| Rule ID | New alerts | True positives | False positives |
|---|---|---|---|
| js/command-line-injection | 2 | 2 | 0 |
| js/file-access-to-http | 64 | 5+ | 0+ |
| js/path-injection | 29 | 3+ | 2+ |
| js/reflected-xss | 5 | 4 | 1 |
| js/regex-injection | 13 | 4+ | 1+ |
| js/remote-property-injection | 20 | 5+ | 0+ |
| js/user-controlled-bypass | 2 | 0 | 2 |
| js/xss | 1 | 1 | 0 |
| Total | 136 | 24+ | 6+ |
Below, we list the new alerts organized by the project in which they were found, with links to the corresponding source locations on GitHub.
Note: Two projects, https://github.com/alejandroMonroy/curso-node-heroku and https://github.com/ninjapanda47/finders-fee-deploy, have been deleted from GitHub since we did our initial experiments and hence cannot be included. They each contained two new alerts form js/file-access-to-http, so the total number of new alerts for this rule shown below is 60 instead of the 64 mentioned in the table above.
- davros: server/publishing.js:33:19:33:73 [true positive]
// if(stat) { // var sessionId = req.headers['x-sandstorm-session-id']; return exec("./sandstorm-integration/bin/getPublicId " + sessionId); // } // }).then((result) => {
- This command depends on [a user-provided value](1).
- Related locations:
- new18: screenshot-server/index.js:43:14:43:17 [true positive]
// .replace(/jpg/g, namejpg); // await exec(cmd); // await exec(resizeCmd); //
- This command depends on [a user-provided value](1).
- Related locations:
- tootspace-s3: server.js:58:13:58:56 [true positive]
// var existsPath = prefix + '.exists'; // request({url: bucketBase + accountPath, json: true}, function (err, resp, body) { // // Check for existing registration // if (200 === resp.statusCode) {
- [File data](1) flows directly to outbound network request
- [File data](2) flows directly to outbound network request
- Related locations:
- tootspace-s3: server.js:58:19:58:43 [true positive]
// var existsPath = prefix + '.exists'; // request({url: bucketBase + accountPath, json: true}, function (err, resp, body) { // // Check for existing registration // if (200 === resp.statusCode) {
- [File data](1) flows directly to outbound network request
- [File data](2) flows directly to outbound network request
- Related locations:
- tootspace-s3: server.js:67:15:67:38 [true positive]
// } // request(bucketBase + existsPath, function (err, resp, body) { // // Check for taken nickname // if (200 === resp.statusCode) {
- [File data](1) flows directly to outbound network request
- [File data](2) flows directly to outbound network request
- Related locations:
- tootspace-s3: server.js:127:13:130:6 [true positive]
// var accountPath = '/users/amazon/' + user_id + '.json'; // request({ // url: bucketBase + accountPath, // json: true
- [File data](1) flows directly to outbound network request
- [File data](2) flows directly to outbound network request
- Related locations:
- tootspace-s3: server.js:128:12:128:36 [true positive]
// // request({ url: bucketBase + accountPath, // json: true // }, function (err, resp, body) {
- [File data](1) flows directly to outbound network request
- [File data](2) flows directly to outbound network request
- Related locations:
- DO080: apps/hexboard/server/hexboard/pod.js:114:26:114:41
// delete env.watchOptions.qs.latestResourceVersion; // console.log(tag, 'list options', env.listOptions.url); var stream = request(env.listOptions, function(error, response, body) { // if (error) { // console.log(tag, 'error:',error);
- [File data](1) flows directly to outbound network request
- Related locations:
- DO080: apps/hexboard/server/hexboard/pod.js:153:26:153:42
// return Rx.Observable.create(function(observer) { // console.log(tag, 'watch options', env.watchOptions.url, env.watchOptions.qs); var stream = request(env.watchOptions); // stream.on('error', function(error) { // console.log(tag, 'error:', error);
- [File data](1) flows directly to outbound network request
- Related locations:
- onepage-opensource: node_modules/nodemon/node_modules/update-notifier/node_modules/latest-version/node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- onepage-opensource: node_modules/nodemon/node_modules/update-notifier/node_modules/latest-version/node_modules/package-json/node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- practice: nodejs_test/koa2/HelloKoa2/node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- practice: nodejs_test/koa2/HelloKoa2/node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- practice: vue-test/node_modules/agent-base/patch-core.js:52:32:52:39
- [File data](1) flows directly to outbound network request
- Related locations:
- api-rest-example: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- api-rest-example: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- CleanOutLoudWeb: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- CleanOutLoudWeb: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- local-doc: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- local-doc: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- CodaisseurAdvancedSession_API: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- CodaisseurAdvancedSession_API: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- guodaddy: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- guodaddy: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- trippinceylon-backend: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- trippinceylon-backend: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- omdbclone: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- omdbclone: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- socket-middleware: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- socket-middleware: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- document-download-prototypes: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- document-download-prototypes: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- myReactTemplate: graphql-server/node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- myReactTemplate: graphql-server/node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- lipdnet: website/node_modules/nodemon/node_modules/update-notifier/node_modules/latest-version/node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- lipdnet: website/node_modules/nodemon/node_modules/update-notifier/node_modules/latest-version/node_modules/package-json/node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- Auction_Project: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- Auction_Project: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- cradle: test/helpers/seed.js:33:15:37:8
- [File data](1) flows directly to outbound network request
- Related locations:
- cradle: test/helpers/seed.js:35:14:35:81
- [File data](1) flows directly to outbound network request
- Related locations:
- koa2-angular-mongodb: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- koa2-angular-mongodb: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- light-bootstrap-dashboard: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- light-bootstrap-dashboard: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- bamnode: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- bamnode: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- felinorte: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- felinorte: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- Ironshop: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- Ironshop: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- drawGuess: drawGuess-api/node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- drawGuess: drawGuess-api/node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- c2s-use-current-location-prototype: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- c2s-use-current-location-prototype: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- AroundTheWODTEST: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- AroundTheWODTEST: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- HealthCareSystem: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- HealthCareSystem: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- pay-link-set-up: node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- pay-link-set-up: node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- Node-Angular: userStory/node_modules/got/index.js:136:24:136:28
- [File data](1) flows directly to outbound network request
- Related locations:
- Node-Angular: userStory/node_modules/package-json/index.js:6:6:6:9
- [File data](1) flows directly to outbound network request
- Related locations:
- server-examples: nodejs/nodejs.js:134:12:134:23 [true positive]
// dirToDelete = uploadedFilesPath + uuid; // rimraf(dirToDelete, function(error) { // if (error) { // console.error("Problem deleting file! " + error);
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- Related locations:
- ungit: source/git-api.js:597:21:597:71 [false positive due to analysis imprecision]
// .then(gitPromise.bind(null, ['rm', '-f', req.query.submoduleName], req.query.path)) // .then(() => { rimraf.sync(path.join(req.query.path, req.query.submodulePath)); // rimraf.sync(path.join(req.query.path, '.git', 'modules', req.query.submodulePath)); // });
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- This path depends on [a user-provided value](7).
- Related locations:
- (1) ungit: source/git-api.js:597:31:597:45
- (2) ungit: source/git-api.js:597:31:597:45
- (3) ungit: source/git-api.js:597:31:597:45
- (4) ungit: source/git-api.js:597:31:597:45
- (5) ungit: source/git-api.js:597:47:597:70
- (6) ungit: source/git-api.js:597:47:597:70
- (7) ungit: source/git-api.js:597:47:597:70
- ungit: source/git-api.js:598:21:598:90 [false positive due to analysis imprecision]
// .then(() => { // rimraf.sync(path.join(req.query.path, req.query.submodulePath)); rimraf.sync(path.join(req.query.path, '.git', 'modules', req.query.submodulePath)); // }); //
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- This path depends on [a user-provided value](7).
- Related locations:
- (1) ungit: source/git-api.js:598:31:598:45
- (2) ungit: source/git-api.js:598:31:598:45
- (3) ungit: source/git-api.js:598:31:598:45
- (4) ungit: source/git-api.js:598:31:598:45
- (5) ungit: source/git-api.js:598:66:598:89
- (6) ungit: source/git-api.js:598:66:598:89
- (7) ungit: source/git-api.js:598:66:598:89
- chrome: src/routes.ts:158:12:158:20 [true positive]
// } // rimraf(filePath, _.noop); // // return res.sendStatus(204);
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- Related locations:
- DockerSecurityPlayground: app/data/labels.js:60:31:60:40 [true positive]
// async.waterfall([ // // If success open JSON File (cb) => jsonfile.readFile(labelname, cb), // ], // // Ok it's terminated with an array of objects
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- This path depends on [a user-provided value](7).
