Skip to content

Instantly share code, notes, and snippets.

@prabhu

prabhu/nodegoat.sc

Created December 23, 2022 21:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save prabhu/5dddc06a9b8d87e056eb0aef57db9649 to your computer and use it in GitHub Desktop.
Save prabhu/5dddc06a9b8d87e056eb0aef57db9649 to your computer and use it in GitHub Desktop.
Download ZIP
Analyze NodeGoat using joern
Raw
nodegoat.sc
// git clone https://github.com/OWASP/NodeGoat
// Install joern
// importCode("NodeGoat")
val requestPattern =
"req\\.(originalUrl|path|protocol|route|secure|signedCookies|stale|subdomains|xhr|app|pipe|file|files|baseUrl|fresh|hostname|ip|url|ips|method|body|param|params|query|cookies)"
val taintSourcePattern = "(?s)(?i).*" + requestPattern + ".*"
val responsePattern =
"res\\.(append|attachment|cookie|clearCookie|download|end|format|get|json|jsonp|links|location|redirect|render|send|sendFile|sendStatus|set|status|type|vary)"
val taintXSSSinkPattern = "(?s)(?i).*" + responsePattern + ".*"
val taintHeaderSinkPattern = "(?s)(?i).*res\\.(set|writeHead|setHeader).*"
val taintDBSinkPattern = "(?s)(?i).*(db|dao|mongo|mongoclient).*"
def source=cpg.call.code(taintSourcePattern)
def xsssink=cpg.call.code(taintXSSSinkPattern)
xsssink.reachableByFlows(source).p
def headersink=cpg.call.code(taintHeaderSinkPattern)
headersink.reachableByFlows(source).p
def dbsink=cpg.call.code(taintDBSinkPattern)
dbsink.reachableByFlows(source).p
@prabhu
Copy link
Author

prabhu commented Dec 23, 2022 

joern> xsssink.reachableByFlows(source).p
res84: List[String] = List(
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.aft... | 33        | anonymous1 | app/routes/contributions.js |
| Call       | eval(req.body.aft... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier | const afterTax = ... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(afterTax)      | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | afterTax < 0         | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """_______________________________________________________________________________
| nodeType| tracked              | lineNumber| method    | file                |
|==============================================================================|
| Call    | res.redirect(req.... | 74        | anonymous | app/routes/index.js |
| Call    | res.redirect(req.... | 74        | anonymous | app/routes/index.js |
""",
  """_________________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                   |
|================================================================================|
| Call    | function Benefits... | 8         | :program | app/routes/benefits.js |
""",
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.pre... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier | const preTax = ev... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(preTax)        | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | preTax < 0           | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.roth)  | 34        | anonymous1 | app/routes/contributions.js |
| Call       | eval(req.body.roth)  | 34        | anonymous1 | app/routes/contributions.js |
| Identifier | const roth = eval... | 34        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(roth)          | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | roth < 0             | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """______________________________________________________________________________________
| nodeType| tracked              | lineNumber| method         | file                  |
|=====================================================================================|
| Call    | this.handleSignup... | 183       | SessionHandler | app/routes/session.js |
""",
  """_______________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method    | file                      |
|==============================================================================================|
| Call              | _tmp_1 = req.params  | 18        | anonymous | app/routes/allocations.js |
| Identifier        | _tmp_1 = req.params  | 16        | anonymous | app/routes/allocations.js |
| Call              | userId = _tmp_1.u... | 17        | anonymous | app/routes/allocations.js |
| Identifier        | userId = _tmp_1.u... | 17        | anonymous | app/routes/allocations.js |
| Identifier        | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
| Identifier        | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
| MethodParameterIn | anonymous(this, e... | 23        | anonymous | app/routes/allocations.js |
| Identifier        | _tmp_3.allocation... | 27        | anonymous | app/routes/allocations.js |
| Call              | _tmp_3.allocation... | 27        | anonymous | app/routes/allocations.js |
| Block             | _tmp_3               | 25        | anonymous | app/routes/allocations.js |
| Identifier        | res.render("alloc... | 25        | anonymous | app/routes/allocations.js |
| Call              | res.render("alloc... | 25        | anonymous | app/routes/allocations.js |
""",
  """_________________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                   |
|================================================================================|
| Call    | function Research... | 7         | :program | app/routes/research.js |
""",
  """______________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                   |
|=====================================================================================|
| Call       | _tmp_3 = req.body    | 33        | anonymous1 | app/routes/benefits.js |
| Identifier | _tmp_3 = req.body    | 30        | anonymous1 | app/routes/benefits.js |
| Call       | benefitStartDate ... | 32        | anonymous1 | app/routes/benefits.js |
| Identifier | benefitStartDate ... | 32        | anonymous1 | app/routes/benefits.js |
