenance | Config | +| TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | provenance | | +| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | provenance | Config | +| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | provenance | Config | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | provenance | | +| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | provenance | | +| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | provenance | Config | +| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | provenance | Config | +| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | provenance | Config | +| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | provenance | Config | +| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | provenance | Config | +| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | provenance | Config | +| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | provenance | Config | +| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | provenance | Config | +| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | provenance | Config | +| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | provenance | Config | +| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | provenance | | +| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | provenance | | +| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | provenance | | +| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | provenance | | +| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | provenance | Config | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | provenance | | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | provenance | Config | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | provenance | Config | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | provenance | | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | provenance | Config | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | provenance | Config | +| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | provenance | | +| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | provenance | | +| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | provenance | | +| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | provenance | | +| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | provenance | | +| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | provenance | Config | +| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | provenance | Config | +| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | provenance | Config | +| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:24:26:24:29 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:27:53:27:56 | path | provenance | | +| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | provenance | | +| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | provenance | Config | +| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | provenance | Config | +| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | provenance | Config | +| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | provenance | | +| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | provenance | | +| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | normalizedPaths.js:31:7:31:49 | path | provenance | | +| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | provenance | | +| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:63:19:63:22 | path | provenance | | +| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | provenance | | +| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | normalizedPaths.js:54:7:54:49 | path | provenance | | +| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | provenance | Config | +| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | provenance | | +| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | provenance | | +| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | provenance | Config | +| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | provenance | | +| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:90:31:90:34 | path | provenance | | +| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | provenance | | +| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | provenance | | +| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | normalizedPaths.js:94:7:94:49 | path | provenance | | +| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | provenance | | +| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | provenance | | +| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | provenance | | +| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | provenance | Config | +| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | provenance | Config | +| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | provenance | | +| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | provenance | | +| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | provenance | | +| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | provenance | | +| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | provenance | | +| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | provenance | | +| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | normalizedPaths.js:148:7:148:58 | path | provenance | | +| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | provenance | Config | +| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | provenance | | +| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | provenance | | +| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | normalizedPaths.js:160:7:160:49 | path | provenance | | +| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:194:21:194:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | provenance | | +| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | provenance | | +| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | provenance | | +| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | provenance | | +| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | provenance | | +| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | provenance | | +| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | provenance | | +| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | provenance | | +| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | provenance | | +| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | provenance | | +| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | provenance | Config | +| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | provenance | | +| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | provenance | Config | +| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | normalizedPaths.js:226:7:226:70 | path | provenance | | +| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | provenance | | +| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | provenance | | +| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | provenance | | +| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | provenance | | +| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | provenance | | +| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | provenance | | +| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | provenance | | +| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | provenance | | +| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | provenance | | +| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | provenance | | +| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | provenance | | +| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | provenance | | +| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | provenance | | +| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | provenance | | +| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | provenance | | +| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | provenance | | +| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | provenance | | +| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | provenance | | +| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | provenance | | +| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | provenance | | +| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | provenance | | +| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | provenance | | +| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | provenance | | +| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | provenance | | +| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | provenance | | +| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | provenance | | +| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | provenance | | +| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | provenance | | +| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | provenance | | +| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | provenance | | +| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | provenance | Config | +| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | provenance | | +| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | provenance | | +| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | provenance | | +| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | provenance | Config | +| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | provenance | Config | +| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | provenance | Config | +| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | provenance | Config | +| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | provenance | Config | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | provenance | | +| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | provenance | | +| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | provenance | | +| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | provenance | | +| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | provenance | | +| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | provenance | | +| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | provenance | | +| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | provenance | | +| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | provenance | | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | provenance | | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | provenance | | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:73:8:73:11 | path | provenance | | +| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | provenance | | +| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:73:8:73:11 | path | other-fs-libraries.js:75:15:75:15 | x | provenance | | +| other-fs-libraries.js:75:15:75:15 | x | other-fs-libraries.js:76:19:76:19 | x | provenance | | +| other-fs-libraries.js:81:7:81:48 | path | other-fs-libraries.js:83:16:83:19 | path | provenance | | +| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | other-fs-libraries.js:81:14:81:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | other-fs-libraries.js:81:7:81:48 | path | provenance | | +| other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:81:14:81:37 | url.par ... , true) | provenance | Config | +| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | provenance | | +| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | provenance | | +| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | provenance | | +| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | provenance | | +| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | provenance | | +| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | provenance | | +| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | provenance | Config | +| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:21:27:21:34 | filepath | provenance | | +| sharedlib-repro.js:21:27:21:34 | filepath | sharedlib-repro.js:22:18:22:25 | filepath | provenance | | +| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | provenance | | +| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | provenance | | +| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | provenance | Config | +| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | provenance | Config | +| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | provenance | | +| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | provenance | Config | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | provenance | | +| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:7:10:36 | obj | provenance | | +| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | provenance | Config | +| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | provenance | Config | +| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | provenance | Config | +| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | provenance | Config | +| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | provenance | Config | +| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | provenance | | +| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | provenance | Config | +| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | provenance | Config | +| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | provenance | | +| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | provenance | Config | +| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | provenance | | +| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | provenance | Config | +| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | provenance | Config | +| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | provenance | | +| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | provenance | Config | +| tainted-promise-steps.js:6:7:6:48 | path | tainted-promise-steps.js:7:26:7:29 | path | provenance | | +| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | provenance | Config | +| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | provenance | Config | +| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | tainted-promise-steps.js:6:7:6:48 | path | provenance | | +| tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | provenance | Config | +| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | provenance | | +| tainted-promise-steps.js:7:26:7:29 | path | tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | provenance | | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | provenance | | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | provenance | | +| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:19:11:35 | await pathPromise | provenance | | +| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:20:12:23 | path | provenance | | +| tainted-promise-steps.js:12:20:12:23 | path | tainted-promise-steps.js:12:44:12:47 | path | provenance | | +| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | provenance | Config | +| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | provenance | Config | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | provenance | | +| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | provenance | Config | +| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | provenance | Config | +| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | provenance | | +| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | provenance | Config | +| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | provenance | Config | +| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | provenance | Config | +| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | provenance | Config | +| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | provenance | Config | +| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | provenance | Config | +| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | provenance | Config | +| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | provenance | Config | +| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | provenance | Config | +| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | provenance | Config | +| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | provenance | Config | +| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | provenance | Config | +| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | provenance | Config | +| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | provenance | Config | +| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | provenance | Config | +| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | provenance | Config | +| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | provenance | Config | +| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | provenance | Config | +| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | provenance | Config | +| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | provenance | | +| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | provenance | | +| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | provenance | | +| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | provenance | | +| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | provenance | Config | +| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | provenance | | +| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | provenance | Config | +| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | provenance | Config | +| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | provenance | | +| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | provenance | Config | +| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | provenance | | +| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | provenance | | +| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | provenance | | +| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | provenance | | +| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | provenance | | +| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | provenance | | subpaths #select | TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:10:26:10:45 | join("public", path) | This path depends on a $@. | TaintedPath-es6.js:7:20:7:26 | req.url | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected index 893754ab47d6..46dbe7ac4313 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected @@ -1,5 +1,4 @@ nodes -<<<<<<< HEAD | addEventListener.js:1:43:1:47 | event | semmle.label | event | | addEventListener.js:2:20:2:24 | event | semmle.label | event | | addEventListener.js:2:20:2:29 | event.data | semmle.label | event.data | @@ -329,6 +328,10 @@ nodes | tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name | | tooltip.jsx:10:25:10:30 | source | semmle.label | source | | tooltip.jsx:11:25:11:30 | source | semmle.label | source | +| tooltip.jsx:18:51:18:59 | provide() | semmle.label | provide() | +| tooltip.jsx:22:11:22:30 | source | semmle.label | source | +| tooltip.jsx:22:20:22:30 | window.name | semmle.label | window.name | +| tooltip.jsx:23:38:23:43 | source | semmle.label | source | | translate.js:6:7:6:39 | target | semmle.label | target | | translate.js:6:16:6:39 | documen ... .search | semmle.label | documen ... .search | | translate.js:7:7:7:61 | searchParams | semmle.label | searchParams | @@ -621,1725 +624,595 @@ nodes | winjs.js:2:17:2:53 | documen ... ring(1) | semmle.label | documen ... ring(1) | | winjs.js:3:43:3:49 | tainted | semmle.label | tainted | | winjs.js:4:43:4:49 | tainted | semmle.label | tainted | -======= -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | -| classnames.js:17:53:17:63 | window.name | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | -| dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | -| dates.js:11:63:11:67 | taint | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | -| dates.js:12:66:12:70 | taint | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | -| dates.js:13:59:13:63 | taint | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | -| dates.js:16:62:16:66 | taint | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | -| dates.js:18:59:18:63 | taint | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | -| dates.js:21:61:21:65 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | -| dates.js:37:77:37:81 | taint | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | -| dates.js:38:77:38:81 | taint | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | -| dates.js:39:79:39:83 | taint | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | -| dates.js:40:77:40:81 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | -| dates.js:48:83:48:87 | taint | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | -| dates.js:49:82:49:86 | taint | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | -| dates.js:50:97:50:101 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | -| dates.js:57:94:57:98 | taint | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | -| dates.js:59:80:59:84 | taint | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | -| dates.js:61:81:61:85 | taint | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | -| event-handler-receiver.js:2:49:2:61 | location.href | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:31 | location.toString() | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:21:5:21:8 | hash | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | -| nodemailer.js:13:50:13:66 | req.query.message | -| optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:45:51:45:56 | target | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | -| react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:8:21:8:26 | router | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:11:24:11:29 | router | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | -| react-use-router.js:22:17:22:22 | router | -| react-use-router.js:23:43:23:48 | router | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:29:9:29:30 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-router.js:33:21:33:26 | router | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:23:38:23:43 | source | -| translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:7:7:7:61 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:47 | target | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:9:27:9:38 | searchParams | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:4:25:4:28 | data | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | -| tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:5:18:5:23 | target | -| tst.js:5:18:5:23 | target | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | -| tst.js:17:7:17:56 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | -| tst.js:17:25:17:41 | document.location | -| tst.js:18:18:18:23 | params | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:47 | target | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:21:18:21:29 | searchParams | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | -| tst.js:26:18:26:23 | target | -| tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:34:16:34:20 | bar() | -| tst.js:34:16:34:20 | bar() | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | -| tst.js:60:34:60:34 | s | -| tst.js:62:18:62:18 | s | -| tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:68:16:68:20 | bar() | -| tst.js:68:16:68:20 | bar() | -| tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:46:70:46 | x | -| tst.js:73:20:73:20 | x | -| tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:151:29:151:29 | v | -| tst.js:151:49:151:49 | v | -| tst.js:151:49:151:49 | v | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:180:28:180:33 | target | -| tst.js:180:28:180:33 | target | -| tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:186:31:186:37 | tainted | -| tst.js:186:31:186:37 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:199:67:199:73 | tainted | -| tst.js:199:67:199:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:204:35:204:41 | tainted | -| tst.js:206:46:206:52 | tainted | -| tst.js:207:38:207:44 | tainted | -| tst.js:208:35:208:41 | tainted | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:236:35:236:41 | tainted | -| tst.js:238:20:238:26 | tainted | -| tst.js:240:23:240:29 | tainted | -| tst.js:241:23:241:29 | tainted | -| tst.js:247:39:247:55 | props.propTainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:301:9:301:16 | location | -| tst.js:301:9:301:16 | location | -| tst.js:302:10:302:10 | e | -| tst.js:303:20:303:20 | e | -| tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | -| tst.js:308:10:308:17 | location | -| tst.js:310:10:310:10 | e | -| tst.js:311:20:311:20 | e | -| tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | -| tst.js:327:18:327:34 | document.location | -| tst.js:331:7:331:43 | params | -| tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:332:18:332:23 | params | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | -| tst.js:341:20:341:36 | document.location | -| tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:349:12:349:17 | target | -| tst.js:349:12:349:17 | target | -| tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:356:16:356:21 | target | -| tst.js:356:16:356:21 | target | -| tst.js:360:21:360:26 | target | -| tst.js:360:21:360:26 | target | -| tst.js:363:18:363:23 | target | -| tst.js:363:18:363:23 | target | -| tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:374:18:374:23 | target | -| tst.js:374:18:374:23 | target | -| tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:384:18:384:23 | target | -| tst.js:384:18:384:23 | target | -| tst.js:386:18:386:23 | target | -| tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | -| tst.js:408:19:408:31 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:419:7:419:55 | match | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:421:20:421:24 | match | -| tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:430:18:430:23 | target | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:440:28:440:33 | source | -| tst.js:440:28:440:33 | source | -| tst.js:441:33:441:38 | source | -| tst.js:441:33:441:38 | source | -| tst.js:442:34:442:39 | source | -| tst.js:442:34:442:39 | source | -| tst.js:443:41:443:46 | source | -| tst.js:443:41:443:46 | source | -| tst.js:444:44:444:49 | source | -| tst.js:444:44:444:49 | source | -| tst.js:445:32:445:37 | source | -| tst.js:445:32:445:37 | source | -| tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:455:18:455:23 | source | -| tst.js:455:18:455:23 | source | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | -| tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:463:21:463:26 | source | -| tst.js:463:21:463:26 | source | -| tst.js:465:19:465:24 | source | -| tst.js:465:19:465:24 | source | -| tst.js:467:20:467:25 | source | -| tst.js:467:20:467:25 | source | -| tst.js:471:7:471:46 | url | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:473:19:473:21 | url | -| tst.js:473:19:473:21 | url | -| tst.js:474:26:474:28 | url | -| tst.js:474:26:474:28 | url | -| tst.js:475:25:475:27 | url | -| tst.js:475:25:475:27 | url | -| tst.js:476:20:476:22 | url | -| tst.js:476:20:476:22 | url | -| tst.js:486:22:486:24 | url | -| tst.js:486:22:486:24 | url | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | -| tst.js:501:43:501:62 | window.location.hash | -| typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:21:12:21:17 | target | -| typeahead.js:24:30:24:32 | val | -| typeahead.js:25:18:25:20 | val | -| typeahead.js:25:18:25:20 | val | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | -| v-html.vue:6:42:6:58 | document.location | -| various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:44 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:12:4:12:34 | ["