- This path depends on [a user-provided value](8).
- This path depends on [a user-provided value](9).
- This path depends on [a user-provided value](10).
- ... (5 more messages)
- Related locations:
- (1) DockerSecurityPlayground: app/handlers/labels.js:29:39:29:54
- (2) DockerSecurityPlayground: app/handlers/labels.js:29:39:29:54
- (3) DockerSecurityPlayground: app/handlers/labels.js:29:39:29:54
- (4) DockerSecurityPlayground: app/handlers/labels.js:29:56:29:74
- (5) DockerSecurityPlayground: app/handlers/labels.js:29:56:29:74
- (6) DockerSecurityPlayground: app/handlers/labels.js:29:56:29:74
- (7) DockerSecurityPlayground: app/handlers/labels.js:46:55:46:70
- (8) DockerSecurityPlayground: app/handlers/labels.js:46:55:46:70
- (9) DockerSecurityPlayground: app/handlers/labels.js:46:55:46:70
- (10) DockerSecurityPlayground: app/handlers/labels.js:67:55:67:70
- ... (5 more related locations)
- DockerSecurityPlayground: app/data/labels.js:76:31:76:40
// labelname = labelname || ''; // async.waterfall([ (cb) => jsonfile.readFile(labelname, cb), // // Now update array // (jsonObj, cb) => {
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- This path depends on [a user-provided value](7).
- This path depends on [a user-provided value](8).
- This path depends on [a user-provided value](9).
- This path depends on [a user-provided value](10).
- ... (8 more messages)
- Related locations:
- (1) DockerSecurityPlayground: app/handlers/labels.js:106:55:106:70
- (2) DockerSecurityPlayground: app/handlers/labels.js:106:55:106:70
- (3) DockerSecurityPlayground: app/handlers/labels.js:106:55:106:70
- (4) DockerSecurityPlayground: app/handlers/labels.js:133:55:133:70
- (5) DockerSecurityPlayground: app/handlers/labels.js:133:55:133:70
- (6) DockerSecurityPlayground: app/handlers/labels.js:133:55:133:70
- (7) DockerSecurityPlayground: app/handlers/labs.js:160:17:160:25
- (8) DockerSecurityPlayground: app/handlers/labs.js:160:17:160:25
- (9) DockerSecurityPlayground: app/handlers/labs.js:160:17:160:25
- (10) DockerSecurityPlayground: app/handlers/labs.js:164:19:164:27
- ... (8 more related locations)
- DockerSecurityPlayground: app/data/labs.js:109:14:109:39
// (up, cb) => { // userPath = up; rimraf(path.join(userPath, name), cb); // }, // (cb) => LabStates.exists(path.basename(userPath), name, cb),
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- Related locations:
- DockerSecurityPlayground: app/data/labs.js:231:25:231:40
// (cfile, cb) => { // const informationFile = path.join(homedir(), cfile.mainDir, nameRepo, nameLab, 'information.json'); jsonfile.readFile(informationFile, cb); // }], // (err, jsonDescription) => {
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- Related locations:
- (1) DockerSecurityPlayground: app/handlers/labs.js:110:37:110:52
- (2) DockerSecurityPlayground: app/handlers/labs.js:110:37:110:52
- (3) DockerSecurityPlayground: app/handlers/labs.js:110:37:110:52
- (4) DockerSecurityPlayground: app/handlers/labs.js:110:54:110:72
- (5) DockerSecurityPlayground: app/handlers/labs.js:110:54:110:72
- (6) DockerSecurityPlayground: app/handlers/labs.js:110:54:110:72
- DockerSecurityPlayground: app/data/network.js:62:25:62:36
// yamlFile = path.join(homedir(), config.mainDir, namerepo, namelab, 'docker-compose.yml'); // jsonfile.readFile(networkfile, cb); // }, // (network, cb) => {
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- This path depends on [a user-provided value](7).