| Identifier | benefitsDAO.updat... | 35        | anonymous1 | app/routes/benefits.js |
| Identifier | benefitsDAO.updat... | 35        | anonymous1 | app/routes/benefits.js |
| Call       | benefitsDAO.updat... | 35        | anonymous1 | app/routes/benefits.js |
""",
  """______________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                |
|=============================================================================|
| Call    | const index = (ap... | 13        | :program | app/routes/index.js |
""",
  """____________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method    | file                   |
|===========================================================================================|
| Call              | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Identifier        | const url = req.q... | 15        | anonymous | app/routes/research.js |
| Identifier        | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| Identifier        | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| MethodParameterIn | anonymous(this, e... | 16        | anonymous | app/routes/research.js |
| Identifier        | res.write(body)      | 25        | anonymous | app/routes/research.js |
| Identifier        | res.write(body)      | 25        | anonymous | app/routes/research.js |
| Identifier        | res.end()            | 27        | anonymous | app/routes/research.js |
| Call              | res.end()            | 27        | anonymous | app/routes/research.js |
""",
  """____________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method    | file                   |
|===========================================================================================|
| Call              | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Call              | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Identifier        | const url = req.q... | 15        | anonymous | app/routes/research.js |
| Identifier        | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| Identifier        | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| MethodParameterIn | anonymous(this, e... | 16        | anonymous | app/routes/research.js |
| Identifier        | res.write(body)      | 25        | anonymous | app/routes/research.js |
| Identifier        | res.write(body)      | 25        | anonymous | app/routes/research.js |
| Identifier        | res.end()            | 27        | anonymous | app/routes/research.js |
| Call              | res.end()            | 27        | anonymous | app/routes/research.js |
""",
  """________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method    | file                      |
|=======================================================================================|
| Call       | _tmp_2 = req.query   | 21        | anonymous | app/routes/allocations.js |
| Identifier | _tmp_2 = req.query   | 19        | anonymous | app/routes/allocations.js |
| Call       | threshold = _tmp_... | 20        | anonymous | app/routes/allocations.js |
| Identifier | threshold = _tmp_... | 20        | anonymous | app/routes/allocations.js |
| Identifier | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
| Identifier | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
| Call       | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
""",
  """____________________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                      |
|===================================================================================|
| Call    | function Allocati... | 6         | :program | app/routes/allocations.js |
""",
  """_______________________________________________________________________________
| nodeType| tracked              | lineNumber| method    | file                |
|==============================================================================|
| Call    | res.redirect(req.... | 74        | anonymous | app/routes/index.js |
""",
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.pre... | 32        | anonymous1 | app/routes/contributions.js |
| Call       | eval(req.body.pre... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier | const preTax = ev... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(preTax)        | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | preTax < 0           | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """__________________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method     | file                        |
|=================================================================================================|
| Call              | eval(req.body.roth)  | 34        | anonymous1 | app/routes/contributions.js |
| Call              | eval(req.body.roth)  | 34        | anonymous1 | app/routes/contributions.js |
| Identifier        | const roth = eval... | 34        | anonymous1 | app/routes/contributions.js |
| Identifier        | isNaN(roth)          | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | roth < 0             | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| MethodParameterIn | anonymous1(this, ... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Block             | _tmp_7               | 70        | anonymous1 | app/routes/contributions.js |
| Identifier        | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
| Call              | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
""",
  """_____________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method    | file                   |
|====================================================================================|
| Call       | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Identifier | const url = req.q... | 15        | anonymous | app/routes/research.js |
| Identifier | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| Call       | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
""",
  """______________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                |
|=============================================================================|
| Call    | function MemosHan... | 6         | :program | app/routes/memos.js |
""",
  """______________________________________________________________________________________________
| nodeType| tracked              | lineNumber| method             | file                      |
|=============================================================================================|
| Call    | this.displayAlloc... | 11        | AllocationsHandler | app/routes/allocations.js |
""",
  """_______________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method    | file                      |
|==============================================================================================|
| Call              | _tmp_2 = req.query   | 21        | anonymous | app/routes/allocations.js |
| Identifier        | _tmp_2 = req.query   | 19        | anonymous | app/routes/allocations.js |
| Call              | threshold = _tmp_... | 20        | anonymous | app/routes/allocations.js |
| Identifier        | threshold = _tmp_... | 20        | anonymous | app/routes/allocations.js |
| Identifier        | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
| Identifier        | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
| Identifier        | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
| MethodParameterIn | anonymous(this, e... | 23        | anonymous | app/routes/allocations.js |
| Identifier        | _tmp_3.allocation... | 27        | anonymous | app/routes/allocations.js |
| Call              | _tmp_3.allocation... | 27        | anonymous | app/routes/allocations.js |
| Block             | _tmp_3               | 25        | anonymous | app/routes/allocations.js |
| Identifier        | res.render("alloc... | 25        | anonymous | app/routes/allocations.js |
| Call              | res.render("alloc... | 25        | anonymous | app/routes/allocations.js |
""",
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.roth)  | 34        | anonymous1 | app/routes/contributions.js |
| Identifier | const roth = eval... | 34        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(roth)          | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | roth < 0             | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """______________________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                        |
|=====================================================================================|
| Call    | function Contribu... | 7         | :program | app/routes/contributions.js |
""",
  """___________________________________________________________________________
| nodeType| tracked              | lineNumber| method| file                |
|==========================================================================|
| Call    | app.get("/learn",... | 72        | index | app/routes/index.js |
""",
  """________________________________________________________________________________________
| nodeType| tracked              | lineNumber| method          | file                   |
|=======================================================================================|
| Call    | this.updateBenefi... | 29        | BenefitsHandler | app/routes/benefits.js |
""",
  """__________________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method     | file                        |
|=================================================================================================|
| Call              | eval(req.body.roth)  | 34        | anonymous1 | app/routes/contributions.js |
| Identifier        | const roth = eval... | 34        | anonymous1 | app/routes/contributions.js |
| Identifier        | isNaN(roth)          | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | roth < 0             | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| MethodParameterIn | anonymous1(this, ... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Block             | _tmp_7               | 70        | anonymous1 | app/routes/contributions.js |
| Identifier        | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
| Call              | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
""",
  """________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method    | file                      |
|=======================================================================================|
| Call       | _tmp_1 = req.params  | 18        | anonymous | app/routes/allocations.js |
| Identifier | _tmp_1 = req.params  | 16        | anonymous | app/routes/allocations.js |
| Call       | userId = _tmp_1.u... | 17        | anonymous | app/routes/allocations.js |
| Identifier | userId = _tmp_1.u... | 17        | anonymous | app/routes/allocations.js |
| Identifier | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
| Call       | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
""",
  """__________________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method     | file                        |
|=================================================================================================|
| Call              | eval(req.body.aft... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier        | const afterTax = ... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier        | isNaN(afterTax)      | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | afterTax < 0         | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| MethodParameterIn | anonymous1(this, ... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Block             | _tmp_7               | 70        | anonymous1 | app/routes/contributions.js |
| Identifier        | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
| Call              | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
""",
  """_____________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method    | file                   |
|====================================================================================|
| Call       | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Call       | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Identifier | const url = req.q... | 15        | anonymous | app/routes/research.js |
| Identifier | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| Call       | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
""",
  """____________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method    | file                   |
|===========================================================================================|
| Call              | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Call              | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Identifier        | const url = req.q... | 15        | anonymous | app/routes/research.js |
| Identifier        | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| Identifier        | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| MethodParameterIn | anonymous(this, e... | 16        | anonymous | app/routes/research.js |
| Identifier        | res.write(body)      | 25        | anonymous | app/routes/research.js |
| Identifier        | res.write(body)      | 25        | anonymous | app/routes/research.js |
| Identifier        | res.end()            | 27        | anonymous | app/routes/research.js |
| Call              | res.end()            | 27        | anonymous | app/routes/research.js |
""",
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.aft... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier | const afterTax = ... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(afterTax)      | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | afterTax < 0         | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """_____________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method    | file                   |
|====================================================================================|
| Call       | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Call       | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Identifier | const url = req.q... | 15        | anonymous | app/routes/research.js |
| Identifier | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| Call       | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
""",
  """____________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method     | file                  |
|===========================================================================================|
| Call              | _tmp_4 = req.body    | 50        | anonymous1 | app/routes/profile.js |
| Identifier        | _tmp_4 = req.body    | 42        | anonymous1 | app/routes/profile.js |
| Call              | ssn = _tmp_4.ssn     | 45        | anonymous1 | app/routes/profile.js |
| Identifier        | ssn = _tmp_4.ssn     | 45        | anonymous1 | app/routes/profile.js |
| Identifier        | profile.updateUse... | 86        | anonymous1 | app/routes/profile.js |
| Identifier        | profile.updateUse... | 88        | anonymous1 | app/routes/profile.js |
| Identifier        | profile.updateUse... | 85        | anonymous1 | app/routes/profile.js |
| Identifier        | profile.updateUse... | 89        | anonymous1 | app/routes/profile.js |
| Identifier        | profile.updateUse... | 87        | anonymous1 | app/routes/profile.js |
| Identifier        | profile.updateUse... | 90        | anonymous1 | app/routes/profile.js |
| Identifier        | profile.updateUse... | 84        | anonymous1 | app/routes/profile.js |
| Identifier        | profile.updateUse... | 82        | anonymous1 | app/routes/profile.js |
| MethodParameterIn | anonymous(this, e... | 91        | anonymous  | app/routes/profile.js |
| Identifier        | ...user              | 101       | anonymous  | app/routes/profile.js |
| Identifier        | ...user              | 101       | anonymous  | app/routes/profile.js |
| Block             | _tmp_7               | 100       | anonymous  | app/routes/profile.js |
| Identifier        | res.render("profi... | 100       | anonymous  | app/routes/profile.js |
| Call              | res.render("profi... | 100       | anonymous  | app/routes/profile.js |
""",
  """_________________________________________________________________________________________________
| nodeType           | tracked              | lineNumber| method         | file                  |
|================================================================================================|
| Call               | _tmp_8 = req.body    | 192       | anonymous8     | app/routes/session.js |
| Identifier         | _tmp_8 = req.body    | 185       | anonymous8     | app/routes/session.js |
| Call               | userName = _tmp_8... | 187       | anonymous8     | app/routes/session.js |
| Identifier         | userName = _tmp_8... | 187       | anonymous8     | app/routes/session.js |
| Identifier         | validateSignup(us... | 200       | anonymous8     | app/routes/session.js |
| MethodParameterIn  | validateSignup(th... | 132       | validateSignup | app/routes/session.js |
| Identifier         | USER_RE.test(user... | 153       | validateSignup | app/routes/session.js |
| MethodParameterOut | RET                  | 132       | validateSignup | app/routes/session.js |
| Identifier         | validateSignup(us... | 200       | anonymous8     | app/routes/session.js |
| Identifier         | userDAO.getUserBy... | 202       | anonymous8     | app/routes/session.js |
| Call               | userDAO.getUserBy... | 202       | anonymous8     | app/routes/session.js |
""",
  """__________________________________________________________________________________________________
| nodeType| tracked              | lineNumber| method               | file                        |
|=================================================================================================|
| Call    | this.handleContri... | 28        | ContributionsHandler | app/routes/contributions.js |
""",
  """__________________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method     | file                        |
|=================================================================================================|
| Call              | eval(req.body.pre... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier        | const preTax = ev... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier        | isNaN(preTax)        | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | preTax < 0           | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| MethodParameterIn | anonymous1(this, ... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Block             | _tmp_7               | 70        | anonymous1 | app/routes/contributions.js |
| Identifier        | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
| Call              | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
""",
  """___________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                |
|==================================================================================|
| Call       | _tmp_9 = req.params  | 87        | anonymous2 | app/routes/index.js |
| Identifier | _tmp_9 = req.params  | 85        | anonymous2 | app/routes/index.js |
| Call       | page = _tmp_9.page   | 86        | anonymous2 | app/routes/index.js |
| Identifier | page = _tmp_9.page   | 86        | anonymous2 | app/routes/index.js |
| Identifier | __Runtime.TO_STRI... | 88        | anonymous2 | app/routes/index.js |
| Call       | __Runtime.TO_STRI... | 88        | anonymous2 | app/routes/index.js |
| Call       | res.render(`tutor... | 88        | anonymous2 | app/routes/index.js |
""",
  """_____________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                  |
|====================================================================================|
| Call       | _tmp_4 = req.body    | 50        | anonymous1 | app/routes/profile.js |
| Identifier | _tmp_4 = req.body    | 42        | anonymous1 | app/routes/profile.js |
| Call       | ssn = _tmp_4.ssn     | 45        | anonymous1 | app/routes/profile.js |
| Identifier | ssn = _tmp_4.ssn     | 45        | anonymous1 | app/routes/profile.js |
| Identifier | profile.updateUse... | 86        | anonymous1 | app/routes/profile.js |
| Identifier | profile.updateUse... | 82        | anonymous1 | app/routes/profile.js |
| Identifier | profile.updateUse... | 88        | anonymous1 | app/routes/profile.js |
| Identifier | profile.updateUse... | 85        | anonymous1 | app/routes/profile.js |
| Identifier | profile.updateUse... | 89        | anonymous1 | app/routes/profile.js |
| Identifier | profile.updateUse... | 87        | anonymous1 | app/routes/profile.js |
| Identifier | profile.updateUse... | 90        | anonymous1 | app/routes/profile.js |
| Identifier | profile.updateUse... | 84        | anonymous1 | app/routes/profile.js |
| Call       | profile.updateUse... | 82        | anonymous1 | app/routes/profile.js |
""",
  """_________________________________________________________________________________________________
| nodeType           | tracked              | lineNumber| method         | file                  |
|================================================================================================|
| Call               | _tmp_8 = req.body    | 192       | anonymous8     | app/routes/session.js |
| Identifier         | _tmp_8 = req.body    | 185       | anonymous8     | app/routes/session.js |
| Call               | email = _tmp_8.email | 186       | anonymous8     | app/routes/session.js |
| Identifier         | email = _tmp_8.email | 186       | anonymous8     | app/routes/session.js |
| Identifier         | _tmp_9.email = email | 197       | anonymous8     | app/routes/session.js |
| Call               | _tmp_9.email = email | 197       | anonymous8     | app/routes/session.js |
| Block              | _tmp_9               | 195       | anonymous8     | app/routes/session.js |
| Identifier         | const errors = { ... | 195       | anonymous8     | app/routes/session.js |
| Identifier         | validateSignup(us... | 200       | anonymous8     | app/routes/session.js |
| MethodParameterIn  | validateSignup(th... | 132       | validateSignup | app/routes/session.js |
| MethodParameterOut | RET                  | 132       | validateSignup | app/routes/session.js |
| Identifier         | validateSignup(us... | 200       | anonymous8     | app/routes/session.js |
| Identifier         | ...errors            | 244       | anonymous8     | app/routes/session.js |
| Identifier         | ...errors            | 244       | anonymous8     | app/routes/session.js |
| Block              | _tmp_13              | 243       | anonymous8     | app/routes/session.js |
| Identifier         | res.render("signu... | 243       | anonymous8     | app/routes/session.js |
| Call               | res.render("signu... | 243       | anonymous8     | app/routes/session.js |
""",
  """_____________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                  |
|====================================================================================|
| Call       | _tmp_4 = req.body    | 50        | anonymous1 | app/routes/profile.js |
| Identifier | _tmp_4 = req.body    | 42        | anonymous1 | app/routes/profile.js |
| Call       | firstName = _tmp_... | 43        | anonymous1 | app/routes/profile.js |
| Identifier | firstName = _tmp_... | 43        | anonymous1 | app/routes/profile.js |
| Identifier | const firstNameSa... | 64        | anonymous1 | app/routes/profile.js |
| Identifier | const firstNameSa... | 64        | anonymous1 | app/routes/profile.js |
| Identifier | _tmp_5.firstNameS... | 67        | anonymous1 | app/routes/profile.js |
| Call       | _tmp_5.firstNameS... | 67        | anonymous1 | app/routes/profile.js |
| Block      | _tmp_5               | 65        | anonymous1 | app/routes/profile.js |
| Identifier | res.render("profi... | 65        | anonymous1 | app/routes/profile.js |
| Call       | res.render("profi... | 65        | anonymous1 | app/routes/profile.js |
""",
  """__________________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method     | file                        |
|=================================================================================================|
| Call              | eval(req.body.aft... | 33        | anonymous1 | app/routes/contributions.js |
| Call              | eval(req.body.aft... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier        | const afterTax = ... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier        | isNaN(afterTax)      | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | afterTax < 0         | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| MethodParameterIn | anonymous1(this, ... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Block             | _tmp_7               | 70        | anonymous1 | app/routes/contributions.js |
| Identifier        | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
| Call              | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
""",
  """__________________________________________________________________________________________________
| nodeType          | tracked              | lineNumber| method     | file                        |
|=================================================================================================|
| Call              | eval(req.body.pre... | 32        | anonymous1 | app/routes/contributions.js |
| Call              | eval(req.body.pre... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier        | const preTax = ev... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier        | isNaN(preTax)        | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | preTax < 0           | 47        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| MethodParameterIn | anonymous1(this, ... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Identifier        | ...contributions     | 71        | anonymous1 | app/routes/contributions.js |
| Block             | _tmp_7               | 70        | anonymous1 | app/routes/contributions.js |
| Identifier        | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
| Call              | res.render("contr... | 70        | anonymous1 | app/routes/contributions.js |
""",
  """___________________________________________________________________________
| nodeType| tracked              | lineNumber| method| file                |
|==========================================================================|
| Call    | app.get("/tutoria... | 84        | index | app/routes/index.js |
""",
  """________________________________________________________________________________________
| nodeType| tracked              | lineNumber| method          | file                   |
|=======================================================================================|
| Call    | this.displayResea... | 12        | ResearchHandler | app/routes/research.js |
"""
)

joern> def headersink=cpg.call.code(taintHeaderSinkPattern)
defined function headersink

joern> headersink.reachableByFlows(source).p
res86: List[String] = List(
  """_____________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method    | file                   |
|====================================================================================|
| Call       | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Identifier | const url = req.q... | 15        | anonymous | app/routes/research.js |
| Identifier | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| Call       | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
""",
  """_____________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method    | file                   |
|====================================================================================|
| Call       | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Call       | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Identifier | const url = req.q... | 15        | anonymous | app/routes/research.js |
| Identifier | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| Call       | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
""",
  """_________________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                   |
|================================================================================|
| Call    | function Research... | 7         | :program | app/routes/research.js |
""",
  """_____________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method    | file                   |
|====================================================================================|
| Call       | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Call       | req.query.url + r... | 15        | anonymous | app/routes/research.js |
| Identifier | const url = req.q... | 15        | anonymous | app/routes/research.js |
| Identifier | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
| Call       | needle.get(url, (... | 16        | anonymous | app/routes/research.js |
""",
  """________________________________________________________________________________________
| nodeType| tracked              | lineNumber| method          | file                   |
|=======================================================================================|
| Call    | this.displayResea... | 12        | ResearchHandler | app/routes/research.js |
"""
)

joern> def dbsink=cpg.call.code(taintDBSinkPattern)
defined function dbsink

joern> dbsink.reachableByFlows(source).p
res88: List[String] = List(
  """____________________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                      |
|===================================================================================|
| Call    | function Allocati... | 6         | :program | app/routes/allocations.js |
""",
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.aft... | 33        | anonymous1 | app/routes/contributions.js |
| Call       | eval(req.body.aft... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier | const afterTax = ... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(afterTax)      | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | afterTax < 0         | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.pre... | 32        | anonymous1 | app/routes/contributions.js |
| Call       | eval(req.body.pre... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier | const preTax = ev... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(preTax)        | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | preTax < 0           | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """______________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                |
|=============================================================================|
| Call    | function MemosHan... | 6         | :program | app/routes/memos.js |
""",
  """_________________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                   |
|================================================================================|
| Call    | function Benefits... | 8         | :program | app/routes/benefits.js |
""",
  """________________________________________________________________________________________
| nodeType| tracked              | lineNumber| method          | file                   |
|=======================================================================================|
| Call    | this.updateBenefi... | 29        | BenefitsHandler | app/routes/benefits.js |
""",
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.pre... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier | const preTax = ev... | 32        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(preTax)        | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | preTax < 0           | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.roth)  | 34        | anonymous1 | app/routes/contributions.js |
| Call       | eval(req.body.roth)  | 34        | anonymous1 | app/routes/contributions.js |
| Identifier | const roth = eval... | 34        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(roth)          | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | roth < 0             | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """_______________________________________________________________________________
| nodeType| tracked              | lineNumber| method    | file                |
|==============================================================================|
| Call    | memosDAO.insert(r... | 13        | anonymous | app/routes/memos.js |
""",
  """______________________________________________________________________________________
| nodeType| tracked              | lineNumber| method         | file                  |
|=====================================================================================|
| Call    | this.handleSignup... | 183       | SessionHandler | app/routes/session.js |
""",
  """_________________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                   |
|================================================================================|
| Call    | function Research... | 7         | :program | app/routes/research.js |
""",
  """______________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                   |
|=====================================================================================|
| Call       | _tmp_3 = req.body    | 33        | anonymous1 | app/routes/benefits.js |
| Identifier | _tmp_3 = req.body    | 30        | anonymous1 | app/routes/benefits.js |
| Call       | benefitStartDate ... | 32        | anonymous1 | app/routes/benefits.js |
| Identifier | benefitStartDate ... | 32        | anonymous1 | app/routes/benefits.js |
| Identifier | benefitsDAO.updat... | 35        | anonymous1 | app/routes/benefits.js |
| Identifier | benefitsDAO.updat... | 35        | anonymous1 | app/routes/benefits.js |
| Call       | benefitsDAO.updat... | 35        | anonymous1 | app/routes/benefits.js |
""",
  """______________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                |
|=============================================================================|
| Call    | const index = (ap... | 13        | :program | app/routes/index.js |
""",
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.aft... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier | const afterTax = ... | 33        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(afterTax)      | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | afterTax < 0         | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """_________________________________________________________________________________________________
| nodeType           | tracked              | lineNumber| method         | file                  |
|================================================================================================|
| Call               | _tmp_8 = req.body    | 192       | anonymous8     | app/routes/session.js |
| Identifier         | _tmp_8 = req.body    | 185       | anonymous8     | app/routes/session.js |
| Call               | userName = _tmp_8... | 187       | anonymous8     | app/routes/session.js |
| Identifier         | userName = _tmp_8... | 187       | anonymous8     | app/routes/session.js |
| Identifier         | validateSignup(us... | 200       | anonymous8     | app/routes/session.js |
| MethodParameterIn  | validateSignup(th... | 132       | validateSignup | app/routes/session.js |
| Identifier         | USER_RE.test(user... | 153       | validateSignup | app/routes/session.js |
| MethodParameterOut | RET                  | 132       | validateSignup | app/routes/session.js |
| Identifier         | validateSignup(us... | 200       | anonymous8     | app/routes/session.js |
| Identifier         | userDAO.getUserBy... | 202       | anonymous8     | app/routes/session.js |
| Call               | userDAO.getUserBy... | 202       | anonymous8     | app/routes/session.js |
""",
  """_______________________________________________________________________________
| nodeType| tracked              | lineNumber| method    | file                |
|==============================================================================|
| Call    | memosDAO.insert(r... | 13        | anonymous | app/routes/memos.js |
| Call    | memosDAO.insert(r... | 13        | anonymous | app/routes/memos.js |
""",
  """________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method    | file                      |
|=======================================================================================|
| Call       | _tmp_2 = req.query   | 21        | anonymous | app/routes/allocations.js |
| Identifier | _tmp_2 = req.query   | 19        | anonymous | app/routes/allocations.js |
| Call       | threshold = _tmp_... | 20        | anonymous | app/routes/allocations.js |
| Identifier | threshold = _tmp_... | 20        | anonymous | app/routes/allocations.js |
| Identifier | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
| Identifier | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
| Call       | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
""",
  """______________________________________________________________________________________
| nodeType| tracked              | lineNumber| method         | file                  |
|=====================================================================================|
| Call    | this.handleLoginR... | 51        | SessionHandler | app/routes/session.js |
""",
  """______________________________________________________________________________________________
| nodeType| tracked              | lineNumber| method             | file                      |
|=============================================================================================|
| Call    | this.displayAlloc... | 11        | AllocationsHandler | app/routes/allocations.js |
""",
  """___________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                        |
|==========================================================================================|
| Call       | eval(req.body.roth)  | 34        | anonymous1 | app/routes/contributions.js |
| Identifier | const roth = eval... | 34        | anonymous1 | app/routes/contributions.js |
| Identifier | isNaN(roth)          | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | roth < 0             | 47        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Identifier | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
| Call       | contributionsDAO.... | 65        | anonymous1 | app/routes/contributions.js |
""",
  """______________________________________________________________________________________
| nodeType| tracked              | lineNumber| method   | file                        |
|=====================================================================================|
| Call    | function Contribu... | 7         | :program | app/routes/contributions.js |
""",
  """__________________________________________________________________________________
| nodeType| tracked              | lineNumber| method       | file                |
|=================================================================================|
| Call    | this.addMemos = (... | 11        | MemosHandler | app/routes/memos.js |
""",
  """________________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method    | file                      |
|=======================================================================================|
| Call       | _tmp_1 = req.params  | 18        | anonymous | app/routes/allocations.js |
| Identifier | _tmp_1 = req.params  | 16        | anonymous | app/routes/allocations.js |
| Call       | userId = _tmp_1.u... | 17        | anonymous | app/routes/allocations.js |
| Identifier | userId = _tmp_1.u... | 17        | anonymous | app/routes/allocations.js |
| Identifier | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
| Call       | allocationsDAO.ge... | 23        | anonymous | app/routes/allocations.js |
""",
  """_____________________________________________________________________________________
| nodeType   | tracked              | lineNumber| method     | file                  |
|====================================================================================|
| Call       | _tmp_3 = req.body    | 55        | anonymous4 | app/routes/session.js |
| Identifier | _tmp_3 = req.body    | 52        | anonymous4 | app/routes/session.js |
| Call       | password = _tmp_3... | 54        | anonymous4 | app/routes/session.js |
| Identifier | password = _tmp_3... | 54        | anonymous4 | app/routes/session.js |
| Identifier | userDAO.validateL... | 56        | anonymous4 | app/routes/session.js |
| Identifier | userDAO.validateL... | 56        | anonymous4 | app/routes/session.js |
| Call       | userDAO.validateL... | 56        | anonymous4 | app/routes/session.js |
"""
)

joern>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment