3131| app.js:55:37:55:72 | req.que ... JsonRaw |
3232| app.js:59:38:59:74 | req.que ... ringRaw |
3333| app.js:59:38:59:74 | req.que ... ringRaw |
34+ | projectA/src/index.js:7:16:7:30 | req.query.sinkA |
35+ | projectA/src/index.js:7:16:7:30 | req.query.sinkA |
36+ | projectA/src/index.js:12:16:12:30 | req.query.sinkA |
37+ | projectA/src/index.js:12:16:12:30 | req.query.sinkA |
38+ | projectA/src/index.js:17:16:17:30 | req.query.sinkA |
39+ | projectA/src/index.js:17:16:17:30 | req.query.sinkA |
40+ | projectA/src/index.js:32:16:32:30 | req.query.sinkA |
41+ | projectA/src/index.js:32:16:32:30 | req.query.sinkA |
42+ | projectA/src/index.js:37:16:37:30 | req.query.sinkA |
43+ | projectA/src/index.js:37:16:37:30 | req.query.sinkA |
44+ | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> |
45+ | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> |
46+ | projectA/views/main.ejs:2:5:2:9 | sinkA |
47+ | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> |
48+ | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> |
49+ | projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA |
50+ | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> |
51+ | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> |
52+ | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA |
3453| views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> |
3554| views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> |
3655| views/ejs_sinks.ejs:4:13:4:19 | rawHtml |
@@ -117,6 +136,22 @@ edges
117136| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw |
118137| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw |
119138| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw |
139+ | projectA/src/index.js:7:16:7:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA |
140+ | projectA/src/index.js:7:16:7:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA |
141+ | projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA |
142+ | projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:5:2:9 | sinkA |
143+ | projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA |
144+ | projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA |
145+ | projectA/src/index.js:32:16:32:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA |
146+ | projectA/src/index.js:32:16:32:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA |
147+ | projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA |
148+ | projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA |
149+ | projectA/views/main.ejs:2:5:2:9 | sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> |
150+ | projectA/views/main.ejs:2:5:2:9 | sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> |
151+ | projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> |
152+ | projectA/views/subfolder/index.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> |
153+ | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> |
154+ | projectA/views/subfolder/other.ejs:2:5:2:9 | sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> |
120155| views/ejs_sinks.ejs:4:13:4:19 | rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> |
121156| views/ejs_sinks.ejs:4:13:4:19 | rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> |
122157| views/ejs_sinks.ejs:7:13:7:30 | object.rawHtmlProp | views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> |
@@ -140,6 +175,11 @@ edges
140175| views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json |
141176| views/njk_sinks.njk:15:49:15:74 | dataInG ... JsonRaw | views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json |
142177#select
178+ | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:7:16:7:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:7:16:7:30 | req.query.sinkA | user-provided value |
179+ | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:12:16:12:30 | req.query.sinkA | user-provided value |
180+ | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:17:16:17:30 | req.query.sinkA | user-provided value |
181+ | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:32:16:32:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:32:16:32:30 | req.query.sinkA | user-provided value |
182+ | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | Cross-site scripting vulnerability due to $@. | projectA/src/index.js:37:16:37:30 | req.query.sinkA | user-provided value |
143183| views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | Cross-site scripting vulnerability due to $@. | app.js:8:18:8:34 | req.query.rawHtml | user-provided value |
144184| views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | app.js:11:26:11:46 | req.que ... tmlProp | views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | Cross-site scripting vulnerability due to $@. | app.js:11:26:11:46 | req.que ... tmlProp | user-provided value |
145185| views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | app.js:14:33:14:64 | req.que ... eralRaw | views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | Cross-site scripting vulnerability due to $@. | app.js:14:33:14:64 | req.que ... eralRaw | user-provided value |
0 commit comments