- This path depends on [a user-provided value](8).
- This path depends on [a user-provided value](9).
- This path depends on [a user-provided value](10).
- ... (29 more messages)
- Related locations:
- (1) DockerSecurityPlayground: app/handlers/docker-images.js:49:48:49:67
- (2) DockerSecurityPlayground: app/handlers/docker-images.js:49:48:49:67
- (3) DockerSecurityPlayground: app/handlers/docker-images.js:49:48:49:67
- (4) DockerSecurityPlayground: app/handlers/docker-images.js:49:69:49:87
- (5) DockerSecurityPlayground: app/handlers/docker-images.js:49:69:49:87
- (6) DockerSecurityPlayground: app/handlers/docker-images.js:49:69:49:87
- (7) DockerSecurityPlayground: app/handlers/docker-images.js:64:52:64:71
- (8) DockerSecurityPlayground: app/handlers/docker-images.js:64:52:64:71
- (9) DockerSecurityPlayground: app/handlers/docker-images.js:64:52:64:71
- (10) DockerSecurityPlayground: app/handlers/docker-images.js:64:73:64:91
- ... (29 more related locations)
- DockerSecurityPlayground: app/data/repos.js:96:20:96:48
// }, // // Remove directory from the main directory (cb) => rimraf(path.join(mainDir, reponame), cb), // (cb) => get(cb), // // Remove from repos.json
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- Related locations:
- DockerSecurityPlayground: app/handlers/labs.js:341:25:341:58
// // get all labels of lab to import // (cb) => { jsonfile.readFile(path.join(srcPath, 'labels.json'), cb); // }, // (jsonData, cb) => {
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- Related locations:
- (1) DockerSecurityPlayground: app/handlers/labs.js:272:54:272:62
- (2) DockerSecurityPlayground: app/handlers/labs.js:272:54:272:62
- (3) DockerSecurityPlayground: app/handlers/labs.js:272:54:272:62
- (4) DockerSecurityPlayground: app/handlers/labs.js:272:73:272:81
- (5) DockerSecurityPlayground: app/handlers/labs.js:272:73:272:81
- (6) DockerSecurityPlayground: app/handlers/labs.js:272:73:272:81
- DockerSecurityPlayground: app/handlers/network.js:215:15:215:30
// // Zip has been saved, destroy directory // if(wasDir) { rimraf(destinationPath, cb); // destinationPath = `${destinationPath}.zip`; // }
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- This path depends on [a user-provided value](7).
- This path depends on [a user-provided value](8).
- This path depends on [a user-provided value](9).
- This path depends on [a user-provided value](10).
- ... (2 more messages)
- Related locations:
- (1) DockerSecurityPlayground: app/handlers/network.js:183:18:183:26
- (2) DockerSecurityPlayground: app/handlers/network.js:183:18:183:26
- (3) DockerSecurityPlayground: app/handlers/network.js:183:18:183:26
- (4) DockerSecurityPlayground: app/handlers/network.js:183:18:183:26
- (5) DockerSecurityPlayground: app/handlers/network.js:183:18:183:26
- (6) DockerSecurityPlayground: app/handlers/network.js:183:18:183:26
- (7) DockerSecurityPlayground: app/handlers/network.js:184:17:184:25
- (8) DockerSecurityPlayground: app/handlers/network.js:184:17:184:25
- (9) DockerSecurityPlayground: app/handlers/network.js:184:17:184:25
- (10) DockerSecurityPlayground: app/handlers/network.js:184:17:184:25
- ... (2 more related locations)
- DockerSecurityPlayground: app/handlers/tree_routes.js:150:18:150:26
// if (errCanDelete) appUtils.response('DELETE FILE', res, errCanDelete); // else if (stats.isDirectory()) { rimraf(filename, (innerErr) => { // appUtils.response('DELETE FILE', res, innerErr); // });
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- Related locations:
- HEAD: src/webui/backend/lib/performances.js:156:25:156:26
// let p = path.join(dir, id) // if (fs.existsSync(p) && fs.lstatSync(p).isDirectory()) { rimraf.sync(p, {}, function(e) { // if (e) console.log(e) // })
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- This path depends on [a user-provided value](7).
- This path depends on [a user-provided value](8).