"] | -| various-concat-obfuscations.js:12:4:12:41 | ["
>>>>>> main edges -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | -| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | -| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | -| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | -| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | -| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:23:31:23:36 | [post update] router | react-use-router.js:23:43:23:48 | router | -| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:25:29:25:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:28:29:28:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:35:29:35:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:25:29:25:35 | tainted | sanitiser.js:25:21:25:44 | '' + ... '' | -| sanitiser.js:28:29:28:35 | tainted | sanitiser.js:28:21:28:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:35:29:35:35 | tainted | sanitiser.js:35:21:35:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | -| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | -| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | -| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | -| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | -| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | -| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | -| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | -| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | -| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | -| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:207:38:207:44 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:208:35:208:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | -| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | -| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | -| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | -| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | -| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | -| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | -| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | -| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | -| tst.js:381:7:381:39 | target [taint3] | tst.js:392:18:392:23 | target [taint3] | -| tst.js:381:7:381:39 | target [taint8] | tst.js:408:19:408:24 | target [taint8] | -| tst.js:381:7:381:39 | target [taint8] | tst.js:409:18:409:23 | target [taint8] | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:381:7:381:39 | target [taint3] | -| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | -| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:381:7:381:39 | target [taint8] | -| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | -| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | -| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | -| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '
' | -| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | -| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | -| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | -| various-concat-obfuscations.js:18:10:18:59 | '
') | -| various-concat-obfuscations.js:18:10:18:88 | '
') | -| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | -| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | -| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '
` | provenance | | +| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | provenance | | +| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | provenance | | +| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | provenance | | +| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | provenance | | +| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | provenance | | +| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | provenance | | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | provenance | | +| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | provenance | | +| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | provenance | | +| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | provenance | | +| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | provenance | | +| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | provenance | | +| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | provenance | | +| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | provenance | | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | provenance | | +| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | provenance | | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | provenance | | +| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | provenance | | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | provenance | | +| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | provenance | | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | provenance | | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | Config | +| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | | +| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | | +| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | Config | +| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | | +| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | Config | +| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | | +| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | Config | +| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | | +| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | Config | +| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | | +| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | Config | +| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | | +| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | Config | +| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | | +| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | Config | +| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | | +| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | Config | +| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | | +| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | Config | +| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | | +| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | Config | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | Config | +| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | | +| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | Config | +| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | provenance | | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | Config | +| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | | +| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | | +| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | | +| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | Config | +| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | | +| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | | +| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | Config | +| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | | +| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | Config | +| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | | +| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | Config | +| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | | +| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | | +| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | Config | +| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | provenance | | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | Config | +| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | | +| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | | +| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | Config | +| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | | +| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | Config | +| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | | +| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | Config | +| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | | +| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | Config | +| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | | +| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | Config | +| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | | +| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | Config | +| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | provenance | | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | Config | +| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | | +| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | | +| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | Config | +| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | | +| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | Config | +| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | | +| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | Config | +| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | | +| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | Config | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | Config | +| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | | +| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | Config | +| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | provenance | | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | provenance | | +| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | provenance | | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | provenance | | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | provenance | | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | Config | +| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | provenance | | +| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | provenance | | +| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | provenance | Config | +| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | | +| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | Config | +| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | | +| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | Config | +| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | provenance | Config | +| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | | +| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | Config | +| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | | +| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | Config | +| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | | +| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | Config | +| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | | +| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | Config | +| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | provenance | | +| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | provenance | | +| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | provenance | Config | +| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | provenance | Config | +| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | provenance | Config | +| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | provenance | Config | +| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | provenance | Config | +| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | provenance | Config | +| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | provenance | Config | +| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | provenance | Config | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | provenance | | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | provenance | | +| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | provenance | | +| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | provenance | | +| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | provenance | | +| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | provenance | | +| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | provenance | | +| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | provenance | | +| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | provenance | | +| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | provenance | | +| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | provenance | | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | provenance | | +| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | provenance | | +| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | provenance | | +| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | provenance | | +| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | provenance | | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | provenance | | +| optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | provenance | | +| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | provenance | | +| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | provenance | | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | provenance | | +| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | provenance | | +| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | provenance | | +| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | provenance | | +| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | provenance | | +| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | provenance | | +| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | provenance | | +| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | provenance | | +| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | provenance | | +| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | provenance | | +| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | provenance | | +| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | provenance | | +| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | provenance | | +| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | provenance | | +| react-use-router.js:23:31:23:36 | [post update] router | react-use-router.js:23:43:23:48 | router | provenance | | +| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | provenance | | +| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | provenance | | +| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router | provenance | | +| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | provenance | | +| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | provenance | | +| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | provenance | | +| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | provenance | | +| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | provenance | | +| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | provenance | | +| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | provenance | | +| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | provenance | | +| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | provenance | | +| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | provenance | | +| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | provenance | | +| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | provenance | | +| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:25:29:25:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:28:29:28:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:35:29:35:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | provenance | | +| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | provenance | | +| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | provenance | | +| sanitiser.js:25:29:25:35 | tainted | sanitiser.js:25:21:25:44 | '' + ... '' | provenance | | +| sanitiser.js:28:29:28:35 | tainted | sanitiser.js:28:21:28:44 | '' + ... '' | provenance | | +| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | provenance | | +| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | provenance | | +| sanitiser.js:35:29:35:35 | tainted | sanitiser.js:35:21:35:44 | '' + ... '' | provenance | | +| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | provenance | | +| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | provenance | | +| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | provenance | | +| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | | +| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | Config | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | Config | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | Config | +| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | provenance | | +| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | Config | +| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | | +| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | Config | +| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | | +| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | Config | +| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | | +| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | Config | +| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | | +| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | Config | +| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | | +| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | Config | +| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | | +| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | Config | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | provenance | | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | provenance | | +| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | provenance | | +| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | provenance | | +| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | provenance | | +| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | provenance | | +| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | provenance | | +| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | provenance | | +| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | provenance | | +| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | provenance | | +| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | | +| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | Config | +| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | provenance | | +| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | provenance | Config | +| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | provenance | | +| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | provenance | | +| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | provenance | | +| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | provenance | | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | provenance | | +| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | provenance | Config | +| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | provenance | | +| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | provenance | | +| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | provenance | | +| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | provenance | | +| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | provenance | | +| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | provenance | | +| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | provenance | | +| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | Config | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | Config | +| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | provenance | Config | +| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | provenance | | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | provenance | | +| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | provenance | | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | provenance | | +| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | provenance | | +| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | provenance | Config | +| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | provenance | | +| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | provenance | | +| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | | +| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config | +| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | provenance | | +| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | provenance | Config | +| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | provenance | | +| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | provenance | | +| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | provenance | | +| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | Config | +| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | Config | +| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | Config | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | Config | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | Config | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | Config | +| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | provenance | | +| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | | +| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | Config | +| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | provenance | | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | Config | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | provenance | | +| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | provenance | | +| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | provenance | | +| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | Config | +| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | provenance | | +| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | provenance | | +| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | provenance | | +| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | provenance | | +| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | provenance | | +| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | provenance | | +| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:207:38:207:44 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:208:35:208:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | | +| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | | +| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | | +| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | Config | +| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | | +| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | Config | +| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | | +| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | Config | +| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | | +| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | Config | +| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | | +| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | | +| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | | +| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | | +| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | | +| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | Config | +| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | | +| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | | +| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | provenance | | +| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | provenance | | +| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | provenance | | +| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | provenance | | +| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | provenance | | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | provenance | | +| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | provenance | | +| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | provenance | | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | provenance | | +| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | provenance | | +| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | provenance | Config | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | provenance | | +| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | provenance | | +| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | provenance | | +| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | provenance | Config | +| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | provenance | | +| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | provenance | | +| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance | | +| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance | | +| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | provenance | | +| tst.js:381:7:381:39 | target [taint3] | tst.js:392:18:392:23 | target [taint3] | provenance | | +| tst.js:381:7:381:39 | target [taint8] | tst.js:408:19:408:24 | target [taint8] | provenance | | +| tst.js:381:7:381:39 | target [taint8] | tst.js:409:18:409:23 | target [taint8] | provenance | | +| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | provenance | | +| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | | +| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | Config | +| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:381:7:381:39 | target [taint3] | provenance | | +| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | provenance | | +| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | provenance | | +| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | | +| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | Config | +| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | | +| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | Config | +| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:381:7:381:39 | target [taint8] | provenance | | +| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | Config | +| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | provenance | | +| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | provenance | | +| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | Config | +| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | provenance | | +| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | provenance | | +| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | | +| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | Config | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | | +| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | | +| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | Config | +| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | | +| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | Config | +| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | | +| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config | +| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | | +| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | | +| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | | +| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | Config | +| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | provenance | | +| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | provenance | | +| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | provenance | | +| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | | +| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | Config | +| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | provenance | | +| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | provenance | | +| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | provenance | | +| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | provenance | Config | +| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | provenance | | +| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | provenance | Config | +| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | provenance | Config | +| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | | +| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | Config | +| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | | +| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | | +| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | | +| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | Config | +| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | provenance | | +| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | provenance | Config | +| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | provenance | Config | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | provenance | | +| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | provenance | Config | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | provenance | | +| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | provenance | Config | +| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | provenance | Config | +| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | provenance | Config | +| various-concat-obfuscations.js:11:4:11:31 | "
") | provenance | | +| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | provenance | Config | +| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | provenance | | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '
' | provenance | Config | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | Config | +| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | provenance | | +| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | provenance | | +| various-concat-obfuscations.js:18:10:18:59 | '
') | provenance | | +| various-concat-obfuscations.js:18:10:18:88 | '
') | provenance | | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | Config | +| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '
` | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | -| classnames.js:17:53:17:63 | window.name | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | -| dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | -| dates.js:11:63:11:67 | taint | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | -| dates.js:12:66:12:70 | taint | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | -| dates.js:13:59:13:63 | taint | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | -| dates.js:16:62:16:66 | taint | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | -| dates.js:18:59:18:63 | taint | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | -| dates.js:21:61:21:65 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | -| dates.js:37:77:37:81 | taint | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | -| dates.js:38:77:38:81 | taint | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | -| dates.js:39:79:39:83 | taint | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | -| dates.js:40:77:40:81 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | -| dates.js:48:83:48:87 | taint | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | -| dates.js:49:82:49:86 | taint | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | -| dates.js:50:97:50:101 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | -| dates.js:57:94:57:98 | taint | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | -| dates.js:59:80:59:84 | taint | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | -| dates.js:61:81:61:85 | taint | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | -| event-handler-receiver.js:2:49:2:61 | location.href | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:31 | location.toString() | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:21:5:21:8 | hash | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt.js:4:36:4:39 | data | -| jwt.js:4:36:4:39 | data | -| jwt.js:4:36:4:39 | data | -| jwt.js:5:9:5:34 | decoded | -| jwt.js:5:9:5:34 | decoded | -| jwt.js:5:19:5:34 | jwt_decode(data) | -| jwt.js:5:19:5:34 | jwt_decode(data) | -| jwt.js:5:30:5:33 | data | -| jwt.js:5:30:5:33 | data | -| jwt.js:6:14:6:20 | decoded | -| jwt.js:6:14:6:20 | decoded | -| jwt.js:6:14:6:20 | decoded | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | -| nodemailer.js:13:50:13:66 | req.query.message | -| optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:45:51:45:56 | target | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | -| react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:8:21:8:26 | router | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:11:24:11:29 | router | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | -| react-use-router.js:22:17:22:22 | router | -| react-use-router.js:23:43:23:48 | router | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:29:9:29:30 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-router.js:33:21:33:26 | router | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:23:38:23:43 | source | -| translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:7:7:7:61 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:47 | target | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:9:27:9:38 | searchParams | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:4:25:4:28 | data | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | -| tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:5:18:5:23 | target | -| tst.js:5:18:5:23 | target | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | -| tst.js:17:7:17:56 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | -| tst.js:17:25:17:41 | document.location | -| tst.js:18:18:18:23 | params | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:47 | target | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:21:18:21:29 | searchParams | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | -| tst.js:26:18:26:23 | target | -| tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:34:16:34:20 | bar() | -| tst.js:34:16:34:20 | bar() | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | -| tst.js:60:34:60:34 | s | -| tst.js:62:18:62:18 | s | -| tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:68:16:68:20 | bar() | -| tst.js:68:16:68:20 | bar() | -| tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:46:70:46 | x | -| tst.js:73:20:73:20 | x | -| tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:151:29:151:29 | v | -| tst.js:151:49:151:49 | v | -| tst.js:151:49:151:49 | v | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:180:28:180:33 | target | -| tst.js:180:28:180:33 | target | -| tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:186:31:186:37 | tainted | -| tst.js:186:31:186:37 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:199:67:199:73 | tainted | -| tst.js:199:67:199:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:204:35:204:41 | tainted | -| tst.js:206:46:206:52 | tainted | -| tst.js:207:38:207:44 | tainted | -| tst.js:208:35:208:41 | tainted | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:236:35:236:41 | tainted | -| tst.js:238:20:238:26 | tainted | -| tst.js:240:23:240:29 | tainted | -| tst.js:241:23:241:29 | tainted | -| tst.js:247:39:247:55 | props.propTainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:301:9:301:16 | location | -| tst.js:301:9:301:16 | location | -| tst.js:302:10:302:10 | e | -| tst.js:303:20:303:20 | e | -| tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | -| tst.js:308:10:308:17 | location | -| tst.js:310:10:310:10 | e | -| tst.js:311:20:311:20 | e | -| tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | -| tst.js:327:18:327:34 | document.location | -| tst.js:331:7:331:43 | params | -| tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:332:18:332:23 | params | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | -| tst.js:341:20:341:36 | document.location | -| tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:349:12:349:17 | target | -| tst.js:349:12:349:17 | target | -| tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:356:16:356:21 | target | -| tst.js:356:16:356:21 | target | -| tst.js:360:21:360:26 | target | -| tst.js:360:21:360:26 | target | -| tst.js:363:18:363:23 | target | -| tst.js:363:18:363:23 | target | -| tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:374:18:374:23 | target | -| tst.js:374:18:374:23 | target | -| tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:384:18:384:23 | target | -| tst.js:384:18:384:23 | target | -| tst.js:386:18:386:23 | target | -| tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | -| tst.js:408:19:408:31 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:419:7:419:55 | match | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:421:20:421:24 | match | -| tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:430:18:430:23 | target | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:440:28:440:33 | source | -| tst.js:440:28:440:33 | source | -| tst.js:441:33:441:38 | source | -| tst.js:441:33:441:38 | source | -| tst.js:442:34:442:39 | source | -| tst.js:442:34:442:39 | source | -| tst.js:443:41:443:46 | source | -| tst.js:443:41:443:46 | source | -| tst.js:444:44:444:49 | source | -| tst.js:444:44:444:49 | source | -| tst.js:445:32:445:37 | source | -| tst.js:445:32:445:37 | source | -| tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:455:18:455:23 | source | -| tst.js:455:18:455:23 | source | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | -| tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:463:21:463:26 | source | -| tst.js:463:21:463:26 | source | -| tst.js:465:19:465:24 | source | -| tst.js:465:19:465:24 | source | -| tst.js:467:20:467:25 | source | -| tst.js:467:20:467:25 | source | -| tst.js:471:7:471:46 | url | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:473:19:473:21 | url | -| tst.js:473:19:473:21 | url | -| tst.js:474:26:474:28 | url | -| tst.js:474:26:474:28 | url | -| tst.js:475:25:475:27 | url | -| tst.js:475:25:475:27 | url | -| tst.js:476:20:476:22 | url | -| tst.js:476:20:476:22 | url | -| tst.js:486:22:486:24 | url | -| tst.js:486:22:486:24 | url | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | -| tst.js:501:43:501:62 | window.location.hash | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:21:12:21:17 | target | -| typeahead.js:24:30:24:32 | val | -| typeahead.js:25:18:25:20 | val | -| typeahead.js:25:18:25:20 | val | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | -| v-html.vue:6:42:6:58 | document.location | -| various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:44 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:12:4:12:34 | ["
"] | -| various-concat-obfuscations.js:12:4:12:41 | ["
>>>>>> main edges -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | -| jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | -| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | -| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | -| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | -| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | -| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:23:31:23:36 | [post update] router | react-use-router.js:23:43:23:48 | router | -| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:25:29:25:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:28:29:28:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:35:29:35:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:25:29:25:35 | tainted | sanitiser.js:25:21:25:44 | '' + ... '' | -| sanitiser.js:28:29:28:35 | tainted | sanitiser.js:28:21:28:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:35:29:35:35 | tainted | sanitiser.js:35:21:35:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | -| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | -| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | -| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | -| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | -| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | -| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | -| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | -| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | -| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | -| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:207:38:207:44 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:208:35:208:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | -| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | -| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | -| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | -| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | -| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | -| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | -| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | -| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | -| tst.js:381:7:381:39 | target [taint3] | tst.js:392:18:392:23 | target [taint3] | -| tst.js:381:7:381:39 | target [taint8] | tst.js:408:19:408:24 | target [taint8] | -| tst.js:381:7:381:39 | target [taint8] | tst.js:409:18:409:23 | target [taint8] | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:381:7:381:39 | target [taint3] | -| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | -| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:381:7:381:39 | target [taint8] | -| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | -| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | -| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | -| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '
' | -| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | -| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | -| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | -| various-concat-obfuscations.js:18:10:18:59 | '
') | -| various-concat-obfuscations.js:18:10:18:88 | '
') | -| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | -| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | -| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '
` | provenance | | +| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | provenance | | +| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | provenance | | +| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | provenance | | +| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | provenance | | +| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | provenance | | +| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | provenance | | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | provenance | | +| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | provenance | | +| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | provenance | | +| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | provenance | | +| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | provenance | | +| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | provenance | | +| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | provenance | | +| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | provenance | | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | provenance | | +| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | provenance | | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | provenance | | +| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | provenance | | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | provenance | | +| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | provenance | | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | provenance | | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | Config | +| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | | +| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | | +| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | Config | +| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | | +| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | Config | +| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | | +| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | Config | +| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | | +| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | Config | +| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | | +| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | Config | +| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | | +| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | Config | +| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | | +| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | Config | +| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | | +| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | Config | +| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | | +| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | Config | +| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | | +| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | Config | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | Config | +| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | | +| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | Config | +| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | provenance | | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | Config | +| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | | +| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | | +| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | | +| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | Config | +| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | | +| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | | +| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | Config | +| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | | +| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | Config | +| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | | +| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | Config | +| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | | +| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | | +| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | Config | +| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | provenance | | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | Config | +| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | | +| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | | +| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | Config | +| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | | +| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | Config | +| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | | +| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | Config | +| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | | +| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | Config | +| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | | +| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | Config | +| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | | +| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | Config | +| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | provenance | | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | Config | +| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | | +| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | | +| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | Config | +| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | | +| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | Config | +| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | | +| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | Config | +| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | | +| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | Config | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | Config | +| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | | +| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | Config | +| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | provenance | | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | provenance | | +| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | provenance | | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | provenance | | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | provenance | | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | Config | +| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | provenance | | +| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | provenance | | +| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | provenance | Config | +| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | | +| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | Config | +| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | | +| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | Config | +| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | provenance | Config | +| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | | +| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | Config | +| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | | +| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | Config | +| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | | +| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | Config | +| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | | +| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | Config | +| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | provenance | | +| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | provenance | | +| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | provenance | Config | +| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | provenance | Config | +| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | provenance | Config | +| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | provenance | Config | +| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | provenance | Config | +| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | provenance | Config | +| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | provenance | Config | +| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | provenance | Config | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | provenance | | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | provenance | | +| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | provenance | | +| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | provenance | | +| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | provenance | | +| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | provenance | | +| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | provenance | | +| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | provenance | | +| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | provenance | | +| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | provenance | | +| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | provenance | | +| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | provenance | | +| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | provenance | | +| jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) | provenance | | +| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | provenance | | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | provenance | | +| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | provenance | | +| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | provenance | | +| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | provenance | | +| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | provenance | | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | provenance | | +| optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | provenance | | +| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | provenance | | +| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | provenance | | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | provenance | | +| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | provenance | | +| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | provenance | | +| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | provenance | | +| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | provenance | | +| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | provenance | | +| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | provenance | | +| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | provenance | | +| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | provenance | | +| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | provenance | | +| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | provenance | | +| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | provenance | | +| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | provenance | | +| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | provenance | | +| react-use-router.js:23:31:23:36 | [post update] router | react-use-router.js:23:43:23:48 | router | provenance | | +| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | provenance | | +| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | provenance | | +| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router | provenance | | +| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | provenance | | +| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | provenance | | +| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | provenance | | +| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | provenance | | +| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | provenance | | +| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | provenance | | +| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | provenance | | +| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | provenance | | +| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | provenance | | +| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | provenance | | +| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | provenance | | +| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | provenance | | +| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:25:29:25:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:28:29:28:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:35:29:35:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | provenance | | +| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | provenance | | +| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | provenance | | +| sanitiser.js:25:29:25:35 | tainted | sanitiser.js:25:21:25:44 | '' + ... '' | provenance | | +| sanitiser.js:28:29:28:35 | tainted | sanitiser.js:28:21:28:44 | '' + ... '' | provenance | | +| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | provenance | | +| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | provenance | | +| sanitiser.js:35:29:35:35 | tainted | sanitiser.js:35:21:35:44 | '' + ... '' | provenance | | +| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | provenance | | +| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | provenance | | +| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | provenance | | +| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | | +| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | Config | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | Config | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | Config | +| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | provenance | | +| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | Config | +| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | | +| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | Config | +| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | | +| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | Config | +| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | | +| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | Config | +| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | | +| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | Config | +| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | | +| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | Config | +| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | | +| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | Config | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | provenance | | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | provenance | | +| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | provenance | | +| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | provenance | | +| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | provenance | | +| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | provenance | | +| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | provenance | | +| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | provenance | | +| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | provenance | | +| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | provenance | | +| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | | +| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | Config | +| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | provenance | | +| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | provenance | Config | +| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | provenance | | +| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | provenance | | +| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | provenance | | +| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | provenance | | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | provenance | | +| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | provenance | Config | +| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | provenance | | +| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | provenance | | +| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | provenance | | +| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | provenance | | +| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | provenance | | +| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | provenance | | +| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | provenance | | +| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | Config | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | Config | +| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | provenance | Config | +| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | provenance | | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | provenance | | +| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | provenance | | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | provenance | | +| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | provenance | | +| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | provenance | Config | +| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | provenance | | +| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | provenance | | +| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | | +| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config | +| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | provenance | | +| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | provenance | Config | +| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | provenance | | +| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | provenance | | +| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | provenance | | +| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | Config | +| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | Config | +| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | Config | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | Config | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | Config | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | Config | +| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | provenance | | +| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | | +| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | Config | +| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | provenance | | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | Config | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | provenance | | +| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | provenance | | +| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | provenance | | +| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | Config | +| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | provenance | | +| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | provenance | | +| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | provenance | | +| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | provenance | | +| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | provenance | | +| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | provenance | | +| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:207:38:207:44 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:208:35:208:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | | +| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | | +| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | | +| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | Config | +| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | | +| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | Config | +| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | | +| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | Config | +| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | | +| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | Config | +| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | | +| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | | +| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | | +| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | | +| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | | +| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | Config | +| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | | +| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | | +| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | provenance | | +| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | provenance | | +| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | provenance | | +| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | provenance | | +| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | provenance | | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | provenance | | +| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | provenance | | +| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | provenance | | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | provenance | | +| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | provenance | | +| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | provenance | Config | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | provenance | | +| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | provenance | | +| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | provenance | | +| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | provenance | Config | +| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | provenance | | +| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | provenance | | +| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance | | +| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance | | +| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | provenance | | +| tst.js:381:7:381:39 | target [taint3] | tst.js:392:18:392:23 | target [taint3] | provenance | | +| tst.js:381:7:381:39 | target [taint8] | tst.js:408:19:408:24 | target [taint8] | provenance | | +| tst.js:381:7:381:39 | target [taint8] | tst.js:409:18:409:23 | target [taint8] | provenance | | +| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | provenance | | +| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | | +| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | Config | +| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:381:7:381:39 | target [taint3] | provenance | | +| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | provenance | | +| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | provenance | | +| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | | +| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | Config | +| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | | +| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | Config | +| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:381:7:381:39 | target [taint8] | provenance | | +| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | Config | +| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | provenance | | +| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | provenance | | +| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | Config | +| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | provenance | | +| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | provenance | | +| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | | +| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | Config | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | | +| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | | +| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | Config | +| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | | +| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | Config | +| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | | +| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config | +| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | | +| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | | +| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | | +| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | Config | +| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | provenance | | +| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | provenance | | +| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | provenance | | +| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | | +| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | Config | +| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | provenance | | +| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | provenance | | +| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | provenance | | +| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | provenance | Config | +| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | provenance | | +| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | provenance | Config | +| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | provenance | Config | +| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | | +| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | Config | +| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | provenance | | +| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | | +| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | | +| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | | +| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | Config | +| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | provenance | | +| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | provenance | Config | +| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | provenance | Config | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | provenance | | +| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | provenance | Config | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | provenance | | +| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | provenance | Config | +| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | provenance | Config | +| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | provenance | Config | +| various-concat-obfuscations.js:11:4:11:31 | "
") | provenance | | +| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | provenance | Config | +| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | provenance | | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '
' | provenance | Config | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | Config | +| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | provenance | | +| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | provenance | | +| various-concat-obfuscations.js:18:10:18:59 | '
') | provenance | | +| various-concat-obfuscations.js:18:10:18:88 | '
') | provenance | | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | Config | +| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '
... /html>` | -| live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:6:28:6:34 | tainted | -| live-server.js:10:11:10:27 | tainted | -| live-server.js:10:21:10:27 | req.url | -| live-server.js:10:21:10:27 | req.url | -| live-server.js:12:13:12:50 | ` ... /html>` | -| live-server.js:12:13:12:50 | ` ... /html>` | -| live-server.js:12:28:12:34 | tainted | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| partial.js:9:25:9:25 | x | -| partial.js:10:14:10:14 | x | -| partial.js:10:14:10:18 | x + y | -| partial.js:10:14:10:18 | x + y | -| partial.js:13:42:13:48 | req.url | -| partial.js:13:42:13:48 | req.url | -| partial.js:18:25:18:25 | x | -| partial.js:19:14:19:14 | x | -| partial.js:19:14:19:18 | x + y | -| partial.js:19:14:19:18 | x + y | -| partial.js:22:51:22:57 | req.url | -| partial.js:22:51:22:57 | req.url | -| partial.js:27:25:27:25 | x | -| partial.js:28:14:28:14 | x | -| partial.js:28:14:28:18 | x + y | -| partial.js:28:14:28:18 | x + y | -| partial.js:31:47:31:53 | req.url | -| partial.js:31:47:31:53 | req.url | -| partial.js:36:25:36:25 | x | -| partial.js:37:14:37:14 | x | -| partial.js:37:14:37:18 | x + y | -| partial.js:37:14:37:18 | x + y | -| partial.js:40:43:40:49 | req.url | -| partial.js:40:43:40:49 | req.url | -| promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | -| promises.js:5:44:5:57 | req.query.data | -| promises.js:6:11:6:11 | x | -| promises.js:6:25:6:25 | x | -| promises.js:6:25:6:25 | x | -| tst2.js:6:7:6:30 | p | -| tst2.js:6:7:6:30 | r | -| tst2.js:6:9:6:9 | p | -| tst2.js:6:9:6:9 | p | -| tst2.js:6:12:6:15 | q: r | -| tst2.js:6:12:6:15 | q: r | -| tst2.js:7:12:7:12 | p | -| tst2.js:7:12:7:12 | p | -| tst2.js:8:12:8:12 | r | -| tst2.js:8:12:8:12 | r | -| tst2.js:14:7:14:24 | p | -| tst2.js:14:9:14:9 | p | -| tst2.js:14:9:14:9 | p | -| tst2.js:18:12:18:12 | p | -| tst2.js:18:12:18:12 | p | -| tst2.js:21:14:21:14 | p | -| tst2.js:21:14:21:14 | p | -| tst2.js:30:7:30:24 | p | -| tst2.js:30:9:30:9 | p | -| tst2.js:30:9:30:9 | p | -| tst2.js:33:11:33:11 | p | -| tst2.js:36:12:36:12 | p | -| tst2.js:36:12:36:12 | p | -| tst2.js:37:12:37:18 | other.p | -| tst2.js:37:12:37:18 | other.p | -| tst2.js:43:7:43:24 | p | -| tst2.js:43:9:43:9 | p | -| tst2.js:43:9:43:9 | p | -| tst2.js:49:7:49:53 | unsafe | -| tst2.js:49:16:49:53 | seriali ... true}) | -| tst2.js:49:36:49:36 | p | -| tst2.js:51:12:51:17 | unsafe | -| tst2.js:51:12:51:17 | unsafe | -| tst2.js:57:7:57:24 | p | -| tst2.js:57:9:57:9 | p | -| tst2.js:57:9:57:9 | p | -| tst2.js:60:11:60:11 | p | -| tst2.js:63:12:63:12 | p | -| tst2.js:63:12:63:12 | p | -| tst2.js:64:12:64:18 | other.p | -| tst2.js:64:12:64:18 | other.p | -| tst2.js:69:7:69:24 | p | -| tst2.js:69:9:69:9 | p | -| tst2.js:69:9:69:9 | p | -| tst2.js:72:11:72:11 | p | -| tst2.js:75:12:75:12 | p | -| tst2.js:75:12:75:12 | p | -| tst2.js:76:12:76:18 | other.p | -| tst2.js:76:12:76:18 | other.p | -| tst2.js:82:7:82:24 | p | -| tst2.js:82:9:82:9 | p | -| tst2.js:82:9:82:9 | p | -| tst2.js:85:11:85:11 | p | -| tst2.js:88:12:88:12 | p | -| tst2.js:88:12:88:12 | p | -| tst2.js:89:12:89:18 | other.p | -| tst2.js:89:12:89:18 | other.p | -| tst3.js:5:7:5:24 | p | -| tst3.js:5:9:5:9 | p | -| tst3.js:5:9:5:9 | p | -| tst3.js:6:12:6:12 | p | -| tst3.js:6:12:6:12 | p | -| tst3.js:11:9:11:74 | code | -| tst3.js:11:16:11:74 | prettie ... bel" }) | -| tst3.js:11:32:11:39 | reg.body | -| tst3.js:11:32:11:39 | reg.body | -| tst3.js:12:12:12:15 | code | -| tst3.js:12:12:12:15 | code | edges -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable | -| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | -| ReflectedXss.js:32:5:32:22 | ['body', req.body] | ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | -| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] | -| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] | -| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | -| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | -| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | -| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | -| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | -| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | -| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | -| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | -| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys | -| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | -| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | -| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys | -| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys | -| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | -| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | ReflectedXss.js:116:11:116:45 | keys | -| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | -| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | -| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray | -| ReflectedXss.js:118:22:118:61 | typeof ... : keys | ReflectedXss.js:118:11:118:61 | keyArray | -| ReflectedXss.js:118:49:118:54 | [keys] | ReflectedXss.js:118:22:118:61 | typeof ... : keys | -| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:49:118:54 | [keys] | -| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:22:118:61 | typeof ... : keys | -| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys | -| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | -| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys | -| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | -| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | -| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | -| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | -| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | -| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" | -| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" | -| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response | -| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | -| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil | -| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | -| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | -| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | -| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | -| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted | -| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | -| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | -| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted | -| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | -| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | -| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | ` ... /html>` | -| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | ` ... /html>` | -| pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url | -| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x | -| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | -| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | -| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | -| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | -| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x | -| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | -| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | -| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | -| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | -| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x | -| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | -| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | -| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | -| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | -| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x | -| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | -| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | -| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | -| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | -| promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x | -| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x | -| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x | -| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | -| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | -| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | -| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | -| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | -| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | -| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | -| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | -| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | -| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | -| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | -| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | -| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | -| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | -| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | -| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | -| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p | -| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | -| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | -| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | -| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | -| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p | -| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p | -| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p | -| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | -| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | -| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | -| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | -| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe | -| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) | -| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p | -| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | -| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | -| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | -| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | -| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p | -| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p | -| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p | -| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | -| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | -| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | -| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | -| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p | -| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p | -| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p | -| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | -| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | -| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | -| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | -| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p | -| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p | -| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | -| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | -| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | -| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | -| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | -| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | -| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code | -| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | -| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | +| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | provenance | | +| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | provenance | | +| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | provenance | | +| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | provenance | | +| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable | provenance | | +| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | provenance | | +| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | provenance | | +| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | provenance | | +| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | provenance | | +| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | provenance | | +| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | provenance | | +| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | provenance | | +| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | provenance | | +| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | provenance | | +| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | provenance | | +| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | provenance | | +| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | provenance | | +| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | provenance | | +| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | provenance | | +| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | provenance | | +| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys | provenance | | +| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | provenance | | +| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys | provenance | | +| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys | provenance | | +| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:11:116:45 | keys | provenance | | +| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:11:116:45 | keys | provenance | | +| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray | provenance | | +| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:11:118:61 | keyArray | provenance | | +| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:11:118:61 | keyArray | provenance | | +| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys | provenance | | +| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | provenance | | +| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys | provenance | | +| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | provenance | | +| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | provenance | | +| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | provenance | | +| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | provenance | | +| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | provenance | | +| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | provenance | | +| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:77:16:77:20 | value | provenance | | +| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:105:18:105:22 | value | provenance | | +| ReflectedXssGood3.js:77:7:77:37 | parts | ReflectedXssGood3.js:108:10:108:14 | parts | provenance | | +| ReflectedXssGood3.js:77:16:77:20 | value | ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | provenance | | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | | +| ReflectedXssGood3.js:105:18:105:22 | value | ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | provenance | | +| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts | provenance | | +| ReflectedXssGood3.js:108:10:108:14 | parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | | +| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url | provenance | | +| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | provenance | | +| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | provenance | | +| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | provenance | | +| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | provenance | | +| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response | provenance | | +| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | provenance | | +| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil | provenance | | +| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | provenance | | +| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | provenance | | +| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | provenance | | +| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted | provenance | | +| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | provenance | | +| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | ` ... /html>` | provenance | | +| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted | provenance | | +| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | provenance | | +| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | ` ... /html>` | provenance | | +| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x | provenance | | +| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | provenance | | +| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | provenance | | +| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x | provenance | | +| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | provenance | | +| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | provenance | | +| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x | provenance | | +| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | provenance | | +| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | provenance | | +| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x | provenance | | +| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | provenance | | +| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | provenance | | +| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | promises.js:6:11:6:11 | x | provenance | | +| promises.js:5:16:5:22 | resolve [Return] [resolve-value] | promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | provenance | | +| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | promises.js:5:16:5:22 | resolve [Return] [resolve-value] | provenance | | +| promises.js:5:44:5:57 | req.query.data | promises.js:5:36:5:42 | [post update] resolve [resolve-value] | provenance | | +| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | provenance | | +| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | provenance | | +| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | provenance | | +| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | provenance | | +| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | provenance | | +| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | provenance | | +| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | provenance | | +| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | provenance | | +| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p | provenance | | +| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | provenance | | +| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | provenance | | +| tst2.js:32:7:32:14 | obj [p] | tst2.js:34:21:34:23 | obj [p] | provenance | | +| tst2.js:33:3:33:5 | [post update] obj [p] | tst2.js:32:7:32:14 | obj [p] | provenance | | +| tst2.js:33:11:33:11 | p | tst2.js:33:3:33:5 | [post update] obj [p] | provenance | | +| tst2.js:34:7:34:24 | other [p] | tst2.js:37:12:37:16 | other [p] | provenance | | +| tst2.js:34:15:34:24 | clone(obj) [p] | tst2.js:34:7:34:24 | other [p] | provenance | | +| tst2.js:34:21:34:23 | obj [p] | tst2.js:34:15:34:24 | clone(obj) [p] | provenance | | +| tst2.js:37:12:37:16 | other [p] | tst2.js:37:12:37:18 | other.p | provenance | | +| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p | provenance | | +| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | provenance | | +| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | provenance | | +| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe | provenance | | +| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) | provenance | | +| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p | provenance | | +| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | provenance | | +| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | provenance | | +| tst2.js:59:7:59:14 | obj [p] | tst2.js:61:22:61:24 | obj [p] | provenance | | +| tst2.js:60:3:60:5 | [post update] obj [p] | tst2.js:59:7:59:14 | obj [p] | provenance | | +| tst2.js:60:11:60:11 | p | tst2.js:60:3:60:5 | [post update] obj [p] | provenance | | +| tst2.js:61:7:61:25 | other [p] | tst2.js:64:12:64:16 | other [p] | provenance | | +| tst2.js:61:15:61:25 | fclone(obj) [p] | tst2.js:61:7:61:25 | other [p] | provenance | | +| tst2.js:61:22:61:24 | obj [p] | tst2.js:61:15:61:25 | fclone(obj) [p] | provenance | | +| tst2.js:64:12:64:16 | other [p] | tst2.js:64:12:64:18 | other.p | provenance | | +| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p | provenance | | +| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | provenance | | +| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | provenance | | +| tst2.js:71:7:71:14 | obj [p] | tst2.js:73:40:73:42 | obj [p] | provenance | | +| tst2.js:72:3:72:5 | [post update] obj [p] | tst2.js:71:7:71:14 | obj [p] | provenance | | +| tst2.js:72:11:72:11 | p | tst2.js:72:3:72:5 | [post update] obj [p] | provenance | | +| tst2.js:73:7:73:44 | other [p] | tst2.js:76:12:76:16 | other [p] | provenance | | +| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | tst2.js:73:7:73:44 | other [p] | provenance | | +| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | provenance | | +| tst2.js:73:40:73:42 | obj [p] | tst2.js:73:29:73:43 | jc.decycle(obj) [p] | provenance | | +| tst2.js:76:12:76:16 | other [p] | tst2.js:76:12:76:18 | other.p | provenance | | +| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p | provenance | | +| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | provenance | | +| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | provenance | | +| tst2.js:84:7:84:14 | obj [p] | tst2.js:86:24:86:26 | obj [p] | provenance | | +| tst2.js:85:3:85:5 | [post update] obj [p] | tst2.js:84:7:84:14 | obj [p] | provenance | | +| tst2.js:85:11:85:11 | p | tst2.js:85:3:85:5 | [post update] obj [p] | provenance | | +| tst2.js:86:7:86:27 | other [p] | tst2.js:89:12:89:16 | other [p] | provenance | | +| tst2.js:86:15:86:27 | sortKeys(obj) [p] | tst2.js:86:7:86:27 | other [p] | provenance | | +| tst2.js:86:24:86:26 | obj [p] | tst2.js:86:15:86:27 | sortKeys(obj) [p] | provenance | | +| tst2.js:89:12:89:16 | other [p] | tst2.js:89:12:89:18 | other.p | provenance | | +| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | provenance | | +| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | provenance | | +| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | provenance | | +| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code | provenance | | +| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | provenance | | +nodes +| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id | +| ReflectedXss.js:8:33:8:45 | req.params.id | semmle.label | req.params.id | +| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id | +| ReflectedXss.js:17:31:17:39 | params.id | semmle.label | params.id | +| ReflectedXss.js:22:12:22:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:23:12:23:27 | marked(req.body) | semmle.label | marked(req.body) | +| ReflectedXss.js:23:19:23:26 | req.body | semmle.label | req.body | +| ReflectedXss.js:29:12:29:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:30:7:33:4 | mytable | semmle.label | mytable | +| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | semmle.label | table([ ... y]\\n ]) | +| ReflectedXss.js:32:14:32:21 | req.body | semmle.label | req.body | +| ReflectedXss.js:34:12:34:18 | mytable | semmle.label | mytable | +| ReflectedXss.js:41:12:41:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:42:12:42:39 | convert ... q.body) | semmle.label | convert ... q.body) | +| ReflectedXss.js:42:31:42:38 | req.body | semmle.label | req.body | +| ReflectedXss.js:56:12:56:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:64:14:64:21 | req.body | semmle.label | req.body | +| ReflectedXss.js:64:39:64:42 | file | semmle.label | file | +| ReflectedXss.js:65:16:65:19 | file | semmle.label | file | +| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | semmle.label | remark( ... q.body) | +| ReflectedXss.js:68:12:68:52 | remark( ... tring() | semmle.label | remark( ... tring() | +| ReflectedXss.js:68:33:68:40 | req.body | semmle.label | req.body | +| ReflectedXss.js:72:12:72:56 | unified ... q.body) | semmle.label | unified ... q.body) | +| ReflectedXss.js:72:12:72:65 | unified ... oString | semmle.label | unified ... oString | +| ReflectedXss.js:72:48:72:55 | req.body | semmle.label | req.body | +| ReflectedXss.js:74:20:74:27 | req.body | semmle.label | req.body | +| ReflectedXss.js:74:34:74:34 | f | semmle.label | f | +| ReflectedXss.js:75:14:75:14 | f | semmle.label | f | +| ReflectedXss.js:83:12:83:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | semmle.label | snarkdown(req.body) | +| ReflectedXss.js:84:22:84:29 | req.body | semmle.label | req.body | +| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | semmle.label | snarkdown2(req.body) | +| ReflectedXss.js:85:23:85:30 | req.body | semmle.label | req.body | +| ReflectedXss.js:97:12:97:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:98:30:98:37 | req.body | semmle.label | req.body | +| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:100:31:100:38 | req.body | semmle.label | req.body | +| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:103:76:103:83 | req.body | semmle.label | req.body | +| ReflectedXss.js:110:16:110:30 | request.query.p | semmle.label | request.query.p | +| ReflectedXss.js:114:11:114:41 | queryKeys | semmle.label | queryKeys | +| ReflectedXss.js:114:13:114:27 | keys: queryKeys | semmle.label | keys: queryKeys | +| ReflectedXss.js:116:11:116:45 | keys | semmle.label | keys | +| ReflectedXss.js:116:18:116:26 | queryKeys | semmle.label | queryKeys | +| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | semmle.label | paramKeys?.keys | +| ReflectedXss.js:118:11:118:61 | keyArray | semmle.label | keyArray | +| ReflectedXss.js:118:50:118:53 | keys | semmle.label | keys | +| ReflectedXss.js:118:58:118:61 | keys | semmle.label | keys | +| ReflectedXss.js:119:11:119:72 | invalidKeys | semmle.label | invalidKeys | +| ReflectedXss.js:119:25:119:32 | keyArray | semmle.label | keyArray | +| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | semmle.label | keyArra ... s(key)) | +| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | semmle.label | `${inva ... telist` | +| ReflectedXss.js:122:33:122:43 | invalidKeys | semmle.label | invalidKeys | +| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | semmle.label | invalid ... n(', ') | +| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | semmle.label | req.params.id | +| ReflectedXssGood3.js:68:22:68:26 | value | semmle.label | value | +| ReflectedXssGood3.js:77:7:77:37 | parts | semmle.label | parts | +| ReflectedXssGood3.js:77:16:77:20 | value | semmle.label | value | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | semmle.label | value.s ... g(0, i) | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | semmle.label | [post update] parts | +| ReflectedXssGood3.js:105:18:105:22 | value | semmle.label | value | +| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | semmle.label | value.s ... g(j, i) | +| ReflectedXssGood3.js:108:10:108:14 | parts | semmle.label | parts | +| ReflectedXssGood3.js:108:10:108:23 | parts.join('') | semmle.label | parts.join('') | +| ReflectedXssGood3.js:135:9:135:27 | url | semmle.label | url | +| ReflectedXssGood3.js:135:15:135:27 | req.params.id | semmle.label | req.params.id | +| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | semmle.label | escapeHtml3(url) | +| ReflectedXssGood3.js:139:24:139:26 | url | semmle.label | url | +| etherpad.js:9:5:9:53 | response | semmle.label | response | +| etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp | +| etherpad.js:11:12:11:19 | response | semmle.label | response | +| formatting.js:4:9:4:29 | evil | semmle.label | evil | +| formatting.js:4:16:4:29 | req.query.evil | semmle.label | req.query.evil | +| formatting.js:6:14:6:47 | util.fo ... , evil) | semmle.label | util.fo ... , evil) | +| formatting.js:6:43:6:46 | evil | semmle.label | evil | +| formatting.js:7:14:7:53 | require ... , evil) | semmle.label | require ... , evil) | +| formatting.js:7:49:7:52 | evil | semmle.label | evil | +| live-server.js:4:11:4:27 | tainted | semmle.label | tainted | +| live-server.js:4:21:4:27 | req.url | semmle.label | req.url | +| live-server.js:6:13:6:50 | ` ... /html>` | semmle.label | ` ... /html>` | +| live-server.js:6:28:6:34 | tainted | semmle.label | tainted | +| live-server.js:10:11:10:27 | tainted | semmle.label | tainted | +| live-server.js:10:21:10:27 | req.url | semmle.label | req.url | +| live-server.js:12:13:12:50 | ` ... /html>` | semmle.label | ` ... /html>` | +| live-server.js:12:28:12:34 | tainted | semmle.label | tainted | +| pages/Next.jsx:8:13:8:19 | req.url | semmle.label | req.url | +| pages/Next.jsx:15:13:15:19 | req.url | semmle.label | req.url | +| pages/api/myapi.js:2:14:2:20 | req.url | semmle.label | req.url | +| partial.js:9:25:9:25 | x | semmle.label | x | +| partial.js:10:14:10:14 | x | semmle.label | x | +| partial.js:10:14:10:18 | x + y | semmle.label | x + y | +| partial.js:13:42:13:48 | req.url | semmle.label | req.url | +| partial.js:18:25:18:25 | x | semmle.label | x | +| partial.js:19:14:19:14 | x | semmle.label | x | +| partial.js:19:14:19:18 | x + y | semmle.label | x + y | +| partial.js:22:51:22:57 | req.url | semmle.label | req.url | +| partial.js:27:25:27:25 | x | semmle.label | x | +| partial.js:28:14:28:14 | x | semmle.label | x | +| partial.js:28:14:28:18 | x + y | semmle.label | x + y | +| partial.js:31:47:31:53 | req.url | semmle.label | req.url | +| partial.js:36:25:36:25 | x | semmle.label | x | +| partial.js:37:14:37:14 | x | semmle.label | x | +| partial.js:37:14:37:18 | x + y | semmle.label | x + y | +| partial.js:40:43:40:49 | req.url | semmle.label | req.url | +| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | semmle.label | new Pro ... .data)) [PromiseValue] | +| promises.js:5:16:5:22 | resolve [Return] [resolve-value] | semmle.label | resolve [Return] [resolve-value] | +| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | semmle.label | [post update] resolve [resolve-value] | +| promises.js:5:44:5:57 | req.query.data | semmle.label | req.query.data | +| promises.js:6:11:6:11 | x | semmle.label | x | +| promises.js:6:25:6:25 | x | semmle.label | x | +| tst2.js:6:7:6:30 | p | semmle.label | p | +| tst2.js:6:7:6:30 | r | semmle.label | r | +| tst2.js:6:9:6:9 | p | semmle.label | p | +| tst2.js:6:12:6:15 | q: r | semmle.label | q: r | +| tst2.js:7:12:7:12 | p | semmle.label | p | +| tst2.js:8:12:8:12 | r | semmle.label | r | +| tst2.js:14:7:14:24 | p | semmle.label | p | +| tst2.js:14:9:14:9 | p | semmle.label | p | +| tst2.js:18:12:18:12 | p | semmle.label | p | +| tst2.js:21:14:21:14 | p | semmle.label | p | +| tst2.js:30:7:30:24 | p | semmle.label | p | +| tst2.js:30:9:30:9 | p | semmle.label | p | +| tst2.js:32:7:32:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:33:3:33:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:33:11:33:11 | p | semmle.label | p | +| tst2.js:34:7:34:24 | other [p] | semmle.label | other [p] | +| tst2.js:34:15:34:24 | clone(obj) [p] | semmle.label | clone(obj) [p] | +| tst2.js:34:21:34:23 | obj [p] | semmle.label | obj [p] | +| tst2.js:36:12:36:12 | p | semmle.label | p | +| tst2.js:37:12:37:16 | other [p] | semmle.label | other [p] | +| tst2.js:37:12:37:18 | other.p | semmle.label | other.p | +| tst2.js:43:7:43:24 | p | semmle.label | p | +| tst2.js:43:9:43:9 | p | semmle.label | p | +| tst2.js:49:7:49:53 | unsafe | semmle.label | unsafe | +| tst2.js:49:16:49:53 | seriali ... true}) | semmle.label | seriali ... true}) | +| tst2.js:49:36:49:36 | p | semmle.label | p | +| tst2.js:51:12:51:17 | unsafe | semmle.label | unsafe | +| tst2.js:57:7:57:24 | p | semmle.label | p | +| tst2.js:57:9:57:9 | p | semmle.label | p | +| tst2.js:59:7:59:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:60:3:60:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:60:11:60:11 | p | semmle.label | p | +| tst2.js:61:7:61:25 | other [p] | semmle.label | other [p] | +| tst2.js:61:15:61:25 | fclone(obj) [p] | semmle.label | fclone(obj) [p] | +| tst2.js:61:22:61:24 | obj [p] | semmle.label | obj [p] | +| tst2.js:63:12:63:12 | p | semmle.label | p | +| tst2.js:64:12:64:16 | other [p] | semmle.label | other [p] | +| tst2.js:64:12:64:18 | other.p | semmle.label | other.p | +| tst2.js:69:7:69:24 | p | semmle.label | p | +| tst2.js:69:9:69:9 | p | semmle.label | p | +| tst2.js:71:7:71:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:72:3:72:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:72:11:72:11 | p | semmle.label | p | +| tst2.js:73:7:73:44 | other [p] | semmle.label | other [p] | +| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | semmle.label | jc.retr ... e(obj)) [p] | +| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | semmle.label | jc.decycle(obj) [p] | +| tst2.js:73:40:73:42 | obj [p] | semmle.label | obj [p] | +| tst2.js:75:12:75:12 | p | semmle.label | p | +| tst2.js:76:12:76:16 | other [p] | semmle.label | other [p] | +| tst2.js:76:12:76:18 | other.p | semmle.label | other.p | +| tst2.js:82:7:82:24 | p | semmle.label | p | +| tst2.js:82:9:82:9 | p | semmle.label | p | +| tst2.js:84:7:84:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:85:3:85:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:85:11:85:11 | p | semmle.label | p | +| tst2.js:86:7:86:27 | other [p] | semmle.label | other [p] | +| tst2.js:86:15:86:27 | sortKeys(obj) [p] | semmle.label | sortKeys(obj) [p] | +| tst2.js:86:24:86:26 | obj [p] | semmle.label | obj [p] | +| tst2.js:88:12:88:12 | p | semmle.label | p | +| tst2.js:89:12:89:16 | other [p] | semmle.label | other [p] | +| tst2.js:89:12:89:18 | other.p | semmle.label | other.p | +| tst3.js:5:7:5:24 | p | semmle.label | p | +| tst3.js:5:9:5:9 | p | semmle.label | p | +| tst3.js:6:12:6:12 | p | semmle.label | p | +| tst3.js:11:9:11:74 | code | semmle.label | code | +| tst3.js:11:16:11:74 | prettie ... bel" }) | semmle.label | prettie ... bel" }) | +| tst3.js:11:32:11:39 | reg.body | semmle.label | reg.body | +| tst3.js:12:12:12:15 | code | semmle.label | code | +subpaths +| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | #select | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value | | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected index 53f02ae19f21..3b3b0501e192 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected @@ -1,32 +1,43 @@ edges -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:19:9:19:14 | files2 | -| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | -| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | -| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | -| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | -| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | -| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | -| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | -| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | -| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | -| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | -| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | -| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | -| xss-through-filenames.js:33:19:33:24 | files2 | xss-through-filenames.js:35:29:35:34 | files2 | -| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | -| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | -| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 | -| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | -| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) | -| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | -| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:35:22:35:35 | format(files2) | -| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | +| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | provenance | | +| xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:19:9:19:14 | files2 | provenance | | +| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:34:20:37 | file | provenance | | +| xss-through-filenames.js:20:25:20:47 | '
  • ' ... '
    • ' | xss-through-filenames.js:20:13:20:18 | [post update] files3 | provenance | | +| xss-through-filenames.js:20:34:20:37 | file | xss-through-filenames.js:20:25:20:47 | '
  • ' ... '
    • ' | provenance | | +| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | | +| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | | +| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | provenance | | +| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file | provenance | | +| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | provenance | | +| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:33:19:33:24 | files2 | xss-through-filenames.js:35:29:35:34 | files2 | provenance | | +| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | provenance | | +| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:35:22:35:35 | format(files2) | provenance | | +| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | provenance | | +| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | provenance | | nodes | xss-through-filenames.js:7:43:7:48 | files1 | semmle.label | files1 | | xss-through-filenames.js:8:18:8:23 | files1 | semmle.label | files1 | @@ -38,6 +49,10 @@ nodes | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | semmle.label | files2.sort(sort) | | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] | | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] | +| xss-through-filenames.js:19:45:19:48 | file | semmle.label | file | +| xss-through-filenames.js:20:13:20:18 | [post update] files3 | semmle.label | [post update] files3 | +| xss-through-filenames.js:20:25:20:47 | '
  • ' ... '
    • ' | semmle.label | '
  • ' ... '
    • ' | +| xss-through-filenames.js:20:34:20:37 | file | semmle.label | file | | xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 | | xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 | | xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') | @@ -45,6 +60,10 @@ nodes | xss-through-filenames.js:25:43:25:48 | files1 | semmle.label | files1 | | xss-through-filenames.js:26:19:26:24 | files1 | semmle.label | files1 | | xss-through-filenames.js:30:9:30:14 | files1 | semmle.label | files1 | +| xss-through-filenames.js:30:34:30:37 | file | semmle.label | file | +| xss-through-filenames.js:31:13:31:18 | [post update] files2 | semmle.label | [post update] files2 | +| xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | semmle.label | [post update] files2 [ArrayElement] | +| xss-through-filenames.js:31:25:31:28 | file | semmle.label | file | | xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 | | xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 | | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | @@ -57,6 +76,13 @@ nodes | xss-through-torrent.js:6:13:6:24 | torrent.name | semmle.label | torrent.name | | xss-through-torrent.js:7:11:7:14 | name | semmle.label | name | subpaths +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | | xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) | | xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) | #select diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected index 997d26fb1271..49092b056422 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected @@ -56,45 +56,48 @@ nodes | typed.ts:6:43:6:43 | s | semmle.label | s | | typed.ts:8:40:8:40 | s | semmle.label | s | edges -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | -| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | -| lib2/index.ts:13:16:13:23 | settings | lib2/index.ts:13:16:13:33 | settings.mySetting | -| lib2/index.ts:13:16:13:33 | settings.mySetting | lib2/index.ts:13:16:13:36 | setting ... ting[i] | -| lib2/index.ts:13:16:13:36 | setting ... ting[i] | lib2/index.ts:13:16:13:41 | setting ... i].name | -| lib2/index.ts:13:16:13:41 | setting ... i].name | lib2/index.ts:13:9:13:41 | name | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | -| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | -| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | -| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | -| main.js:94:31:94:31 | x | main.js:89:21:89:21 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | +| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | provenance | | +| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | provenance | | +| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | provenance | Config | +| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | provenance | | +| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | provenance | | +| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | provenance | | +| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | provenance | | +| lib2/index.ts:13:16:13:23 | settings | lib2/index.ts:13:16:13:33 | settings.mySetting | provenance | Config | +| lib2/index.ts:13:16:13:33 | settings.mySetting | lib2/index.ts:13:16:13:36 | setting ... ting[i] | provenance | Config | +| lib2/index.ts:13:16:13:36 | setting ... ting[i] | lib2/index.ts:13:16:13:41 | setting ... i].name | provenance | Config | +| lib2/index.ts:13:16:13:41 | setting ... i].name | lib2/index.ts:13:9:13:41 | name | provenance | | +| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | provenance | | +| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | provenance | | +| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | provenance | | +| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | provenance | | +| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | provenance | | +| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | provenance | | +| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | provenance | | +| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | provenance | | +| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | provenance | | +| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | provenance | | +| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | provenance | | +| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | | +| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | Config | +| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | | +| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | Config | +| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | provenance | | +| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | provenance | Config | +| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | provenance | Config | +| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | provenance | | +| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | provenance | | +| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | provenance | | +| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | provenance | | +| main.js:94:31:94:31 | x | main.js:89:21:89:21 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | provenance | | +| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | provenance | | +| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | provenance | | +| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | provenance | | subpaths #select | jquery-plugin.js:12:31:12:41 | options.foo | jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:41 | options.foo | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:34:11:40 | options | library input | jquery-plugin.js:12:20:12:53 | " ... /span>" | cross-site scripting | diff --git a/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected b/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected index f0b53a2bcc79..b70b13b4c1bd 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected @@ -280,358 +280,358 @@ nodes | tst.js:10:10:10:64 | 'SELECT ... d + '"' | semmle.label | 'SELECT ... d + '"' | | tst.js:10:46:10:58 | req.params.id | semmle.label | req.params.id | edges -| graphql.js:8:11:8:28 | id | graphql.js:12:46:12:47 | id | -| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | -| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | -| graphql.js:26:11:26:28 | id | graphql.js:27:37:27:38 | id | -| graphql.js:26:11:26:28 | id | graphql.js:30:39:30:40 | id | -| graphql.js:26:11:26:28 | id | graphql.js:33:25:33:26 | id | -| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | -| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | -| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | -| graphql.js:39:11:39:28 | id | graphql.js:44:21:44:22 | id | -| graphql.js:39:11:39:28 | id | graphql.js:48:51:48:52 | id | -| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | -| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | -| graphql.js:55:11:55:28 | id | graphql.js:56:46:56:47 | id | -| graphql.js:55:11:55:28 | id | graphql.js:58:73:58:74 | id | -| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | -| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | -| graphql.js:74:9:74:25 | id | graphql.js:75:56:75:57 | id | -| graphql.js:74:9:74:25 | id | graphql.js:88:13:88:14 | id | -| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | -| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | -| graphql.js:119:11:119:28 | id | graphql.js:120:45:120:46 | id | -| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | -| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | -| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | -| html-sanitizer.js:14:5:14:24 | param1 | html-sanitizer.js:16:54:16:59 | param1 | -| html-sanitizer.js:14:14:14:24 | xss(param1) | html-sanitizer.js:14:5:14:24 | param1 | -| html-sanitizer.js:14:18:14:23 | param1 | html-sanitizer.js:14:14:14:24 | xss(param1) | -| html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | json-schema-validator.js:25:15:25:48 | query | -| json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query | -| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | json-schema-validator.js:50:15:50:48 | query | -| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | -| koarouter.js:5:11:5:33 | version | koarouter.js:14:38:14:44 | version | -| koarouter.js:5:13:5:19 | version | koarouter.js:5:11:5:33 | version | -| koarouter.js:11:11:11:28 | conditions | koarouter.js:17:52:17:61 | conditions | -| koarouter.js:14:9:14:18 | [post update] conditions | koarouter.js:11:11:11:28 | conditions | -| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions | -| koarouter.js:14:38:14:44 | version | koarouter.js:14:25:14:46 | `versio ... rsion}` | -| koarouter.js:17:52:17:61 | conditions | koarouter.js:17:52:17:75 | conditi ... and ') | -| koarouter.js:17:52:17:75 | conditi ... and ') | koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | -| ldap.js:20:7:20:34 | q | ldap.js:22:18:22:18 | q | -| ldap.js:20:11:20:34 | url.par ... , true) | ldap.js:20:7:20:34 | q | -| ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) | -| ldap.js:22:7:22:33 | username | ldap.js:25:24:25:31 | username | -| ldap.js:22:7:22:33 | username | ldap.js:25:46:25:53 | username | -| ldap.js:22:7:22:33 | username | ldap.js:32:26:32:33 | username | -| ldap.js:22:7:22:33 | username | ldap.js:32:48:32:55 | username | -| ldap.js:22:7:22:33 | username | ldap.js:64:16:64:23 | username | -| ldap.js:22:7:22:33 | username | ldap.js:64:38:64:45 | username | -| ldap.js:22:7:22:33 | username | ldap.js:68:33:68:40 | username | -| ldap.js:22:18:22:18 | q | ldap.js:22:7:22:33 | username | -| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 | -| ldap.js:25:24:25:31 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | -| ldap.js:25:46:25:53 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | -| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:26:32:33 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | -| ldap.js:32:48:32:55 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | -| ldap.js:63:9:65:3 | parsedFilter | ldap.js:66:40:66:51 | parsedFilter | -| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | ldap.js:63:9:65:3 | parsedFilter | -| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | -| ldap.js:64:16:64:23 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | -| ldap.js:64:38:64:45 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | -| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | -| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb-flow-to.js:10:17:10:18 | {} | marsdb-flow-to.js:10:9:10:18 | query | -| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:9:10:18 | query | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:17:10:18 | {} | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | -| marsdb.js:12:17:12:18 | {} | marsdb.js:12:9:12:18 | query | -| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:9:12:18 | query | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:17:12:18 | {} | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | -| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | -| minimongo.js:14:17:14:18 | {} | minimongo.js:14:9:14:18 | query | -| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:9:14:18 | query | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:17:14:18 | {} | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | -| mongodb.js:12:11:12:20 | query | mongodb.js:13:5:13:9 | query | -| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query | -| mongodb.js:13:5:13:9 | query | mongodb.js:18:16:18:20 | query | -| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:13:5:13:9 | query | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | -| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title | -| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | -| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title | -| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) | -| mongodb.js:48:11:48:20 | query | mongodb.js:49:5:49:9 | query | -| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query | -| mongodb.js:49:5:49:9 | query | mongodb.js:54:16:54:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:49:5:49:9 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:59:8:59:17 | query | mongodb.js:60:2:60:6 | query | -| mongodb.js:59:16:59:17 | {} | mongodb.js:59:8:59:17 | query | -| mongodb.js:60:2:60:6 | query | mongodb.js:65:12:65:16 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:60:2:60:6 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | -| mongodb.js:70:7:70:25 | tag | mongodb.js:77:22:77:24 | tag | -| mongodb.js:70:7:70:25 | tag | mongodb.js:85:20:85:22 | tag | -| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | -| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:106:9:106:18 | query | mongodb.js:107:3:107:7 | query | -| mongodb.js:106:17:106:18 | {} | mongodb.js:106:9:106:18 | query | -| mongodb.js:107:3:107:7 | query | mongodb.js:112:14:112:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:107:3:107:7 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:24:5:24:9 | query | -| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:24:5:24:9 | query | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:24:5:24:9 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:21:2:21:6 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:24:22:24:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:76:12:76:16 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:81:37:81:41 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:104:21:104:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:133:38:133:42 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:134:30:134:34 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | -| mongoose.js:20:16:20:17 | {} | mongoose.js:20:8:20:17 | query | -| mongoose.js:21:2:21:6 | query | mongoose.js:24:22:24:26 | query | -| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:8:20:17 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:16:20:17 | {} | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:21:2:21:6 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:24:22:24:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:76:12:76:16 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:81:37:81:41 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:104:21:104:25 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:133:38:133:42 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:134:30:134:34 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | -| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | -| mongoose.js:24:22:24:26 | query | mongoose.js:27:17:27:21 | query | -| mongoose.js:27:17:27:21 | query | mongoose.js:30:22:30:26 | query | -| mongoose.js:30:22:30:26 | query | mongoose.js:33:21:33:25 | query | -| mongoose.js:33:21:33:25 | query | mongoose.js:36:28:36:32 | query | -| mongoose.js:36:28:36:32 | query | mongoose.js:39:16:39:20 | query | -| mongoose.js:39:16:39:20 | query | mongoose.js:42:19:42:23 | query | -| mongoose.js:42:19:42:23 | query | mongoose.js:45:28:45:32 | query | -| mongoose.js:45:28:45:32 | query | mongoose.js:48:28:48:32 | query | -| mongoose.js:48:28:48:32 | query | mongoose.js:51:28:51:32 | query | -| mongoose.js:51:28:51:32 | query | mongoose.js:54:22:54:26 | query | -| mongoose.js:54:22:54:26 | query | mongoose.js:57:18:57:22 | query | -| mongoose.js:57:18:57:22 | query | mongoose.js:60:22:60:26 | query | -| mongoose.js:60:22:60:26 | query | mongoose.js:63:21:63:25 | query | -| mongoose.js:63:21:63:25 | query | mongoose.js:65:32:65:36 | query | -| mongoose.js:65:32:65:36 | query | mongoose.js:67:27:67:31 | query | -| mongoose.js:67:27:67:31 | query | mongoose.js:68:8:68:12 | query | -| mongoose.js:68:8:68:12 | query | mongoose.js:71:17:71:21 | query | -| mongoose.js:71:17:71:21 | query | mongoose.js:72:10:72:14 | query | -| mongoose.js:72:10:72:14 | query | mongoose.js:73:8:73:12 | query | -| mongoose.js:73:8:73:12 | query | mongoose.js:74:7:74:11 | query | -| mongoose.js:74:7:74:11 | query | mongoose.js:75:16:75:20 | query | -| mongoose.js:75:16:75:20 | query | mongoose.js:76:12:76:16 | query | -| mongoose.js:76:12:76:16 | query | mongoose.js:77:10:77:14 | query | -| mongoose.js:77:10:77:14 | query | mongoose.js:81:37:81:41 | query | -| mongoose.js:81:37:81:41 | query | mongoose.js:82:46:82:50 | query | -| mongoose.js:82:46:82:50 | query | mongoose.js:83:47:83:51 | query | -| mongoose.js:83:47:83:51 | query | mongoose.js:85:46:85:50 | query | -| mongoose.js:83:47:83:51 | query | mongoose.js:87:51:87:55 | query | -| mongoose.js:83:47:83:51 | query | mongoose.js:89:46:89:50 | query | -| mongoose.js:83:47:83:51 | query | mongoose.js:92:46:92:50 | query | -| mongoose.js:83:47:83:51 | query | mongoose.js:94:51:94:55 | query | -| mongoose.js:83:47:83:51 | query | mongoose.js:96:46:96:50 | query | -| mongoose.js:83:47:83:51 | query | mongoose.js:104:21:104:25 | query | -| mongoose.js:104:21:104:25 | query | mongoose.js:111:14:111:18 | query | -| mongoose.js:111:14:111:18 | query | mongoose.js:113:31:113:35 | query | -| mongoose.js:113:31:113:35 | query | mongoose.js:133:38:133:42 | query | -| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | -| mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id | -| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | -| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | -| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | -| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | -| mongoose.js:133:38:133:42 | query | mongoose.js:134:30:134:34 | query | -| mongoose.js:133:38:133:42 | query | mongoose.js:136:30:136:34 | query | -| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query | -| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | -| mongooseModelClient.js:10:7:10:32 | v | mongooseModelClient.js:11:22:11:22 | v | -| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | mongooseModelClient.js:10:7:10:32 | v | -| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x | -| mongooseModelClient.js:10:22:10:31 | req.body.x | mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | -| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id | -| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mysql.js:6:9:6:31 | temp | mysql.js:15:62:15:65 | temp | -| mysql.js:6:9:6:31 | temp | mysql.js:19:70:19:73 | temp | -| mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp | -| mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp | -| mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp | -| pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint | -| pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query | -| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:7:7:55 | query | -| pg-promise.js:9:10:9:14 | query | pg-promise.js:10:11:10:15 | query | -| pg-promise.js:10:11:10:15 | query | pg-promise.js:11:17:11:21 | query | -| pg-promise.js:11:17:11:21 | query | pg-promise.js:12:10:12:14 | query | -| pg-promise.js:12:10:12:14 | query | pg-promise.js:13:12:13:16 | query | -| pg-promise.js:13:12:13:16 | query | pg-promise.js:14:18:14:22 | query | -| pg-promise.js:14:18:14:22 | query | pg-promise.js:15:11:15:15 | query | -| pg-promise.js:15:11:15:15 | query | pg-promise.js:16:10:16:14 | query | -| pg-promise.js:16:10:16:14 | query | pg-promise.js:17:16:17:20 | query | -| pg-promise.js:17:16:17:20 | query | pg-promise.js:18:12:18:16 | query | -| pg-promise.js:18:12:18:16 | query | pg-promise.js:19:13:19:17 | query | -| pg-promise.js:19:13:19:17 | query | pg-promise.js:22:11:22:15 | query | -| pg-promise.js:22:11:22:15 | query | pg-promise.js:60:20:60:24 | query | -| pg-promise.js:22:11:22:15 | query | pg-promise.js:63:23:63:27 | query | -| pg-promise.js:22:11:22:15 | query | pg-promise.js:64:16:64:20 | query | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | -| redis.js:12:9:12:26 | key | redis.js:13:16:13:18 | key | -| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | -| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key | -| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key | -| redis.js:12:9:12:26 | key | redis.js:26:14:26:16 | key | -| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key | -| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key | -| redis.js:12:15:12:26 | req.body.key | redis.js:12:9:12:26 | key | -| redis.js:13:16:13:18 | key | redis.js:18:16:18:18 | key | -| redis.js:18:16:18:18 | key | redis.js:19:43:19:45 | key | -| redis.js:19:43:19:45 | key | redis.js:25:14:25:16 | key | -| redis.js:25:14:25:16 | key | redis.js:26:14:26:16 | key | -| redis.js:26:14:26:16 | key | redis.js:30:23:30:25 | key | -| redis.js:26:14:26:16 | key | redis.js:32:28:32:30 | key | -| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key | -| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key | -| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key | -| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key | -| redis.js:38:17:38:28 | req.body.key | redis.js:38:11:38:28 | key | -| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | -| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | -| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:7:8:55 | query1 | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | +| graphql.js:8:11:8:28 | id | graphql.js:12:46:12:47 | id | provenance | | +| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | provenance | | +| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | provenance | | +| graphql.js:26:11:26:28 | id | graphql.js:27:37:27:38 | id | provenance | | +| graphql.js:26:11:26:28 | id | graphql.js:30:39:30:40 | id | provenance | | +| graphql.js:26:11:26:28 | id | graphql.js:33:25:33:26 | id | provenance | | +| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | provenance | | +| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | provenance | | +| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | provenance | | +| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | provenance | | +| graphql.js:39:11:39:28 | id | graphql.js:44:21:44:22 | id | provenance | | +| graphql.js:39:11:39:28 | id | graphql.js:48:51:48:52 | id | provenance | | +| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | provenance | | +| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | provenance | | +| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | provenance | | +| graphql.js:55:11:55:28 | id | graphql.js:56:46:56:47 | id | provenance | | +| graphql.js:55:11:55:28 | id | graphql.js:58:73:58:74 | id | provenance | | +| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | provenance | | +| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | provenance | | +| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | provenance | | +| graphql.js:74:9:74:25 | id | graphql.js:75:56:75:57 | id | provenance | | +| graphql.js:74:9:74:25 | id | graphql.js:88:13:88:14 | id | provenance | | +| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | provenance | | +| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | provenance | | +| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | provenance | | +| graphql.js:119:11:119:28 | id | graphql.js:120:45:120:46 | id | provenance | | +| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | provenance | | +| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | provenance | | +| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | provenance | | +| html-sanitizer.js:14:5:14:24 | param1 | html-sanitizer.js:16:54:16:59 | param1 | provenance | | +| html-sanitizer.js:14:14:14:24 | xss(param1) | html-sanitizer.js:14:5:14:24 | param1 | provenance | | +| html-sanitizer.js:14:18:14:23 | param1 | html-sanitizer.js:14:14:14:24 | xss(param1) | provenance | Config | +| html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | provenance | | +| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query | provenance | | +| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query | provenance | | +| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | json-schema-validator.js:25:15:25:48 | query | provenance | | +| json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | provenance | Config | +| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query | provenance | | +| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query | provenance | | +| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query | provenance | | +| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | json-schema-validator.js:50:15:50:48 | query | provenance | | +| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | provenance | Config | +| koarouter.js:5:11:5:33 | version | koarouter.js:14:38:14:44 | version | provenance | | +| koarouter.js:5:13:5:19 | version | koarouter.js:5:11:5:33 | version | provenance | | +| koarouter.js:11:11:11:28 | conditions | koarouter.js:17:52:17:61 | conditions | provenance | | +| koarouter.js:14:9:14:18 | [post update] conditions | koarouter.js:11:11:11:28 | conditions | provenance | | +| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions | provenance | | +| koarouter.js:14:38:14:44 | version | koarouter.js:14:25:14:46 | `versio ... rsion}` | provenance | | +| koarouter.js:17:52:17:61 | conditions | koarouter.js:17:52:17:75 | conditi ... and ') | provenance | | +| koarouter.js:17:52:17:75 | conditi ... and ') | koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | provenance | | +| ldap.js:20:7:20:34 | q | ldap.js:22:18:22:18 | q | provenance | | +| ldap.js:20:11:20:34 | url.par ... , true) | ldap.js:20:7:20:34 | q | provenance | | +| ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:25:24:25:31 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:25:46:25:53 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:32:26:32:33 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:32:48:32:55 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:64:16:64:23 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:64:38:64:45 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:68:33:68:40 | username | provenance | | +| ldap.js:22:18:22:18 | q | ldap.js:22:7:22:33 | username | provenance | | +| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 | provenance | Config | +| ldap.js:25:24:25:31 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:25:46:25:53 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } | provenance | Config | +| ldap.js:32:26:32:33 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:32:48:32:55 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:63:9:65:3 | parsedFilter | ldap.js:66:40:66:51 | parsedFilter | provenance | | +| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | ldap.js:63:9:65:3 | parsedFilter | provenance | | +| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | provenance | Config | +| ldap.js:64:16:64:23 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:64:38:64:45 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | provenance | Config | +| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | provenance | | +| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | provenance | | +| marsdb-flow-to.js:10:17:10:18 | {} | marsdb-flow-to.js:10:9:10:18 | query | provenance | | +| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | provenance | Config | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:9:10:18 | query | provenance | Config | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:17:10:18 | {} | provenance | Config | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | provenance | Config | +| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | provenance | | +| marsdb.js:12:17:12:18 | {} | marsdb.js:12:9:12:18 | query | provenance | | +| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | provenance | Config | +| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:9:12:18 | query | provenance | Config | +| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:17:12:18 | {} | provenance | Config | +| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | provenance | Config | +| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | provenance | | +| minimongo.js:14:17:14:18 | {} | minimongo.js:14:9:14:18 | query | provenance | | +| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | provenance | Config | +| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:9:14:18 | query | provenance | Config | +| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:17:14:18 | {} | provenance | Config | +| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | provenance | Config | +| mongodb.js:12:11:12:20 | query | mongodb.js:13:5:13:9 | query | provenance | | +| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query | provenance | | +| mongodb.js:13:5:13:9 | query | mongodb.js:18:16:18:20 | query | provenance | | +| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:13:5:13:9 | query | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | provenance | Config | +| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title | provenance | | +| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | provenance | Config | +| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title | provenance | | +| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | provenance | Config | +| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) | provenance | Config | +| mongodb.js:48:11:48:20 | query | mongodb.js:49:5:49:9 | query | provenance | | +| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query | provenance | | +| mongodb.js:49:5:49:9 | query | mongodb.js:54:16:54:20 | query | provenance | | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | provenance | Config | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | provenance | Config | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:49:5:49:9 | query | provenance | Config | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | provenance | Config | +| mongodb.js:59:8:59:17 | query | mongodb.js:60:2:60:6 | query | provenance | | +| mongodb.js:59:16:59:17 | {} | mongodb.js:59:8:59:17 | query | provenance | | +| mongodb.js:60:2:60:6 | query | mongodb.js:65:12:65:16 | query | provenance | | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | provenance | Config | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | provenance | Config | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:60:2:60:6 | query | provenance | Config | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | provenance | Config | +| mongodb.js:70:7:70:25 | tag | mongodb.js:77:22:77:24 | tag | provenance | | +| mongodb.js:70:7:70:25 | tag | mongodb.js:85:20:85:22 | tag | provenance | | +| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | provenance | | +| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | provenance | Config | +| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | provenance | Config | +| mongodb.js:106:9:106:18 | query | mongodb.js:107:3:107:7 | query | provenance | | +| mongodb.js:106:17:106:18 | {} | mongodb.js:106:9:106:18 | query | provenance | | +| mongodb.js:107:3:107:7 | query | mongodb.js:112:14:112:18 | query | provenance | | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | provenance | Config | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | provenance | Config | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:107:3:107:7 | query | provenance | Config | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | provenance | Config | +| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:24:5:24:9 | query | provenance | | +| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query | provenance | | +| mongodb_bodySafe.js:24:5:24:9 | query | mongodb_bodySafe.js:29:16:29:20 | query | provenance | | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | provenance | Config | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | provenance | Config | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:24:5:24:9 | query | provenance | Config | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | provenance | Config | +| mongoose.js:20:8:20:17 | query | mongoose.js:21:2:21:6 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:24:22:24:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:76:12:76:16 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:81:37:81:41 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:104:21:104:25 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:133:38:133:42 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:134:30:134:34 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | provenance | | +| mongoose.js:20:16:20:17 | {} | mongoose.js:20:8:20:17 | query | provenance | | +| mongoose.js:21:2:21:6 | query | mongoose.js:24:22:24:26 | query | provenance | | +| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:8:20:17 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:16:20:17 | {} | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:21:2:21:6 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:24:22:24:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:76:12:76:16 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:81:37:81:41 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:104:21:104:25 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:133:38:133:42 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:134:30:134:34 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | provenance | Config | +| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | provenance | Config | +| mongoose.js:24:22:24:26 | query | mongoose.js:27:17:27:21 | query | provenance | | +| mongoose.js:27:17:27:21 | query | mongoose.js:30:22:30:26 | query | provenance | | +| mongoose.js:30:22:30:26 | query | mongoose.js:33:21:33:25 | query | provenance | | +| mongoose.js:33:21:33:25 | query | mongoose.js:36:28:36:32 | query | provenance | | +| mongoose.js:36:28:36:32 | query | mongoose.js:39:16:39:20 | query | provenance | | +| mongoose.js:39:16:39:20 | query | mongoose.js:42:19:42:23 | query | provenance | | +| mongoose.js:42:19:42:23 | query | mongoose.js:45:28:45:32 | query | provenance | | +| mongoose.js:45:28:45:32 | query | mongoose.js:48:28:48:32 | query | provenance | | +| mongoose.js:48:28:48:32 | query | mongoose.js:51:28:51:32 | query | provenance | | +| mongoose.js:51:28:51:32 | query | mongoose.js:54:22:54:26 | query | provenance | | +| mongoose.js:54:22:54:26 | query | mongoose.js:57:18:57:22 | query | provenance | | +| mongoose.js:57:18:57:22 | query | mongoose.js:60:22:60:26 | query | provenance | | +| mongoose.js:60:22:60:26 | query | mongoose.js:63:21:63:25 | query | provenance | | +| mongoose.js:63:21:63:25 | query | mongoose.js:65:32:65:36 | query | provenance | | +| mongoose.js:65:32:65:36 | query | mongoose.js:67:27:67:31 | query | provenance | | +| mongoose.js:67:27:67:31 | query | mongoose.js:68:8:68:12 | query | provenance | | +| mongoose.js:68:8:68:12 | query | mongoose.js:71:17:71:21 | query | provenance | | +| mongoose.js:71:17:71:21 | query | mongoose.js:72:10:72:14 | query | provenance | | +| mongoose.js:72:10:72:14 | query | mongoose.js:73:8:73:12 | query | provenance | | +| mongoose.js:73:8:73:12 | query | mongoose.js:74:7:74:11 | query | provenance | | +| mongoose.js:74:7:74:11 | query | mongoose.js:75:16:75:20 | query | provenance | | +| mongoose.js:75:16:75:20 | query | mongoose.js:76:12:76:16 | query | provenance | | +| mongoose.js:76:12:76:16 | query | mongoose.js:77:10:77:14 | query | provenance | | +| mongoose.js:77:10:77:14 | query | mongoose.js:81:37:81:41 | query | provenance | | +| mongoose.js:81:37:81:41 | query | mongoose.js:82:46:82:50 | query | provenance | | +| mongoose.js:82:46:82:50 | query | mongoose.js:83:47:83:51 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:85:46:85:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:87:51:87:55 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:89:46:89:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:92:46:92:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:94:51:94:55 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:96:46:96:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:104:21:104:25 | query | provenance | | +| mongoose.js:104:21:104:25 | query | mongoose.js:111:14:111:18 | query | provenance | | +| mongoose.js:111:14:111:18 | query | mongoose.js:113:31:113:35 | query | provenance | | +| mongoose.js:113:31:113:35 | query | mongoose.js:133:38:133:42 | query | provenance | | +| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | provenance | | +| mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id | provenance | | +| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | provenance | | +| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | provenance | | +| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | provenance | Config | +| mongoose.js:133:38:133:42 | query | mongoose.js:134:30:134:34 | query | provenance | | +| mongoose.js:133:38:133:42 | query | mongoose.js:136:30:136:34 | query | provenance | | +| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | provenance | | +| mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query | provenance | | +| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | provenance | Config | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query | provenance | Config | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} | provenance | Config | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | provenance | Config | +| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | provenance | Config | +| mongooseModelClient.js:10:7:10:32 | v | mongooseModelClient.js:11:22:11:22 | v | provenance | | +| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | mongooseModelClient.js:10:7:10:32 | v | provenance | | +| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x | provenance | Config | +| mongooseModelClient.js:10:22:10:31 | req.body.x | mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | provenance | Config | +| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } | provenance | Config | +| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id | provenance | Config | +| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | provenance | Config | +| mysql.js:6:9:6:31 | temp | mysql.js:15:62:15:65 | temp | provenance | | +| mysql.js:6:9:6:31 | temp | mysql.js:19:70:19:73 | temp | provenance | | +| mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp | provenance | | +| mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp | provenance | | +| mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp | provenance | | +| pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint | provenance | | +| pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query | provenance | | +| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:7:7:55 | query | provenance | | +| pg-promise.js:9:10:9:14 | query | pg-promise.js:10:11:10:15 | query | provenance | | +| pg-promise.js:10:11:10:15 | query | pg-promise.js:11:17:11:21 | query | provenance | | +| pg-promise.js:11:17:11:21 | query | pg-promise.js:12:10:12:14 | query | provenance | | +| pg-promise.js:12:10:12:14 | query | pg-promise.js:13:12:13:16 | query | provenance | | +| pg-promise.js:13:12:13:16 | query | pg-promise.js:14:18:14:22 | query | provenance | | +| pg-promise.js:14:18:14:22 | query | pg-promise.js:15:11:15:15 | query | provenance | | +| pg-promise.js:15:11:15:15 | query | pg-promise.js:16:10:16:14 | query | provenance | | +| pg-promise.js:16:10:16:14 | query | pg-promise.js:17:16:17:20 | query | provenance | | +| pg-promise.js:17:16:17:20 | query | pg-promise.js:18:12:18:16 | query | provenance | | +| pg-promise.js:18:12:18:16 | query | pg-promise.js:19:13:19:17 | query | provenance | | +| pg-promise.js:19:13:19:17 | query | pg-promise.js:22:11:22:15 | query | provenance | | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:60:20:60:24 | query | provenance | | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:63:23:63:27 | query | provenance | | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:64:16:64:20 | query | provenance | | +| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | | +| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | | +| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | | +| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | provenance | Config | +| redis.js:12:9:12:26 | key | redis.js:13:16:13:18 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:26:14:26:16 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key | provenance | | +| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key | provenance | Config | +| redis.js:12:15:12:26 | req.body.key | redis.js:12:9:12:26 | key | provenance | | +| redis.js:13:16:13:18 | key | redis.js:18:16:18:18 | key | provenance | | +| redis.js:18:16:18:18 | key | redis.js:19:43:19:45 | key | provenance | | +| redis.js:19:43:19:45 | key | redis.js:25:14:25:16 | key | provenance | | +| redis.js:25:14:25:16 | key | redis.js:26:14:26:16 | key | provenance | | +| redis.js:26:14:26:16 | key | redis.js:30:23:30:25 | key | provenance | | +| redis.js:26:14:26:16 | key | redis.js:32:28:32:30 | key | provenance | | +| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key | provenance | | +| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key | provenance | | +| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key | provenance | | +| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key | provenance | Config | +| redis.js:38:17:38:28 | req.body.key | redis.js:38:11:38:28 | key | provenance | | +| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | provenance | | +| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | provenance | | +| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | provenance | | +| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | provenance | | +| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:7:8:55 | query1 | provenance | | +| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | provenance | | +| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | provenance | | subpaths #select | graphql.js:10:34:20:5 | `\\n ... }\\n ` | graphql.js:8:16:8:28 | req.params.id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | This query string depends on a $@. | graphql.js:8:16:8:28 | req.params.id | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected b/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected index 973b7da85553..1f3caa8f1ceb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected @@ -1,32 +1,45 @@ edges -| build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | -| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | -| build-leaks.js:13:11:19:10 | raw | build-leaks.js:22:36:22:38 | raw | -| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw | -| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | -| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:17:12:19:9 | [post update] {\\n ... } | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:13:15:15 | [post update] env | -| build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | -| build-leaks.js:17:12:19:9 | [post update] {\\n ... } | build-leaks.js:17:12:19:9 | {\\n ... } | -| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:13:17:19:10 | Object. ... }) | -| build-leaks.js:21:11:26:5 | stringifed [process.env] | build-leaks.js:30:22:30:31 | stringifed [process.env] | -| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | build-leaks.js:21:11:26:5 | stringifed [process.env] | -| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | -| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:24:25:14 | Object. ... }, {}) | -| build-leaks.js:22:36:22:38 | raw | build-leaks.js:25:12:25:13 | [post update] {} | -| build-leaks.js:25:12:25:13 | [post update] {} | build-leaks.js:25:12:25:13 | {} | -| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:24:25:14 | Object. ... }, {}) | -| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | -| build-leaks.js:30:22:30:31 | stringifed [process.env] | build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | -| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | -| build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw | -| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | -| build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | -| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | +| build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | provenance | | +| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | provenance | | +| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | provenance | | +| build-leaks.js:13:11:19:10 | raw | build-leaks.js:22:36:22:38 | raw | provenance | | +| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw | provenance | | +| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | provenance | | +| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | provenance | | +| build-leaks.js:14:18:14:20 | env [Return] | build-leaks.js:17:12:19:9 | [post update] {\\n ... } | provenance | | +| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:14:18:14:20 | env | provenance | | +| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:14:18:14:20 | env [Return] | provenance | | +| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:13:15:15 | [post update] env | provenance | Config | +| build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | provenance | | +| build-leaks.js:16:20:16:22 | env | build-leaks.js:14:18:14:20 | env | provenance | | +| build-leaks.js:16:20:16:22 | env | build-leaks.js:22:49:22:51 | env | provenance | | +| build-leaks.js:17:12:19:9 | [post update] {\\n ... } | build-leaks.js:17:12:19:9 | {\\n ... } | provenance | | +| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:13:17:19:10 | Object. ... }) | provenance | | +| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:14:18:14:20 | env | provenance | | +| build-leaks.js:21:11:26:5 | stringifed [process.env] | build-leaks.js:30:22:30:31 | stringifed [process.env] | provenance | | +| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | build-leaks.js:21:11:26:5 | stringifed [process.env] | provenance | | +| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | provenance | | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:24:25:14 | Object. ... }, {}) | provenance | | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | provenance | Config | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | provenance | | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:25:12:25:13 | [post update] {} | provenance | | +| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | provenance | | +| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | provenance | | +| build-leaks.js:23:13:23:15 | [post update] env | build-leaks.js:22:49:22:51 | env | provenance | | +| build-leaks.js:23:13:23:15 | [post update] env | build-leaks.js:22:49:22:51 | env [Return] | provenance | | +| build-leaks.js:23:39:23:41 | raw | build-leaks.js:23:13:23:15 | [post update] env | provenance | Config | +| build-leaks.js:25:12:25:13 | [post update] {} | build-leaks.js:25:12:25:13 | {} | provenance | | +| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:24:25:14 | Object. ... }, {}) | provenance | | +| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:49:22:51 | env | provenance | | +| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | provenance | | +| build-leaks.js:30:22:30:31 | stringifed [process.env] | build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | provenance | | +| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | provenance | | +| build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified | provenance | | +| build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw | provenance | | +| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | provenance | | +| build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | provenance | | +| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | provenance | | +| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | provenance | | nodes | build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | semmle.label | [post update] { // NO ... .env)\\n} [process.env] | | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | semmle.label | { // NO ... .env)\\n} | @@ -35,15 +48,25 @@ nodes | build-leaks.js:13:11:19:10 | raw | semmle.label | raw | | build-leaks.js:13:17:19:10 | Object. ... }) | semmle.label | Object. ... }) | | build-leaks.js:14:18:14:20 | env | semmle.label | env | +| build-leaks.js:14:18:14:20 | env | semmle.label | env | +| build-leaks.js:14:18:14:20 | env [Return] | semmle.label | env [Return] | | build-leaks.js:15:13:15:15 | [post update] env | semmle.label | [post update] env | | build-leaks.js:15:24:15:34 | process.env | semmle.label | process.env | | build-leaks.js:16:20:16:22 | env | semmle.label | env | +| build-leaks.js:16:20:16:22 | env | semmle.label | env | | build-leaks.js:17:12:19:9 | [post update] {\\n ... } | semmle.label | [post update] {\\n ... } | | build-leaks.js:17:12:19:9 | {\\n ... } | semmle.label | {\\n ... } | | build-leaks.js:21:11:26:5 | stringifed [process.env] | semmle.label | stringifed [process.env] | | build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | semmle.label | {\\n ... )\\n } [process.env] | | build-leaks.js:22:24:25:14 | Object. ... }, {}) | semmle.label | Object. ... }, {}) | | build-leaks.js:22:36:22:38 | raw | semmle.label | raw | +| build-leaks.js:22:49:22:51 | env | semmle.label | env | +| build-leaks.js:22:49:22:51 | env | semmle.label | env | +| build-leaks.js:22:49:22:51 | env [Return] | semmle.label | env [Return] | +| build-leaks.js:23:13:23:15 | [post update] env | semmle.label | [post update] env | +| build-leaks.js:23:39:23:41 | raw | semmle.label | raw | +| build-leaks.js:24:20:24:22 | env | semmle.label | env | +| build-leaks.js:24:20:24:22 | env | semmle.label | env | | build-leaks.js:25:12:25:13 | [post update] {} | semmle.label | [post update] {} | | build-leaks.js:25:12:25:13 | {} | semmle.label | {} | | build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | semmle.label | {\\n ... d\\n } [stringified, process.env] | @@ -58,6 +81,10 @@ nodes | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | semmle.label | JSON.stringify(pw) | | build-leaks.js:41:82:41:83 | pw | semmle.label | pw | subpaths +| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:22:49:22:51 | env [Return] | build-leaks.js:25:12:25:13 | [post update] {} | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) | +| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) | #select | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment | | build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | This creates a build artifact that depends on $@. | build-leaks.js:15:24:15:34 | process.env | sensitive data returned byprocess environment | From 1c730bc66ea11f222adcc4ec97d9026f4fca3646 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 27 Jun 2024 12:47:15 +0200 Subject: [PATCH 220/223] JS: Fix compilation error in DataFlowImplConsistency.qll --- .../javascript/dataflow/internal/DataFlowImplConsistency.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll index a4cf01999303..84f0f3e39b4f 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll @@ -4,7 +4,7 @@ private import sharedlib.DataFlowArg private import semmle.javascript.dataflow.internal.DataFlowPrivate private import semmle.javascript.dataflow.internal.DataFlowNode -private module ConsistencyConfig implements InputSig { +private module ConsistencyConfig implements InputSig { private predicate isAmbientNode(DataFlow::Node node) { exists(AstNode n | n.isAmbient() | node = TValueNode(n) or @@ -39,4 +39,4 @@ private module ConsistencyConfig implements InputSig { } } -module Consistency = MakeConsistency; +module Consistency = MakeConsistency; From 14fc790617223f3a97dbcbeef0c25eedfe8516c1 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 28 Jun 2024 13:08:09 +0200 Subject: [PATCH 221/223] Update DataFlowConsistency.expected --- .../FlowSummary/DataFlowConsistency.expected | 23 +------------------ 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected index 79c66aa0381c..5a967f1256e3 100644 --- a/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected +++ b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected @@ -4,28 +4,6 @@ uniqueType uniqueNodeLocation missingLocation uniqueNodeToString -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | -| file://:0:0:0:0 | (no string representation) | Node should have one toString but has 0. | parameterCallable localFlowIsLocal readStepIsLocal @@ -228,3 +206,4 @@ multipleArgumentCall | tst.js:265:3:265:6 | map3 | tst.js:265:3:265:27 | map3.se ... urce()) | Multiple calls for argument node. | | tst.js:266:3:266:6 | map3 | tst.js:266:3:266:14 | map3.forEach (as accessor call) | Multiple calls for argument node. | | tst.js:266:3:266:6 | map3 | tst.js:266:3:266:36 | map3.fo ... value)) | Multiple calls for argument node. | +lambdaCallEnclosingCallableMismatch From e5924c1f8423cd99e2f3423230a9b05f500f8557 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 28 Jun 2024 13:08:32 +0200 Subject: [PATCH 222/223] JS: Another messy test update --- .../TaintTracking/DataFlowTracking.expected | 257 ++++++++++++------ 1 file changed, 181 insertions(+), 76 deletions(-) diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected index 9a7889b61090..de977a8ff92e 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected @@ -1,76 +1,181 @@ -ERROR: AccessPathRange must implement toString() (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1053,19-34) -ERROR: Cannot reference parameterised module signatures without arguments. (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:6,41-49) -ERROR: Class must extend or implement at least one type (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1053,19-34) -ERROR: Could not resolve module AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1053,43-53) -ERROR: Could not resolve module AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1187,7-17) -ERROR: Could not resolve module AccessPathSyntax (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll:28,12-28) -ERROR: Could not resolve module AccessPathSyntax (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll:50,14-30) -ERROR: Could not resolve module AccessPathSyntax (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll:150,24-40) -ERROR: Could not resolve module AccessPathSyntax (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll:189,9-25) -ERROR: Could not resolve module AccessPathSyntax (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:343,10-26) -ERROR: Could not resolve module AccessPathSyntax (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll:358,27-43) -ERROR: Could not resolve module Pass1 (/Users/asger/git/code/ql/shared/dataflow/codeql/dataflow/DataFlow.qll:952,29-34) -ERROR: Could not resolve module Pass2 (/Users/asger/git/code/ql/shared/dataflow/codeql/dataflow/DataFlow.qll:955,48-53) -ERROR: Could not resolve module Pass2 (/Users/asger/git/code/ql/shared/dataflow/codeql/dataflow/DataFlow.qll:958,13-18) -ERROR: Could not resolve module VariableCapture::VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll:63,23-61) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll:48,3-24) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll:169,3-24) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:266,43-64) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:267,29-50) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:269,29-50) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:271,38-59) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:275,45-66) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:277,36-57) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:279,18-39) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:282,1-22) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:294,5-26) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:294,47-68) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:296,5-26) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll:813,3-24) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll:877,5-26) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll:922,5-26) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll:952,3-24) -ERROR: Could not resolve module VariableCaptureOutput (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll:1000,5-26) -ERROR: Could not resolve module semmle.javascript.frameworks.data.internal.AccessPathSyntax (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll:2,16-75) -ERROR: Could not resolve module semmle.javascript.frameworks.data.internal.AccessPathSyntax (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll:12,8-67) -ERROR: Could not resolve predicate edges/2 (/Users/asger/git/code/ql/shared/dataflow/codeql/dataflow/DataFlow.qll:939,49-63) -ERROR: Could not resolve predicate edges/2 (/Users/asger/git/code/ql/shared/dataflow/codeql/dataflow/DataFlow.qll:942,7-19) -ERROR: Could not resolve predicate edges/2 (/Users/asger/git/code/ql/shared/dataflow/codeql/dataflow/DataFlow.qll:1013,9-21) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1100,29-39) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1105,37-47) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1117,7-17) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1133,9-19) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1133,28-38) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1142,48-58) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1142,67-77) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1154,16-26) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1154,35-45) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1171,36-46) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1184,37-47) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1200,59-69) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1209,57-67) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1220,7-17) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1258,38-48) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1296,33-43) -ERROR: Could not resolve type AccessPath (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1307,33-43) -ERROR: Could not resolve type AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1058,26-41) -ERROR: Could not resolve type AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1064,24-39) -ERROR: Could not resolve type AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1070,32-47) -ERROR: Could not resolve type AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1079,49-64) -ERROR: Could not resolve type AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1184,54-69) -ERROR: Could not resolve type AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1190,43-58) -ERROR: Could not resolve type AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1195,44-59) -ERROR: Could not resolve type AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1232,33-48) -ERROR: Could not resolve type AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll:1269,33-48) -ERROR: Could not resolve type Private::AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll:101,3-27) -ERROR: Could not resolve type Private::AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll:115,3-27) -ERROR: Could not resolve type Private::AccessPathToken (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll:163,45-69) -ERROR: Default predicate predicate DataFlow::InputSig[DataFlowArg::JSDataFlow]::viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) conflicts with existing declarations: predicate DataFlowPrivate::viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) from DataFlowPrivate.qll:720 (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll:5,30-54) -ERROR: Module PathGraph does not declare edges/4, required by implemented signature PathGraphSig. (/Users/asger/git/code/ql/shared/dataflow/codeql/dataflow/DataFlow.qll:1007,33-55) -ERROR: Predicate getLocation/0 in type BasicBlock in module implementation VariableCaptureConfig of signature InputSig has result type Location, which does not match the expected result type Location (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/Locations.qll:91,12-23) -ERROR: Predicate getLocation/0 in type Callable in module implementation VariableCaptureConfig of signature InputSig has result type Location, which does not match the expected result type Location (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/AST.qll:26,21-32) -ERROR: Predicate getLocation/0 in type CapturedVariable in module implementation VariableCaptureConfig of signature InputSig has result type Location, which does not match the expected result type Location (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:54,9-25) -ERROR: Predicate getLocation/0 in type Expr in module implementation VariableCaptureConfig of signature InputSig has result type Location, which does not match the expected result type Location (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/AST.qll:26,21-32) -ERROR: Predicate getLocation/0 in type VariableWrite in module implementation VariableCaptureConfig of signature InputSig has result type Location, which does not match the expected result type Location (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:190,14-25) -ERROR: The predicate DataFlowPrivate::viableImplInCallContext(DataFlowCall call, DataFlowCall ctx), which was brought into scope by this import, conflicts with existing declarations: predicate DataFlow::InputSig[DataFlowArg::JSDataFlow]::viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) from DataFlow.qll:107 (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll:6,3-17) -ERROR: Wrong number of arguments for parameterised module (expected 2 rather than 1). (/Users/asger/git/code/ql/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll:264,32-59) +legacyDataFlowDifference +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:38:8:38:13 | arr[5] | only flow with NEW data flow library | +| bound-function.js:27:8:27:15 | source() | bound-function.js:30:10:30:10 | y | only flow with OLD data flow library | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | only flow with NEW data flow library | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:272:10:272:17 | this.foo | only flow with OLD data flow library | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:274:6:274:45 | new Cap ... ()).foo | only flow with OLD data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | only flow with NEW data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | only flow with NEW data flow library | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | only flow with NEW data flow library | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | only flow with NEW data flow library | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | only flow with NEW data flow library | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | only flow with NEW data flow library | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | only flow with NEW data flow library | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | only flow with NEW data flow library | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library | +| tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | only flow with NEW data flow library | +| tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | only flow with NEW data flow library | +flow +| access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | +| advanced-callgraph.js:2:13:2:20 | source() | advanced-callgraph.js:6:22:6:22 | v | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:17:8:17:13 | arr[1] | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:22:8:22:13 | arr[6] | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:28:8:28:13 | arr[1] | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:34:8:34:13 | arr[1] | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:38:8:38:13 | arr[5] | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:43:10:43:15 | arr[i] | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:55:10:55:15 | arr[i] | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:61:10:61:13 | item | +| booleanOps.js:2:11:2:18 | source() | booleanOps.js:4:8:4:8 | x | +| booleanOps.js:2:11:2:18 | source() | booleanOps.js:7:10:7:10 | x | +| booleanOps.js:2:11:2:18 | source() | booleanOps.js:10:10:10:10 | x | +| booleanOps.js:2:11:2:18 | source() | booleanOps.js:13:10:13:10 | x | +| booleanOps.js:2:11:2:18 | source() | booleanOps.js:19:10:19:10 | x | +| booleanOps.js:2:11:2:18 | source() | booleanOps.js:22:10:22:10 | x | +| bound-function.js:17:21:17:28 | source() | bound-function.js:5:10:5:16 | y.test2 | +| bound-function.js:19:15:19:22 | source() | bound-function.js:6:10:6:16 | y.test3 | +| bound-function.js:50:10:50:17 | source() | bound-function.js:50:6:50:18 | id3(source()) | +| bound-function.js:54:12:54:19 | source() | bound-function.js:59:6:59:14 | source0() | +| bound-function.js:54:12:54:19 | source() | bound-function.js:60:6:60:14 | source1() | +| call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 | +| call-apply.js:27:14:27:21 | source() | call-apply.js:29:6:29:32 | foo1.ca ... ce, "") | +| call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:40:6:40:28 | foo1_ca ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:62:10:62:21 | arguments[0] | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | +| call-apply.js:81:17:81:24 | source() | call-apply.js:78:8:78:11 | this | +| callbacks.js:4:6:4:13 | source() | callbacks.js:34:27:34:27 | x | +| callbacks.js:4:6:4:13 | source() | callbacks.js:35:27:35:27 | x | +| callbacks.js:5:6:5:13 | source() | callbacks.js:34:27:34:27 | x | +| callbacks.js:5:6:5:13 | source() | callbacks.js:35:27:35:27 | x | +| callbacks.js:25:16:25:23 | source() | callbacks.js:47:26:47:26 | x | +| callbacks.js:25:16:25:23 | source() | callbacks.js:48:26:48:26 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:41:10:41:10 | x | +| callbacks.js:50:18:50:25 | source() | callbacks.js:30:29:30:29 | y | +| callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y | +| callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x | +| callbacks.js:73:17:73:24 | source() | callbacks.js:73:37:73:37 | x | +| capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() | +| capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() | +| capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) | +| capture-flow.js:45:12:45:19 | source() | capture-flow.js:45:6:45:20 | test3(source()) | +| capture-flow.js:60:13:60:20 | source() | capture-flow.js:60:6:60:21 | test3a(source()) | +| capture-flow.js:76:13:76:20 | source() | capture-flow.js:76:6:76:21 | test3b(source()) | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | +| capture-flow.js:93:13:93:20 | source() | capture-flow.js:96:6:96:14 | test4()() | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:101:6:101:22 | test5(source())() | +| capture-flow.js:110:12:110:19 | source() | capture-flow.js:106:14:106:14 | x | +| capture-flow.js:118:37:118:44 | source() | capture-flow.js:114:14:114:14 | x | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:123:14:123:26 | orderingTaint | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:129:14:129:26 | orderingTaint | +| capture-flow.js:177:26:177:33 | source() | capture-flow.js:173:14:173:14 | x | +| capture-flow.js:187:34:187:41 | source() | capture-flow.js:183:14:183:14 | x | +| capture-flow.js:195:24:195:31 | source() | capture-flow.js:191:14:191:14 | x | +| capture-flow.js:205:24:205:31 | source() | capture-flow.js:200:18:200:18 | x | +| capture-flow.js:225:13:225:20 | source() | capture-flow.js:220:51:220:59 | fileOrDir | +| capture-flow.js:230:9:230:16 | source() | capture-flow.js:233:14:233:14 | x | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:243:18:243:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:247:18:247:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:248:18:248:27 | this.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:252:14:252:36 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:253:14:253:23 | this.field | +| capture-flow.js:262:16:262:23 | source() | capture-flow.js:264:14:264:21 | this.foo | +| capture-flow.js:283:34:283:41 | source() | capture-flow.js:283:6:283:46 | new Cap ... ()).foo | +| captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:24:8:24:14 | c.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:28:8:28:19 | c_safe.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:32:8:32:14 | d.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:36:8:36:19 | d_safe.taint | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:23:8:23:14 | c.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:31:8:31:14 | d.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | +| exceptions.js:3:15:3:22 | source() | exceptions.js:5:10:5:10 | e | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | +| exceptions.js:59:24:59:31 | source() | exceptions.js:61:12:61:12 | e | +| exceptions.js:88:6:88:13 | source() | exceptions.js:11:10:11:10 | e | +| exceptions.js:93:11:93:18 | source() | exceptions.js:95:10:95:10 | e | +| exceptions.js:100:13:100:20 | source() | exceptions.js:102:12:102:12 | e | +| exceptions.js:115:21:115:28 | source() | exceptions.js:121:10:121:10 | e | +| exceptions.js:144:9:144:16 | source() | exceptions.js:129:10:129:10 | e | +| exceptions.js:144:9:144:16 | source() | exceptions.js:132:8:132:27 | returnThrownSource() | +| exceptions.js:150:13:150:20 | source() | exceptions.js:153:10:153:10 | e | +| exceptions.js:158:13:158:20 | source() | exceptions.js:161:10:161:10 | e | +| factory-function.js:21:13:21:20 | source() | factory-function.js:7:10:7:12 | obj | +| factory-function.js:22:13:22:20 | source() | factory-function.js:7:10:7:12 | obj | +| factory-function.js:26:7:26:14 | source() | factory-function.js:16:14:16:16 | obj | +| factory-function.js:27:7:27:14 | source() | factory-function.js:16:14:16:16 | obj | +| getters-and-setters.js:6:20:6:27 | source() | getters-and-setters.js:9:10:9:18 | new C().x | +| getters-and-setters.js:6:20:6:27 | source() | getters-and-setters.js:13:18:13:20 | c.x | +| getters-and-setters.js:27:15:27:22 | source() | getters-and-setters.js:23:18:23:18 | v | +| getters-and-setters.js:47:23:47:30 | source() | getters-and-setters.js:45:14:45:16 | c.x | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | +| getters-and-setters.js:60:20:60:27 | source() | getters-and-setters.js:66:10:66:14 | obj.x | +| getters-and-setters.js:67:13:67:20 | source() | getters-and-setters.js:63:18:63:22 | value | +| getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:88:10:88:18 | new C().x | +| getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:92:14:92:16 | c.x | +| getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:100:10:100:22 | getX(new C()) | +| getters-and-setters.js:89:17:89:24 | source() | getters-and-setters.js:82:18:82:22 | value | +| implied-receiver.js:4:16:4:23 | source() | implied-receiver.js:7:18:7:25 | this.foo | +| importedReactComponent.jsx:4:40:4:47 | source() | exportedReactComponent.jsx:2:10:2:19 | props.text | +| indexOf.js:4:11:4:18 | source() | indexOf.js:9:10:9:10 | x | +| indexOf.js:4:11:4:18 | source() | indexOf.js:13:10:13:10 | x | +| logical-and.js:2:17:2:24 | source() | logical-and.js:4:10:4:24 | "safe" && taint | +| nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x | +| nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | +| nested-props.js:35:13:35:20 | source() | nested-props.js:36:10:36:20 | doLoad(obj) | +| nested-props.js:43:13:43:20 | source() | nested-props.js:44:10:44:18 | id(obj).x | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | +| nested-props.js:67:31:67:38 | source() | nested-props.js:68:10:68:10 | x | +| object-bypass-sanitizer.js:32:21:32:28 | source() | object-bypass-sanitizer.js:15:10:15:24 | sanitizer_id(x) | +| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:27:10:27:30 | sanitiz ... bj.foo) | +| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | +| partialCalls.js:4:17:4:24 | source() | partialCalls.js:17:14:17:14 | x | +| partialCalls.js:4:17:4:24 | source() | partialCalls.js:20:14:20:14 | y | +| partialCalls.js:4:17:4:24 | source() | partialCalls.js:30:14:30:20 | x.value | +| partialCalls.js:4:17:4:24 | source() | partialCalls.js:41:10:41:18 | id(taint) | +| partialCalls.js:4:17:4:24 | source() | partialCalls.js:51:14:51:14 | x | +| sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:14:10:14:14 | taint | +| sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:17:14:17:18 | taint | +| sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:21:14:21:18 | taint | +| sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:25:14:25:18 | taint | +| sanitizer-function.js:12:17:12:24 | source() | sanitizer-function.js:33:14:33:18 | taint | +| sanitizer-guards.js:2:11:2:18 | source() | sanitizer-guards.js:4:8:4:8 | x | +| sanitizer-guards.js:13:14:13:21 | source() | sanitizer-guards.js:15:10:15:15 | this.x | +| sanitizer-guards.js:13:14:13:21 | source() | sanitizer-guards.js:21:14:21:19 | this.x | +| sanitizer-guards.js:13:14:13:21 | source() | sanitizer-guards.js:26:9:26:14 | this.x | +| sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:45:8:45:8 | x | +| sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:48:10:48:10 | x | +| sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:52:10:52:10 | x | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | +| sanitizer-guards.js:68:11:68:18 | source() | sanitizer-guards.js:75:8:75:8 | x | +| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:81:8:81:8 | x | +| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:84:10:84:10 | x | +| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:86:9:86:9 | x | +| sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:93:8:93:8 | x | +| sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:96:10:96:10 | x | +| sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:98:7:98:7 | x | +| sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:102:10:102:10 | x | +| sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:104:7:104:7 | x | +| thisAssignments.js:4:17:4:24 | source() | thisAssignments.js:5:10:5:18 | obj.field | +| thisAssignments.js:7:19:7:26 | source() | thisAssignments.js:8:10:8:20 | this.field2 | +| tst.js:2:13:2:20 | source() | tst.js:4:10:4:10 | x | +| tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | +| tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | +| tst.js:2:13:2:20 | source() | tst.js:54:14:54:19 | unsafe | From 1d267efb6bd068962917d8cd6c13626da8551562 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 28 Jun 2024 14:30:56 +0200 Subject: [PATCH 223/223] JS: Fix missing qldoc --- .../ql/lib/semmle/javascript/dataflow/Configuration.qll | 2 ++ .../ql/lib/semmle/javascript/dataflow/FlowSummary.qll | 5 +++++ .../semmle/javascript/dataflow/internal/BarrierGuards.qll | 2 +- .../semmle/javascript/dataflow/internal/DataFlowNode.qll | 8 +++----- .../javascript/dataflow/internal/sharedlib/DataFlow.qll | 2 ++ .../dataflow/internal/sharedlib/TaintTracking.qll | 2 ++ .../security/dataflow/UnsafeDynamicMethodAccessQuery.qll | 1 + 7 files changed, 16 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index 3c5f57f60a6b..981155a5fee3 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -1762,7 +1762,9 @@ class MidPathNode extends PathNode, MkMidNode { predicate isHidden() { PathNode::shouldNodeBeHidden(nd) } } +/** Companion module to the `PathNode` class. */ module PathNode { + /** Holds if `nd` should be hidden in data flow paths. */ predicate shouldNodeBeHidden(DataFlow::Node nd) { // Skip phi, refinement, and capture nodes nd.(DataFlow::SsaDefinitionNode).getSsaVariable().getDefinition() instanceof diff --git a/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll index 51005bf44ca4..9f619a3058e6 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll @@ -12,6 +12,11 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari SummarizedCallable() { any() } // TODO: rename 'propagatesFlowExt' and/or override 'propagatesFlow' directly + /** + * Holds if data may flow from `input` to `output` through this callable. + * + * `preservesValue` indicates whether this is a value-preserving step or a taint-step. + */ pragma[nomagic] predicate propagatesFlowExt(string input, string output, boolean preservesValue) { none() } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll index 340a7b9694bc..1235e05121af 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll @@ -187,7 +187,7 @@ module MakeStateBarrierGuard< abstract predicate blocksExpr(boolean outcome, Expr test, FlowState state); } - class ExplicitBarrierGuard extends BarrierGuard instanceof BaseGuard { + private class ExplicitBarrierGuard extends BarrierGuard instanceof BaseGuard { override predicate blocksExpr(boolean outcome, Expr test, FlowState state) { BaseGuard.super.blocksExpr(outcome, test, state) } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index 5f80355f0009..4e10b6b27e19 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -112,11 +112,9 @@ private class TEarlyStageNode = * These module systems must therefore use `EarlyStageNode` instead of `DataFlow::Node`. */ class EarlyStageNode extends TEarlyStageNode { + /** Gets a string representation of this data flow node. */ string toString() { result = this.(DataFlow::Node).toString() } - predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.(DataFlow::Node).hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } + /** Gets the location of this data flow node. */ + Location getLocation() { result = this.(DataFlow::Node).getLocation() } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll index a9148af94acc..d9e711ee07a8 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll @@ -1,3 +1,5 @@ +/** Provides the instantiation of the shared data flow library. */ + private import semmle.javascript.Locations private import codeql.dataflow.DataFlow private import DataFlowArg diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll index bfa4c4de8c99..e2215a8afc32 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll @@ -1,3 +1,5 @@ +/** Provides the instantiation of the shared taint tracking library. */ + private import semmle.javascript.Locations private import codeql.dataflow.TaintTracking private import DataFlowArg diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll index 1d1098f87e17..f73363d1767d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll @@ -43,6 +43,7 @@ module UnsafeDynamicMethodAccessConfig implements DataFlow::StateConfigSig { label.isTaint() } + /** An additional flow step for use in both this configuration and the legacy configuration. */ additional predicate additionalFlowStep( DataFlow::Node src, DataFlow::FlowLabel srclabel, DataFlow::Node dst, DataFlow::FlowLabel dstlabel