forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathRegExpInjection.expected
More file actions
114 lines (114 loc) · 9.38 KB
/
RegExpInjection.expected
File metadata and controls
114 lines (114 loc) · 9.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
nodes
| RegExpInjection.js:5:7:5:28 | key |
| RegExpInjection.js:5:13:5:28 | req.param("key") |
| RegExpInjection.js:5:13:5:28 | req.param("key") |
| RegExpInjection.js:5:31:5:56 | input |
| RegExpInjection.js:5:39:5:56 | req.param("input") |
| RegExpInjection.js:5:39:5:56 | req.param("input") |
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:8:31:8:33 | key |
| RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:19:19:19:21 | key |
| RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key |
| RegExpInjection.js:24:12:24:27 | req.param("key") |
| RegExpInjection.js:24:12:24:27 | req.param("key") |
| RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:33:12:33:14 | key |
| RegExpInjection.js:34:12:34:19 | getKey() |
| RegExpInjection.js:40:19:40:23 | input |
| RegExpInjection.js:40:19:40:23 | input |
| RegExpInjection.js:41:22:41:26 | input |
| RegExpInjection.js:41:22:41:26 | input |
| RegExpInjection.js:42:21:42:25 | input |
| RegExpInjection.js:42:21:42:25 | input |
| RegExpInjection.js:45:20:45:24 | input |
| RegExpInjection.js:45:20:45:24 | input |
| RegExpInjection.js:46:23:46:27 | input |
| RegExpInjection.js:46:23:46:27 | input |
| RegExpInjection.js:47:22:47:26 | input |
| RegExpInjection.js:47:22:47:26 | input |
| RegExpInjection.js:50:46:50:50 | input |
| RegExpInjection.js:50:46:50:50 | input |
| tst.js:1:46:1:46 | e |
| tst.js:1:46:1:46 | e |
| tst.js:2:9:2:21 | data |
| tst.js:2:16:2:16 | e |
| tst.js:2:16:2:21 | e.data |
| tst.js:3:16:3:35 | "^"+ data.name + "$" |
| tst.js:3:16:3:35 | "^"+ data.name + "$" |
| tst.js:3:21:3:24 | data |
| tst.js:3:21:3:29 | data.name |
edges
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:8:31:8:33 | key |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:19:19:19:21 | key |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:21:19:21:21 | key |
| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:33:12:33:14 | key |
| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key |
| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:19:40:23 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:19:40:23 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:22:41:26 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:22:41:26 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:21:42:25 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:21:42:25 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:20:45:24 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:20:45:24 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:23:46:27 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:23:46:27 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:22:47:26 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:22:47:26 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:50:46:50:50 | input |
| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:50:46:50:50 | input |
| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input |
| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input |
| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" |
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() |
| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s |
| RegExpInjection.js:33:12:33:14 | key | RegExpInjection.js:29:21:29:21 | s |
| RegExpInjection.js:34:12:34:19 | getKey() | RegExpInjection.js:29:21:29:21 | s |
| tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e |
| tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e |
| tst.js:2:9:2:21 | data | tst.js:3:21:3:24 | data |
| tst.js:2:16:2:16 | e | tst.js:2:16:2:21 | e.data |
| tst.js:2:16:2:21 | e.data | tst.js:2:9:2:21 | data |
| tst.js:3:21:3:24 | data | tst.js:3:21:3:29 | data.name |
| tst.js:3:21:3:29 | data.name | tst.js:3:16:3:35 | "^"+ data.name + "$" |
| tst.js:3:21:3:29 | data.name | tst.js:3:16:3:35 | "^"+ data.name + "$" |
#select
| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:19:14:19:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:19:14:19:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:21:14:21:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:21:14:21:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:27:14:27:21 | getKey() | RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | This regular expression is constructed from a $@. | RegExpInjection.js:24:12:24:27 | req.param("key") | user-provided value |
| RegExpInjection.js:31:23:31:23 | s | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:31:23:31:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value |
| RegExpInjection.js:31:23:31:23 | s | RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:31:23:31:23 | s | This regular expression is constructed from a $@. | RegExpInjection.js:24:12:24:27 | req.param("key") | user-provided value |
| RegExpInjection.js:40:19:40:23 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:40:19:40:23 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:41:22:41:26 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:41:22:41:26 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:42:21:42:25 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:42:21:42:25 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:45:20:45:24 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:45:20:45:24 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:46:23:46:27 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:46:23:46:27 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:47:22:47:26 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:47:22:47:26 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| RegExpInjection.js:50:46:50:50 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:50:46:50:50 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value |
| tst.js:3:16:3:35 | "^"+ data.name + "$" | tst.js:1:46:1:46 | e | tst.js:3:16:3:35 | "^"+ data.name + "$" | This regular expression is constructed from a $@. | tst.js:1:46:1:46 | e | user-provided value |