- This path depends on [a user-provided value](9).
- This path depends on [a user-provided value](10).
- ... (1 more messages)
- Related locations:
- (1) HEAD: src/webui/backend/entry.js:129:88:129:106
- (2) HEAD: src/webui/backend/entry.js:129:88:129:106
- (3) HEAD: src/webui/backend/entry.js:129:88:129:106
- (4) HEAD: src/webui/backend/entry.js:132:39:132:55
- (5) HEAD: src/webui/backend/entry.js:132:39:132:55
- (6) HEAD: src/webui/backend/entry.js:150:88:150:106
- (7) HEAD: src/webui/backend/entry.js:150:88:150:106
- (8) HEAD: src/webui/backend/entry.js:150:88:150:106
- (9) HEAD: src/webui/backend/entry.js:152:80:152:96
- (10) HEAD: src/webui/backend/entry.js:152:80:152:96
- ... (1 more related locations)
- mock-node: server.js:324:16:324:70
// if (index > -1) { // router.stack.splice(index, 1); rimraf(path.join(__dirname, 'stubs', encodeRoutePath(_route)), function () {}); // } // var newRoutes = config.routes.filter(function (route) {
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- Related locations:
- mock-node: src/server.es6:314:12:314:66
// if (index > -1) { // router.stack.splice(index, 1); rimraf(path.join(__dirname, 'stubs', encodeRoutePath(_route)), () => {}); // } // let newRoutes = config.routes.filter((route) => route.route != _route);
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- Related locations:
- mediacenterjs: index.js:149:12:149:18
// , publicdir = './public/'+module+'/'; // rimraf(appDir, function (e){ // if(e){ // logger.error('Error removing module',{error: e})
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- Related locations:
- mediacenterjs: index.js:154:12:154:21
// } // }); rimraf(publicdir, function (e) { // if(e) { // logger.error('Error removing module',{error:e})
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- Related locations:
- expressCart: routes/product.js:411:16:411:49
// } // // delete any images and folder rimraf('public/uploads/' + req.params.id, (err) => { // if(err){ // console.info(err.stack);
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- Related locations:
- cgm-remote-monitor: lib/api/alexa/index.js:52:27:52:33
// } // ctx.language.set(locale); moment.locale(locale); // } //
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- Related locations:
- urllib: lib/urllib.js:1199:36:1199:39
//function parseContentType(str) { // try { return contentTypeParser.parse(str); // } catch (err) { // // ignore content-type error, tread as default
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- Related locations:
- manager: cloudify-stage/backend/source/SourceHandler.js:71:20:71:31
// logger.debug('extracting', archivePath, extractFolder); // decompress(archivePath, extractFolder).then(files => { // let tree = _scanArchive(extractFolder); // callback(null, tree);
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- Related locations:
- manager: cloudify-stage/backend/source/SourceHandler.js:147:22:147:34
// function browseArchiveFile(path, callback) { // var absolutePath = pathlib.join(_getRootFolder(), path); fsp.readFile(absolutePath, 'utf-8').then(function(content) { // callback(null, content); // }).catch(function(err){
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- Related locations:
- yaktime: src/tape.ts:26:46:26:57
// // if (contentType == null) return const parsedContentType = contentTypeParse(contentType) // // return identityEncoding && isContentTypeHumanReadable(parsedContentType)
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- This path depends on [a user-provided value](5).
- This path depends on [a user-provided value](6).
- This path depends on [a user-provided value](7).
- This path depends on [a user-provided value](8).
- Related locations:
- (1) yaktime: src/record.test.ts:49:39:49:42
- (2) yaktime: src/record.test.ts:49:39:49:42
- (3) yaktime: src/record.test.ts:49:39:49:42
- (4) yaktime: src/record.test.ts:49:39:49:42
- (5) yaktime: src/record.test.ts:62:33:62:36
- (6) yaktime: src/record.test.ts:62:33:62:36
- (7) yaktime: src/record.test.ts:62:33:62:36
- (8) yaktime: src/record.test.ts:62:33:62:36
- orion.client: modules/orionode/lib/fileUtil.js:256:9:256:16
// */ //exports.rumRuff = function(dirpath, callback) { rimraf(dirpath, callback); //}; //
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- Related locations:
- juttle: test/adapters/http/test-server.js:86:46:86:63
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- Related locations:
- juttle: test/adapters/http/test-server.js:127:46:127:63
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- Related locations:
- juttle: test/adapters/http/test-server.js:200:46:200:63
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- This path depends on [a user-provided value](4).
- Related locations:
- manager: cloudify-stage/backend/node_modules/decompress/index.js:93:56:93:61
- This path depends on [a user-provided value](1).
- This path depends on [a user-provided value](2).
- This path depends on [a user-provided value](3).
- Related locations:
- ampersand: template/express/fakeApi.js:62:14:62:19 [true positive]
// var found = get(req.params.id); // res.status(found ? 200 : 404); res.send(found); //}; //
- Cross-site scripting vulnerability due to [user-provided value](1).
- Cross-site scripting vulnerability due to [user-provided value](2).
- Related locations:
- ampersand: template/express/fakeApi.js:69:14:69:19 [true positive]
// if (found) people = _.without(people, found); // res.status(found ? 200 : 404); res.send(found); //}; //
- Cross-site scripting vulnerability due to [user-provided value](1).
- Cross-site scripting vulnerability due to [user-provided value](2).
- Related locations:
- atom-elmjutsu: lib/hot-reloader.js:34:11:39:40 [true positive]
// const hotReloadingHost = atom.config.get('elmjutsu.hotReloadingHost'); // res.send( hotReloadingCode // .replace('HOST', hotReloadingHost) // .replace('PORT', this.server.address().port)
- Cross-site scripting vulnerability due to [user-provided value](1).
- Related locations:
- manager: cloudify-stage/backend/routes/SourceBrowser.js:25:58:25:65 [false positive due to analysis imprecision]
// next(err); // } else { res.contentType('application/text').send(content); // } // });
- Cross-site scripting vulnerability due to [user-provided value](1).
- Related locations:
- isomorphic-tutorial: lib/api.js:46:14:46:18 [true positive]
// var post = _.find(posts, function(p) { return p.id === id }); // if (post) { res.send(post); // } else { // res.send(404, {error: 'Not found.'});
- Cross-site scripting vulnerability due to [user-provided value](1).
- Related locations:
- ftd-web: lib/findthedude.js:491:43:491:86 [true positive]
// userIds.forEach( function( friendId ){ // var images = glob.sync( facesDirectory + "/" + friendId + "/*.jpeg" ); // if( images.length > 1 ){ // images.forEach( function( file ){
- This regular expression is constructed from a [user-provided value](1).
- Related locations:
- HEAD: src/webui/backend/lib/performances.js:27:37:27:63 [true positive]
// // for (let dir of dirs) { let subDirs = glob.sync(path.join(dir, '**', '*/')) // // for (let i = 0; i < subDirs.length; i++) {
- This regular expression is constructed from a [user-provided value](1).
- Related locations:
- HEAD: src/webui/backend/lib/performances.js:50:35:50:57 [true positive]
// if (fs.existsSync(p) && fs.lstatSync(p).isDirectory()) { // let performancePath = path.dirname(id), files = glob.sync(path.join(p, '*.yaml')).sort(naturalSort) // // performancePath = performancePath === '.' ? '' : performancePath
- This regular expression is constructed from a [user-provided value](1).
- This regular expression is constructed from a [user-provided value](2).
- This regular expression is constructed from a [user-provided value](3).
- This regular expression is constructed from a [user-provided value](4).
- This regular expression is constructed from a [user-provided value](5).
- Related locations:
- HEAD: src/webui/backend/lib/performances.js:102:31:102:59 [true positive]
// let ids = timelines.map(t => t.id), // deleteIds = _.pullAll( glob.sync(path.join(dir, id, '*.yaml')).map(f => path.relative(dir, f).replace(this.ext, '')), ids) // // deleteIds.forEach(function(id) {
- This regular expression is constructed from a [user-provided value](1).
- This regular expression is constructed from a [user-provided value](2).
- Related locations:
- goof: routes/index.js:64:22:64:26 [false positive due to spurious sink]
// time = time.replace(/\n$/, ''); // var period = hms(time); // // console.log('period: ' + period);
- This regular expression is constructed from a [user-provided value](1).
- Related locations:
- react-pwa-reference: src/application/server/statics.js:31:12:31:44
// // If a newer version exists, rewrite and serve that. // const urlMatch = req.url.replace(/[a-f0-9]+\./, '*.'); glob(settings.dist.baseDir + urlMatch, { // silent: true // }, (matchError, matches) => {
- This regular expression is constructed from a [user-provided value](1).
- Related locations:
- angularjs-periscope: periscope.js:138:15:138:71
//function removeImageAndGraphvisFiles(instanceId) { // if(instanceId) { glob.sync(IMAGES_DIR + '/' + instanceId + '_*' + IMAGE_FILE_SUFFIX) // .forEach(function(f) { fs.unlinkSync(f); }); // glob.sync(ARTIFACTS_DIR + '/' + instanceId + '_*' + GRAPHVIZ_FILE_SUFFIX)
- This regular expression is constructed from a [user-provided value](1).
- This regular expression is constructed from a [user-provided value](2).
- Related locations:
- angularjs-periscope: periscope.js:140:15:140:77
// glob.sync(IMAGES_DIR + '/' + instanceId + '_*' + IMAGE_FILE_SUFFIX) // .forEach(function(f) { fs.unlinkSync(f); }); glob.sync(ARTIFACTS_DIR + '/' + instanceId + '_*' + GRAPHVIZ_FILE_SUFFIX) // .forEach(function(f) { fs.unlinkSync(f); }); // } else {
- This regular expression is constructed from a [user-provided value](1).
- This regular expression is constructed from a [user-provided value](2).
- Related locations:
- angularjs-periscope: periscope.js:180:15:180:40
//function removeStateFiles(instanceId) { // if(instanceId) { glob.sync(stateFilename(instanceId)).forEach(function(f) { // fs.unlinkSync(f); }); // } else {
- This regular expression is constructed from a [user-provided value](1).
- Related locations:
- conduit: server/export/export.js:192:10:192:49
// */ //var deleteTemporaryFiles = function (fileName) { glob(fileName.replace(/\.[^/.]+$/, "") + '*', function(err, files) { // for(var i = 0; i < files.length; i++) { // (function(thisFile) {
- This regular expression is constructed from a [user-provided value](1).
- Related locations:
- intern: src/lib/node/util.ts:46:26:46:33
// // const allPaths = includes .map(pattern => glob(pattern, { ignore: excludes })) // .reduce((allFiles, files) => allFiles.concat(files), paths); // const uniquePaths: { [name: string]: boolean } = {};
- This regular expression is constructed from a [user-provided value](1).
- Related locations:
- webdrivercss-adminpanel: server/controllers/api.js:144:25:144:59
// } // return glob(projectPath + '/**/*.baseline.png', done); // }, // /**
- This regular expression is constructed from a [user-provided value](1).
- Related locations:
- traceur-compiler: test/modular/NodeTraceurTestRunner.js:26:14:26:21
- This regular expression is constructed from a [user-provided value](1).
- Related locations:
- hud-disaster-data: app/lib/middleware/localAPI.js:67:11:67:17 [true positive]
// _.each(argument, val => { // var arg = {} arg[column] = val // console.log(`applying arg: ${JSON.stringify(arg)}`) // compositeResult = _.concat(compositeResult, _.filter(result, arg))
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- hud-disaster-data: app/lib/middleware/localAPI.js:80:47:80:50 [true positive]
// result = _.map(result, rec => { // var retValue = {} _.forEach(selectCols, col => { retValue[col] = rec[col] }) // return retValue // })
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- hud-disaster-data: app/lib/middleware/localAPI.js:92:13:92:16 [true positive]
// var summary = {} // _.forEach(summaryCols, (col) => { summary[col] = _.sumBy(data, rec => rec[col]) // }) // if (_.indexOf(summaryCols, 'numberOfRecords') > -1) summary['numberOfRecords'] = numberOfRecords
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- communityservice: src/server/v1/query-parser.js:506:16:506:19 [true positive]
// return; // } formular[key] = context => { // if (_.isNil(context.deleted_epoch) || settings.options.includes('include-deleted')) { // return _.get(context, value);
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- communityservice: src/server/v1/query-parser.js:527:14:527:17 [true positive]
// } // // console.log(`subquery: ${subquery.querying}`); formular[key] = subquery.querying; // return; // });
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- new-website: apiServer.js:81:14:81:19
// }; // _.each(fields, function (field) { data[field] = library[field] || null; // }); //
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- new-website: apiServer.js:148:11:148:16
// if (fields && results.length > 0) { // _.each(fields, function (field) { ret[field] = results[0][field] || null; // }); //
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- old-website: api.js:44:9:44:14
// // _.each(fields, function(field){ data[field] = package[field] || null; // }); // return data;
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- iloveopensource: app/utils/git-request.js:85:23:85:27
// var url = section[0].replace(/<(.*)>/, '$1').trim().replace('https://api.github.com/', ''); // var name = section[1].replace(/rel="(.*)"/, '$1').trim().toLowerCase(); links[name] = url; // }); // }
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- scrapoxy: server/proxies/master/sanitize/index.js:33:13:33:16
// } // res[key] = val; // }); //
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- lightning: app/controllers/session.js:313:57:313:58
// _.each(req.body.data, function(d, i) { // if(i < viz.data[fieldName].length) { viz.data[fieldName][i] = viz.data[fieldName][i].concat(d); // } // });
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- orcinus: apis/service.js:17:26:17:31
// } // filters.filters.name[idSVC] = true; // utils.debug(filters) // req.app.locals.orcinus.listServices(filters,function (err, data) {
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- ophan-sparklines: app.js:60:15:60:18
// // _.each(query, function(val, key, query) { query[key] = _.isArray(val) ? val[0] : val; // }); //
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- ophan-sparklines: modules/sparks.js:87:36:87:37
// if (graph.data) { // _.each(s.data, function(d, i) { graph.data[i] = (graph.data[i] || 0) + d; // }); // } else {
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- balmung: lib/settings.js:101:18:101:21
// var set = function(values, name) { // _.each(values, function(value, key) { sets[name][key] = value; // }); // };
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- balmung: lib/settings.js:161:14:161:18
// } // if (file.$settings) { flat[name] = file.$settings; // } // });
- A [user-provided value](1) is used as a property name to write to.
- A [user-provided value](2) is used as a property name to write to.
- Related locations:
- balmung: lib/settings.js:226:22:226:26
// if (_.isObject(value)) { // if (_.isEmpty(value)) { delete obj[name]; // } else { // removeEmpties(value);
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- balmung: lib/settings.js:230:24:230:28
// removeEmpties(value); // if (_.isEmpty(value)) { delete obj[name]; // } // }
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- pump.io: test/lib/http.js:438:28:438:32
- A [user-provided value](1) is used as a header name.
- Related locations:
- ql.io: modules/console/test/test-post-encoded-body.js:88:39:88:50
- A [user-provided value](1) is used as a property name to write to.
- Related locations:
- (1) [ql.io: modules/console/test/test-post-encoded-body.js:80:50:80:55](https://github.com/ql-io/ql.io/blob/18991838d36e845fae18dcefa4f1d58f276014c4/modules/console/test/test-post-encoded-body. js#L80)
- firebase-tools: src/auth.js:167:37:167:59 [false positive due to analysis imprecision]
// var query = _.get(url.parse(req.url, true), "query", {}); // if (query.state === _nonce && _.isString(query.code)) { // return _getTokensFromAuthorizationCode(query.code, callbackUrl) // .then(function(result) {
- This condition guards a sensitive [action](1), but [a user-provided value](2) controls it.
- Related locations:
- verdaccio: src/lib/auth-utils.ts:248:9:248:26 [false positive due to analysis imprecision]
// const { scheme, token } = parseAuthTokenHeader(authorizationHeader); // if (_.isString(token) && scheme.toUpperCase() === TOKEN_BEARER.toUpperCase()) { // return verifyJWTPayload(token, secret); // }
- This condition guards a sensitive [action](1), but [a user-provided value](2) controls it.
- Related locations:
- nodewiki: static/socketio.js:102:46:102:63 [true positive]
// }); // } else { $('#content #markdown_content').html(data.fileContents); // rawMd = data.rawMd; // fileName = data.fileName;
- Cross-site scripting vulnerability due to [user-provided value](1).
- Related locations: